diff --git a/drivers/85def55323cfc4a04a270127a20f4d2c.bin b/drivers/85def55323cfc4a04a270127a20f4d2c.bin
new file mode 100644
index 000000000..ee7e85226
--- /dev/null
+++ b/drivers/85def55323cfc4a04a270127a20f4d2c.bin
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2ba404c50684d59b701959a1732617dec6a6a25c8005294c0d2b3822b38479a4
+size 39000
diff --git a/drivers/a87587ee2f2281297f24bbd96902faa5.bin b/drivers/a87587ee2f2281297f24bbd96902faa5.bin
new file mode 100644
index 000000000..fd02269af
--- /dev/null
+++ b/drivers/a87587ee2f2281297f24bbd96902faa5.bin
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:078e7fb479ad6f0734682d41a17d41518de35bf4f6c5c212643b7d37e641041e
+size 223328
diff --git a/drivers/b4eaacce30f51eaf2a36cea680b45a66.bin b/drivers/b4eaacce30f51eaf2a36cea680b45a66.bin
new file mode 100644
index 000000000..0fa79925c
--- /dev/null
+++ b/drivers/b4eaacce30f51eaf2a36cea680b45a66.bin
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:15e84d040c2756b2d1b6c3f99d5a1079dc8854844d3c24d740fafd8c668e5fb9
+size 63640
diff --git a/yaml/bd9f084e-b235-4978-bf2a-5f1dc02937df.yaml b/yaml/bd9f084e-b235-4978-bf2a-5f1dc02937df.yaml
index 0f030ae8c..6f8a54ed8 100644
--- a/yaml/bd9f084e-b235-4978-bf2a-5f1dc02937df.yaml
+++ b/yaml/bd9f084e-b235-4978-bf2a-5f1dc02937df.yaml
@@ -20,25 +20,247 @@ Acknowledgement:
   Person: ''
   Handle: ''
 KnownVulnerableSamples:
-- Filename: TfSysMon.sys
-  MD5: 761f2e2b759389a472bd3d94141742b9
-  SHA1: c881f43c7fe94a6f056a84da8e9a32fe56d8dd9c
-  SHA256: 1c1a4ca2cbac9fe5954763a20aeb82da9b10d028824f42fff071503dcbe15856
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: PC Tools
-  Description: ThreatFire System Monitor
-  Product: ThreatFire
-  ProductVersion: 4.6.0.26
-  FileVersion: 4.10.2.1
-  MachineType: AMD64
-  OriginalFilename: TfSysMon.sys
+-   Filename: TfSysMon.sys
+    MD5: 761f2e2b759389a472bd3d94141742b9
+    SHA1: c881f43c7fe94a6f056a84da8e9a32fe56d8dd9c
+    SHA256: 1c1a4ca2cbac9fe5954763a20aeb82da9b10d028824f42fff071503dcbe15856
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: PC Tools
+    Description: ThreatFire System Monitor
+    Product: ThreatFire
+    ProductVersion: 4.6.0.26
+    FileVersion: 4.10.2.1
+    MachineType: AMD64
+    OriginalFilename: TfSysMon.sys
+    Imphash: 9e7c36ff0dc8862002283773ace05f9e
+    Authentihash:
+        MD5: bf20ffaec0c931ba26ba3b4fa1168b8a
+        SHA1: 4e572da2a16b1588b2140f6739dc1dbd82cc1292
+        SHA256: 39f5d351878f7216a69d0330c40e5b2793c6d4d3ee72f0673cf7555ea9dbe86a
+    RichPEHeaderHash:
+        MD5: 7401835ee57bfad89c8355b1bd87ef20
+        SHA1: 5467c4177559d5b83ce52dd4c8f1366c7ad5ca20
+        SHA256: b40447d856fa680f34064911a1f0285f58dac4ec40e90b306c546ce11615a005
+    Sections:
+        .text:
+            Entropy: 6.326690300828168
+            Virtual Size: '0xa0b8'
+        .rdata:
+            Entropy: 5.328583885941854
+            Virtual Size: '0xca0'
+        .data:
+            Entropy: 0.6238885848006501
+            Virtual Size: '0x7e0'
+        .pdata:
+            Entropy: 4.439637717036265
+            Virtual Size: '0x480'
+        INIT:
+            Entropy: 5.125170195862425
+            Virtual Size: '0xcc4'
+        .rsrc:
+            Entropy: 3.2918275791152984
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 1.2636865525783176
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-02-01 12:16:19'
+    InternalName: TfSysMon
+    Copyright: "Copyright \xA9 2005-2009 PC Tools. All Rights Reserved."
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - PsLookupProcessByProcessId
+    - RtlDowncaseUnicodeString
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ZwQuerySystemInformation
+    - KeReleaseSpinLock
+    - KeUnstackDetachProcess
+    - KeInitializeTimer
+    - PsCreateSystemThread
+    - DbgBreakPoint
+    - ZwQueryValueKey
+    - ExAllocatePool
+    - ExInterlockedInsertTailList
+    - PsTerminateSystemThread
+    - KeQueryTimeIncrement
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - KeSetTimer
+    - PsGetVersion
+    - ExInterlockedRemoveHeadList
+    - ZwQueryInformationProcess
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - KeCancelTimer
+    - ZwQueryInformationFile
+    - KeWaitForMultipleObjects
+    - RtlUpcaseUnicodeChar
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - ExReleaseFastMutex
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - IoFreeWorkItem
+    - RtlInitAnsiString
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - PsSetCreateProcessNotifyRoutine
+    - RtlEqualUnicodeString
+    - RtlFreeUnicodeString
+    - IoAllocateWorkItem
+    - ZwOpenProcess
+    - RtlCompareMemory
+    - FsRtlDissectName
+    - PsGetCurrentThreadId
+    - IoQueueWorkItem
+    - ExAcquireResourceExclusiveLite
+    - KeLeaveCriticalRegion
+    - RtlAppendUnicodeToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlDeleteNoSplay
+    - KeEnterCriticalRegion
+    - ObQueryNameString
+    - ExReleaseResourceLite
+    - ZwEnumerateValueKey
+    - RtlAppendUnicodeStringToString
+    - RtlCompareUnicodeString
+    - RtlCopyUnicodeString
+    - ExInitializeResourceLite
+    - ZwDeleteKey
+    - RtlSplay
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteDevice
+    - IoGetDeviceObjectPointer
+    - InitSafeBootMode
+    - IofCompleteRequest
+    - IoGetRequestorProcessId
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - IoCreateDevice
+    - ZwTerminateProcess
+    - IofCallDriver
+    - ZwOpenThread
+    - RtlDeleteElementGenericTableAvl
+    - RtlInsertElementGenericTableAvl
+    - ZwReadFile
+    - RtlGetElementGenericTableAvl
+    - IoCreateFile
+    - RtlIsGenericTableEmptyAvl
+    - ExAcquireResourceSharedLite
+    - RtlInitializeGenericTableAvl
+    - RtlUnicodeStringToInteger
+    - RtlLookupElementGenericTableAvl
+    - RtlEnumerateGenericTableWithoutSplayingAvl
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=AU, ST=New South Wales, L=North Sydney, O=PC Tools, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=PC Tools
+            ValidFrom: '2008-07-18 00:00:00'
+            ValidTo: '2011-08-06 23:59:59'
+            Signature: 247f30abadfba4d717be28260bc929394b837b4940a81c250cba8415892271ea306bc6c741112227dc8afd0419b93220a342d20987a085564886139a5f6ebf3f0b7c4a599e6419c5f9de6d58ff3fa620b4987e60d29a277d9d4a38cc7ed64487f94033bad2a92c49aa814b533332d9dae2e6f142f52163f407a43fd6a6ee0351fc40f0c1969584b0ed9aedfda8477b14febbccdcbd0d65645bc0cbf0b34a6cb52e7d6b9ca739d46b986d9e38bfced59b4fa952c916d67a0be9d6157e3d1f3f4023e64d4da93102eab9cfe63d2fc860501a60c8e786e9d446e9545b06178026b8390a3aae5e0d681499b468d6cb9b44afa0b5597dcb6ca920cfb01bae21208c7a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3942fe1de9b44298ffbec71ba408f092
+            Version: 3
+            TBS:
+                MD5: 9fd69d78f600dc8a17faa7b89a9ca51d
+                SHA1: f086710273cc2bd48d97f3bd8be55cdd80042d9d
+                SHA256: ed120b5be5d481a5ea7e3d8ae546185f6d5c9262a827b49faebcb3f0edfaeede
+                SHA384: be5320882ee52f54c3797d7b6dc4ac5cb812543ce52fae65c1939ecd4aad8c5715dbd1fe2ecdf00d2e86cc04fb840b8b
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 3942fe1de9b44298ffbec71ba408f092
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+- Filename: amdi2c.sys
+  SHA256: 15e84d040c2756b2d1b6c3f99d5a1079dc8854844d3c24d740fafd8c668e5fb9
+  MD5: b4eaacce30f51eaf2a36cea680b45a66
+  SHA1: 94493d7739c5ee7346da31d9523404d62682b195
   Imphash: 9e7c36ff0dc8862002283773ace05f9e
   Authentihash:
-    MD5: bf20ffaec0c931ba26ba3b4fa1168b8a
-    SHA1: 4e572da2a16b1588b2140f6739dc1dbd82cc1292
-    SHA256: 39f5d351878f7216a69d0330c40e5b2793c6d4d3ee72f0673cf7555ea9dbe86a
+    MD5: 5dc807d139dd6bfaa485cc32b65c5677
+    SHA1: 47e517f8a5cf5259f3a35c7c4000d4cf07f288d5
+    SHA256: 37d07c39dc10ae82a9d292c74f7c5f93c7bc133a0225402dafc21f664af079b6
   RichPEHeaderHash:
     MD5: 7401835ee57bfad89c8355b1bd87ef20
     SHA1: 5467c4177559d5b83ce52dd4c8f1366c7ad5ca20
@@ -57,18 +279,25 @@ KnownVulnerableSamples:
       Entropy: 4.439637717036265
       Virtual Size: '0x480'
     INIT:
-      Entropy: 5.125170195862425
+      Entropy: 5.125170195862426
       Virtual Size: '0xcc4'
     .rsrc:
-      Entropy: 3.2918275791152984
-      Virtual Size: '0x3f8'
+      Entropy: 3.309535713036311
+      Virtual Size: '0x3a8'
     .reloc:
       Entropy: 1.2636865525783176
       Virtual Size: '0x30'
   MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-02-01 14:16:19'
-  InternalName: TfSysMon
-  Copyright: "Copyright \xA9 2005-2009 PC Tools. All Rights Reserved."
+  CreationTimestamp: '2010-02-01 20:16:19'
+  Description: AMD I2C Controller Driver
+  Company: Advanced Micro Devices, Inc
+  InternalName: amdi2c.sys
+  OriginalFilename: amdi2c.sys
+  FileVersion: 1.2.0.124
+  Product: AMD I2C Controller Driver
+  ProductVersion: 1.2.0.124
+  Copyright: "Copyright \xA9 2014-2023 Advanced Micro Devices, Inc"
+  MachineType: AMD64
   Imports:
   - ntoskrnl.exe
   ExportedFunctions: ''
@@ -175,94 +404,36 @@ KnownVulnerableSamples:
   - CertificatesInfo: ''
     SignerInfo: ''
     Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=AU, ST=New South Wales, L=North Sydney, O=PC Tools, OU=Digital ID
-        Class 3 , Microsoft Software Validation v2, CN=PC Tools
-      ValidFrom: '2008-07-18 00:00:00'
-      ValidTo: '2011-08-06 23:59:59'
-      Signature: 247f30abadfba4d717be28260bc929394b837b4940a81c250cba8415892271ea306bc6c741112227dc8afd0419b93220a342d20987a085564886139a5f6ebf3f0b7c4a599e6419c5f9de6d58ff3fa620b4987e60d29a277d9d4a38cc7ed64487f94033bad2a92c49aa814b533332d9dae2e6f142f52163f407a43fd6a6ee0351fc40f0c1969584b0ed9aedfda8477b14febbccdcbd0d65645bc0cbf0b34a6cb52e7d6b9ca739d46b986d9e38bfced59b4fa952c916d67a0be9d6157e3d1f3f4023e64d4da93102eab9cfe63d2fc860501a60c8e786e9d446e9545b06178026b8390a3aae5e0d681499b468d6cb9b44afa0b5597dcb6ca920cfb01bae21208c7a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+        Windows Hardware Compatibility Publisher
+      ValidFrom: '2024-10-10 19:04:53'
+      ValidTo: '2025-10-08 19:04:53'
+      Signature: 3870e583035a72db64856d80e17833cd3badd24f19abf9a3d7c7485743dd875f69102820df4992d74f8fba0529be4e16f4234910064a3a1863299a29b82d3fac869915a368ec0e5d0127282221bce84db444d2e9974dc2761a2080a7bc7508d7064f32b2d97b0263d0d937527a8af95f18bcb54ec21a453ba35e55869791416a2a8813fcf95e889e65158dbb5b4cba653c989179947d286051ef6b0d56f41da479db08c6b93c44fa5c8399e126594cc53dfa756180607a1dd29559061d828b0ce2c5a462245ed0995a196ad96223b6eb1a787b4d10b5a7d4e3a130750103bc9c713fc8f32015273bb238b15aae25e4765d7ab81c5d3df82ef6a7d3c2e7a61dab024ff02df6876a86ec7198aa6e28c8e69a015129a717b1036113911f0aeefa8d05081974d026196f24bc1e4ef942599fafbd1b2c316bda73237f1822296888df2344c92b08c363976beb7020242b3069e6691f19e715e1d1a19ddc03235263c9bb7b8390145af57603105ced358f394547e3be96718835917234eb7fd7134d9fb605656717ed6b15f0583068c84c6c01abf31cc1df1fe7c4d2935590e6017cf8cc5635e1cd7054240fd0059f168e90ec1a49f24e0f050034d99e4aa6599a64d280d00ea8af57d3125caddb342a0b2c160a2f95d97e6045e69dc1c1b3fa56dfd40380ce60536a59750edf0069dc7c27f8ccc8f073b46d169b8fed1fd40ac6f00c
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
       IsCertificateAuthority: false
-      SerialNumber: 3942fe1de9b44298ffbec71ba408f092
+      SerialNumber: 330000006e1229856f0ade6cfc00000000006e
       Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
       TBS:
-        MD5: 9fd69d78f600dc8a17faa7b89a9ca51d
-        SHA1: f086710273cc2bd48d97f3bd8be55cdd80042d9d
-        SHA256: ed120b5be5d481a5ea7e3d8ae546185f6d5c9262a827b49faebcb3f0edfaeede
-        SHA384: be5320882ee52f54c3797d7b6dc4ac5cb812543ce52fae65c1939ecd4aad8c5715dbd1fe2ecdf00d2e86cc04fb840b8b
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+        MD5: 3066a9830894e57ce6e47f7a6b58b84f
+        SHA1: ce441ecd2f11e400515a85d5a592da38f950f3dc
+        SHA256: 3e30a731a3b620db0971ecd743ecd312bcdf14c82b9bdc9918102bacbf70520d
+        SHA384: 68c6537d64e3a4f02a2c1d04257c13ab1def23c9c54bafc434176be50a411a75c118c9f8edc81f97b8a1db2dc1d009e3
+    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+        Windows Third Party Component CA 2014
+      ValidFrom: '2014-10-15 20:31:27'
+      ValidTo: '2029-10-15 20:41:27'
+      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
       IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
+      SerialNumber: 330000000d690d5d7893d076df00000000000d
       Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
       TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        MD5: 83f69422963f11c3c340b81712eef319
+        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
     Signer:
-    - SerialNumber: 3942fe1de9b44298ffbec71ba408f092
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
+    - SerialNumber: 330000006e1229856f0ade6cfc00000000006e
+      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+        Windows Third Party Component CA 2014
+      Version: 1
\ No newline at end of file
diff --git a/yaml/e368efc7-cf69-47ae-8204-f69dac000b22.yaml b/yaml/e368efc7-cf69-47ae-8204-f69dac000b22.yaml
index 1cf99a09b..40b5cfdfb 100644
--- a/yaml/e368efc7-cf69-47ae-8204-f69dac000b22.yaml
+++ b/yaml/e368efc7-cf69-47ae-8204-f69dac000b22.yaml
@@ -31,4038 +31,3986 @@ Acknowledgement:
   Handle: ''
   Person: ''
 KnownVulnerableSamples:
-- Authentihash:
-    MD5: 0a3c811c84c0731bb691dd1c2f51d932
-    SHA1: 9cfe5fdbdd41c4d4e026a588fc8df412cc4620fc
-    SHA256: c025ec72d4b8297ee2e0fac7747f39d256aad26fbf0554e3729e3e381bc6ea86
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-06-28 01:49:37'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - DbgPrint
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _vsnwprintf
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - NTOSKRNL.EXE
-  InternalName: ''
-  MD5: 05ad4a6ef441e94acb1a1a9a11a26f3a
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5b4d8c2b8c149dbd5d949b7937d828d8
-    SHA1: 64d5063b776d4a59b8a8cbb7852d9afb61df93f5
-    SHA256: 2c1db2adc3c9d42ce0e0ded5b469406d8748cb851639f3826a5bc8120e7398ae
-  SHA1: d7f12c8d515a0ad401fa02cc8ac42b11b5b7fa55
-  SHA256: 7a1feb8649a5c0679e1073e6d8a02c8a6ebc5825f02999f16c9459284f1b198b
-  Sections:
-    .text:
-      Entropy: 6.355989058358682
-      Virtual Size: '0x3d85'
-    .rdata:
-      Entropy: 4.2685062053422165
-      Virtual Size: '0x29c'
-    .data:
-      Entropy: 1.5672229185382367
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.415106162348945
-      Virtual Size: '0x5e8'
-    .reloc:
-      Entropy: 5.590213587032387
-      Virtual Size: '0x3ca'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2009-12-08 00:00:00'
-      ValidTo: '2013-01-04 23:59:59'
-      Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: dcd6726e69a9158dd03eb7deec112756
-        SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
-        SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
-        SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: a9e02912a3b2915e7bd0d33d49adc21e
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: edc928500093686626e4d82a09eb5681
-    SHA1: 3221d04a27d9ba6646668bea02fe9538e6eec58d
-    SHA256: ce12d9c2996a6626f6fc68415f8a94851b3468c9c62cc408dbdc0227cf77939d
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-03-03 04:01:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - DbgPrint
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - IoDeleteSymbolicLink
-  - _wcsnicmp
-  - _vsnwprintf
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - IoQueryFileDosDeviceName
-  - ZwQueryInformationFile
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: a7c2bc345d60cddf2cf4f5dd416a127b
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 25711a205330f105d8e1b00638fe7c65
-    SHA1: 3e18ce9b3a49b93de45088dc4b4b61ff6971e8eb
-    SHA256: 202a7a99049f60e8147e0c06f761af35f71afdd57862a6a6b388081172bbb8bb
-  SHA1: dcf6ee994e23893ac3b5e90a08003e026cc1fd8e
-  SHA256: 698353791261d5a9ca3245ae8f86334493df554690ec7962895c2affe4050db2
-  Sections:
-    .text:
-      Entropy: 6.317048717136059
-      Virtual Size: '0x39c0'
-    .rdata:
-      Entropy: 4.073332945379357
-      Virtual Size: '0x2ec'
-    .data:
-      Entropy: 2.4133339967645213
-      Virtual Size: '0x50'
-    INIT:
-      Entropy: 5.394756309196413
-      Virtual Size: '0x50c'
-    .reloc:
-      Entropy: 5.367759325264859
-      Virtual Size: '0x3b6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2009-12-08 00:00:00'
-      ValidTo: '2013-01-04 23:59:59'
-      Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: dcd6726e69a9158dd03eb7deec112756
-        SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
-        SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
-        SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 81c7c94c8652b882268a4770e95a5b03
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: fca73e05e6e7e72590d9b79ce05ac73e
-    SHA1: 6954d40b1e566c42a720ee5c8e32d73cdb7dc36f
-    SHA256: a298cc166fe3bac9e9e4cae967f8e3bb41b08a6a97117ca4f8e5c4f198dbcffa
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-06-28 01:49:19'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - DbgPrint
-  - _vsnwprintf
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _wcsnicmp
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 2491a4ddb3f7a6688669831969b47669
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1e3feaa9c8f5818242e61732bda2b3f2
-    SHA1: 5fe2ed4fdc06aedbee2593404f4353ba09790c2b
-    SHA256: c3d3d60b87d8bac39d2996f6c599054442381256bfffdb303cec8aa1a0feedee
-  SHA1: 239e41b1a860c2b12225be48930312773726e7fc
-  SHA256: 831b62145c21557928a694e6261e830f1545b5756ad51dcbd28a15fde570f4e7
-  Sections:
-    .text:
-      Entropy: 6.320092681683187
-      Virtual Size: '0x3ddd'
-    .rdata:
-      Entropy: 4.301024031936047
-      Virtual Size: '0x28c'
-    .data:
-      Entropy: 1.5279258901075148
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.426730341906403
-      Virtual Size: '0x5c2'
-    .reloc:
-      Entropy: 5.573657266134847
-      Virtual Size: '0x3e6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2009-12-08 00:00:00'
-      ValidTo: '2013-01-04 23:59:59'
-      Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: dcd6726e69a9158dd03eb7deec112756
-        SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
-        SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
-        SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: c12936f479be6928286027facebe1c59
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ac13d57700837c8613f9d94f175242d0
-    SHA1: 7fb190dfa6cc3e34937991c839353331998b532f
-    SHA256: 1fe70267698ba60012ca4c2c0f21325236bafc7b42fa977a09afa6a0c5ed3784
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-06-28 01:49:46'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - DbgPrint
-  - _vsnwprintf
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _wcsnicmp
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 724a9e06f0a846f2556f2e3edd251cc4
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: cd2bd2df115786d1be082c11816bb8bf
-    SHA1: 9bbc6747d36b2e9386835a13e6e77003ba04fc02
-    SHA256: 51b7f6c1d7f3582e201c9903196ee57fa3de962c4b1d451bc2dae4467bd6576a
-  SHA1: ac593c6f4d2ad88bfca455a3a189af6d3cdace32
-  SHA256: 11bc55c0771d692279298211c1d434c04168e7c7f7c4328bfd600215b88c819b
-  Sections:
-    .text:
-      Entropy: 6.320386750174537
-      Virtual Size: '0x3ddd'
-    .rdata:
-      Entropy: 4.2873446237083135
-      Virtual Size: '0x28c'
-    .data:
-      Entropy: 1.5279258901075148
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.424229057057279
-      Virtual Size: '0x5c2'
-    .reloc:
-      Entropy: 5.573657266134847
-      Virtual Size: '0x3e6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2009-12-08 00:00:00'
-      ValidTo: '2013-01-04 23:59:59'
-      Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: dcd6726e69a9158dd03eb7deec112756
-        SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
-        SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
-        SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: c12936f479be6928286027facebe1c59
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d41b2c41b706e2cd26952b00c30d7f64
-    SHA1: 68ec1d226dc2314c5f2ecc949c662b1f4d504824
-    SHA256: 773dc9256c4eada182a5b41179a522740ba994eff30f868641bc91574705b8e3
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-06-28 01:49:22'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - DbgPrint
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 67f6d2a931f194396bda9b05690008d2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ad9b91dbaee6be999d6506faf9a50496
-    SHA1: 38ea8a4d751919b531f6169cab585b4e935d6711
-    SHA256: 8f3ff18b13421201854683eaf11f9a5a1497126ef99bddf602c4eee5b66d2a50
-  SHA1: c90d334d807a0dc7f15ecff38e8f0137a378504b
-  SHA256: a7416a7d9573f1d8873ec1b3109ec683e85412ba817e0001c3ab2d2c92043d4d
-  Sections:
-    .text:
-      Entropy: 6.20613778782764
-      Virtual Size: '0x5226'
-    .rdata:
-      Entropy: 4.766241993256806
-      Virtual Size: '0x59c'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.261400850513
-      Virtual Size: '0x24c'
-    INIT:
-      Entropy: 5.206339371292222
-      Virtual Size: '0x64c'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2009-12-08 00:00:00'
-      ValidTo: '2013-01-04 23:59:59'
-      Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: dcd6726e69a9158dd03eb7deec112756
-        SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
-        SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
-        SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 711b758670a45a9eda505018717c0966
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 89f98b999217b326cc86ac494de536c6
-    SHA1: 6093dcbb29df29d365286d8d86b80e1027cf7d0a
-    SHA256: e73bb03d54b40035558df2e990367a1c4e9c1ef8e980df6380a63f3bc23e6740
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-09-05 04:35:34'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - DbgPrint
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - ZwCreateFile
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  - __chkstk
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: b2ada4eb20649839a54db078fa6bb1bd
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b7475c5a12b5a230bc38af8999024009
-    SHA1: f0641a90dd7fbceddca5a1d1ff4adcabcc8cc5ee
-    SHA256: ca2a5d85f9030bc3a6e3128b6a6dc5f52b7e43be10b83b57951c289b80bf16d3
-  SHA1: db649f5adb5e857b2167925f270df56e5f8e5612
-  SHA256: 0aff83f28d70f425539fee3d6a780210d0406264f8a4eb124e32b074e8ffd556
-  Sections:
-    .text:
-      Entropy: 6.170150629427797
-      Virtual Size: '0x5556'
-    .rdata:
-      Entropy: 4.712345522450135
-      Virtual Size: '0x5b4'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.216695986753876
-      Virtual Size: '0x258'
-    INIT:
-      Entropy: 5.179242948978909
-      Virtual Size: '0x678'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: c89216a982b8a3b67a507c41afa93c04
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0a3c811c84c0731bb691dd1c2f51d932
-    SHA1: 9cfe5fdbdd41c4d4e026a588fc8df412cc4620fc
-    SHA256: c025ec72d4b8297ee2e0fac7747f39d256aad26fbf0554e3729e3e381bc6ea86
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-06-28 01:49:37'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - DbgPrint
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _vsnwprintf
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - NTOSKRNL.EXE
-  InternalName: ''
-  MD5: 2f6cf948117cbd383315ebf070d27aa4
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5b4d8c2b8c149dbd5d949b7937d828d8
-    SHA1: 64d5063b776d4a59b8a8cbb7852d9afb61df93f5
-    SHA256: 2c1db2adc3c9d42ce0e0ded5b469406d8748cb851639f3826a5bc8120e7398ae
-  SHA1: 338679dfda8828c6aa98e0a5c9fa9e0a1fe9e9e8
-  SHA256: 29cf2d374d7afe009bbf60ba5f50db7016314de682cf3a6f90c0996810c821ef
-  Sections:
-    .text:
-      Entropy: 6.355989058358682
-      Virtual Size: '0x3d85'
-    .rdata:
-      Entropy: 4.2685062053422165
-      Virtual Size: '0x29c'
-    .data:
-      Entropy: 1.5672229185382367
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.415106162348945
-      Virtual Size: '0x5e8'
-    .reloc:
-      Entropy: 5.590213587032387
-      Virtual Size: '0x3ca'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2009-12-08 00:00:00'
-      ValidTo: '2013-01-04 23:59:59'
-      Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: dcd6726e69a9158dd03eb7deec112756
-        SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
-        SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
-        SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: a9e02912a3b2915e7bd0d33d49adc21e
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0c8ced073b358dbd77b932d76929685b
-    SHA1: f96942de94a05f1ee53f49ca4e806790c0aa780e
-    SHA256: 5f4b06327ffbec2a59725a57c357daf54ea2f58aef5dc7ff3f5370168af09fb0
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-06-28 01:49:43'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - DbgPrint
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: e6ed15980616aa706bf85e6f256d2ebe
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fb793a110cd04a70e63e24ded69cda69
-    SHA1: 295f35683dd5b0da34dbacd59ee8ce840aa013f0
-    SHA256: 9ff3c3e172cdf69134a6728f7031a6c1d17cdfe2548037099ba7ea2703b99cf7
-  SHA1: b589662db0d96993cd83e97b11e9238d3d70dc2d
-  SHA256: e41d4fd99252fcf9aea529b6e148b311aa26a4ab04f6b79cce4cd19c61db0c87
-  Sections:
-    .text:
-      Entropy: 6.217525540626368
-      Virtual Size: '0x51c6'
-    .rdata:
-      Entropy: 4.819949617753762
-      Virtual Size: '0x588'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.229977191275536
-      Virtual Size: '0x234'
-    INIT:
-      Entropy: 5.159128460560333
-      Virtual Size: '0x64c'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2009-12-08 00:00:00'
-      ValidTo: '2013-01-04 23:59:59'
-      Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: dcd6726e69a9158dd03eb7deec112756
-        SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
-        SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
-        SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 711b758670a45a9eda505018717c0966
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d865b8b11ee0f2ddc9095e3249015abf
-    SHA1: 0aa57861ba15db6dc026c87f503fbe9635a29629
-    SHA256: 14e6f0d5f93dc52471af549de1c91c1fc1d9dbd175d5932c17e58e6b186694c9
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 05:40:47'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - DbgPrint
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - _wcsnicmp
-  - IoCreateSymbolicLink
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _vsnwprintf
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - NTOSKRNL.EXE
-  InternalName: IObitUnlocker.sys
-  MD5: 9c14315e086882e89a01c9700c4b5530
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 45e8197e8972ce1575cb59ba47bbca6b
-    SHA1: 1c05376b51b700befeedb5e91c2b046898e5e955
-    SHA256: 613e1f251c62380c70363a484341431d05279fd28749c36173025f0a7108e138
-  SHA1: 2446597bd4fd1f67657425310bec5db5614a8616
-  SHA256: 0209934453e9ce60b1a5e4b85412e6faf29127987505bfb1185fc9296c578b09
-  Sections:
-    .text:
-      Entropy: 6.352640579869565
-      Virtual Size: '0x3d9c'
-    .rdata:
-      Entropy: 4.184352632111533
-      Virtual Size: '0x29c'
-    .data:
-      Entropy: 1.5672229185382367
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.4156598647971395
-      Virtual Size: '0x5e8'
-    .rsrc:
-      Entropy: 3.287732512533589
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 5.526376244216933
-      Virtual Size: '0x3d6'
-  Signature: ''
-  Signatures: {}
-  Imphash: 51957e796400bc7de3cfa02db5a95bce
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d08742729d8b2acaf972fcea6df3bf09
-    SHA1: d7fe09f414ea3a9f2b979c6d883079f0ed563a4b
-    SHA256: 89d96210bf36a88acb14086c96e916b790d21b7adf81d0907c823ca2afbe0ce3
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 05:40:53'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - DbgPrint
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: IObitUnlocker.sys
-  MD5: ad6ec006e29343c466f73bf47fe0caf3
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 772fe1b9794caabb89ee0b78335e3f98
-    SHA1: 877c7c33339b6359e6c366e9c4744b779f24f542
-    SHA256: aed7ad05867110783a74d2c2d4c7a0d2c84075f8a3626e45df6e8f021ea3f592
-  SHA1: 7f4bef1dbc56974f36c25e37b344213d144ffcb4
-  SHA256: d8096325bfe81b093dd522095b6153d9c4850ba2eaa790e12e7056ef160d0432
-  Sections:
-    .text:
-      Entropy: 6.210028479836042
-      Virtual Size: '0x5186'
-    .rdata:
-      Entropy: 4.788425060525102
-      Virtual Size: '0x584'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.165113468119247
-      Virtual Size: '0x234'
-    INIT:
-      Entropy: 5.162190008807952
-      Virtual Size: '0x64c'
-    .rsrc:
-      Entropy: 3.288590339240593
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 751c91ae91cb43aadaeaa1bb187c593a
-    SHA1: dd220acea885a954085e614b94da2b5bba5c0cc3
-    SHA256: e0aff24a54400fe9f86564b8ce9f874e7ff51e96085ff950baff05844cff2bd1
-  Company: IObit Information Technology
-  Copyright: "\xA9 IObit. All rights reserved."
-  CreationTimestamp: '2022-08-17 04:18:15'
-  Date: ''
-  Description: Unlocker Driver
-  ExportedFunctions: ''
-  FileVersion: 1.3.0.10
-  Filename: IObitUnlocker.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwCreateFile
-  - ExAllocatePool
-  - IoGetCurrentProcess
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ObOpenObjectByPointer
-  - DbgPrint
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - RtlAppendUnicodeToString
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - RtlAppendUnicodeStringToString
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - PsGetCurrentProcessId
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: IObitUnlocker.sys
-  MD5: 2391fb461b061d0e5fccb050d4af7941
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  Product: Unlocker
-  ProductVersion: 1.3.0.10
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 35ffa69ed506b3a5d24d6e9c10f88070
-    SHA1: a5d21268d58eebe7c8e0921d0079974d8541ffb7
-    SHA256: 7068185b0f6869fa20b8c64c2e6f2c3bedc161bc4118e602df47da640013cb62
-  SHA1: 7c6cad6a268230f6e08417d278dda4d66bb00d13
-  SHA256: f85cca4badff17d1aa90752153ccec77a68ad282b69e3985fdc4743eaea85004
-  Sections:
-    .text:
-      Entropy: 6.174805563267683
-      Virtual Size: '0x5976'
-    .rdata:
-      Entropy: 4.74536885813998
-      Virtual Size: '0x644'
-    .data:
-      Entropy: 0.8079955727472559
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.257735635509842
-      Virtual Size: '0x27c'
-    INIT:
-      Entropy: 5.202412460125397
-      Virtual Size: '0x72a'
-    .rsrc:
-      Entropy: 3.2596097351980737
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature:
-  - IObit CO., LTD
-  - DigiCert EV Code Signing CA
-  - DigiCert
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=Sichuan, ??=Wuhou District, Chengdu, ??=Private Organization,
-        serialNumber=91510107072412418F, C=CN, ST=Sichuan, L=Chengdu, O=IObit CO.,
-        LTD, CN=IObit CO., LTD
-      ValidFrom: '2019-08-27 00:00:00'
-      ValidTo: '2022-08-30 12:00:00'
-      Signature: 89d53256ccf4b2e50a8e05d88de9ed33f6adde16e143a6f7f042ec4ed9220c7c4195b543ad1ae9c5ae5421f192140d62b28449c83a0c31759765c127fed77c447072976f2d5e8d44e07dafbbc5a0cea9e8020081c3f8a22a1519e53d8c69ff3ffbd7e090e92593a738b8bd6d583b27e5e797672294147fd1b8492683b1b3f202c3e0c571f9fad02d95f8204e054fa722ac42bf21e54ec1891942ab339f004ab57cb01838539bf5196fc1579e0add7c42206ff5e10bb0934b4a801fab12ed748a6a858af5c9601296ce6ca9b14b46f731a0485f49f142ab65dacb0103daaee13b2269f2c2b2d2bb2b04abe93642ecc988fa536170194acc1c73d48a781d3d5f0e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0d98f5df96c592c5b76bfde1cb823096
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: d0ba095f2bdb679cea084b4106479484
-        SHA1: 80aba0ecbd2b71c84bc73ac42963bc9ce247a020
-        SHA256: a93f8b7111c3e2288e164e42131e2ad52867060479ade1f6e6b3124cde822cfa
-        SHA384: 8293c567ba382434adab5899693e47e5d6e06c0b9f3c158bf17675d5a1476627db51d00dc9573bf4b89412617e651ba6
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 0d98f5df96c592c5b76bfde1cb823096
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: b4627789883457d50964a248104cb4c2
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 979c3d1cb589639a129b4e4cec243e73
-    SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
-    SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 05:41:05'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - DbgPrint
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: IObitUnlocker.sys
-  MD5: f58e9309d8251a3010ee022aa5a6e377
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
-    SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
-    SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
-  SHA1: 40cfe5793a25722aaf47388f8059af53e77a4b22
-  SHA256: b6ae324b84a4632cf690dd565954d64b205104fc3fa42181612c3f5b830579c6
-  Sections:
-    .text:
-      Entropy: 6.202075133120773
-      Virtual Size: '0x5186'
-    .rdata:
-      Entropy: 4.769811652238958
-      Virtual Size: '0x594'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.179297571785238
-      Virtual Size: '0x24c'
-    INIT:
-      Entropy: 5.2106778004138254
-      Virtual Size: '0x64c'
-    .rsrc:
-      Entropy: 3.288590339240593
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 979c3d1cb589639a129b4e4cec243e73
-    SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
-    SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 05:41:05'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - DbgPrint
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: IObitUnlocker.sys
-  MD5: 3a3d54e49cae4b51f5231d3ae6724fcd
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
-    SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
-    SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
-  SHA1: 8d404be8d892e5a073eca1d872a5023014dd0b73
-  SHA256: d3e95b8d8cbb0c4c3bb78d929408b37fd3b8f305b6234f7f03954465d52454eb
-  Sections:
-    .text:
-      Entropy: 6.202075133120773
-      Virtual Size: '0x5186'
-    .rdata:
-      Entropy: 4.769811652238958
-      Virtual Size: '0x594'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.179297571785238
-      Virtual Size: '0x24c'
-    INIT:
-      Entropy: 5.2106778004138254
-      Virtual Size: '0x64c'
-    .rsrc:
-      Entropy: 3.288590339240593
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 979c3d1cb589639a129b4e4cec243e73
-    SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
-    SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 05:41:05'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - DbgPrint
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: IObitUnlocker.sys
-  MD5: 57fdf2cc39a2865dd67dcf762d2c0b7f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
-    SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
-    SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
-  SHA1: 8628a983d81e5df59187d3272b509a5a8e12137a
-  SHA256: 5ea5f339b2e40dea57378626790ca7e9a82777aacdada5bc61ebb7d82043fa07
-  Sections:
-    .text:
-      Entropy: 6.202075133120773
-      Virtual Size: '0x5186'
-    .rdata:
-      Entropy: 4.769811652238958
-      Virtual Size: '0x594'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.179297571785238
-      Virtual Size: '0x24c'
-    INIT:
-      Entropy: 5.2106778004138254
-      Virtual Size: '0x64c'
-    .rsrc:
-      Entropy: 3.288590339240593
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures: {}
-  Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 910e58c2580f8eb3efacae948c39e947
-    SHA1: f96bc840dde4d24fcd3f2f4712fdb8143aeedf99
-    SHA256: 198a4dc1c4bd7eff31ff4d1952a592170b25bfb5fedcd9d5d4c4fd3707337e42
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 05:40:56'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - DbgPrint
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - _wcsnicmp
-  - ExFreePoolWithTag
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _vsnwprintf
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: IObitUnlocker.sys
-  MD5: 98eaed36ba245047410a19c191cd1a69
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5ed41271591cfd1188e26860c867cd71
-    SHA1: 5659e97f0a3d6b4b5cc6db7922ce3b1a5d2a2d62
-    SHA256: 96f9617c2e249fd97c13b33fc62066abc19a3dfc63913f8b7f680423c7d80e63
-  SHA1: e1aa2dcd6702f26c14805bb117acfb4a99b9d673
-  SHA256: 969f73a1da331e43777a3c1f08ec0734e7cf8c8136e5d469cbad8035fbfe3b47
-  Sections:
-    .text:
-      Entropy: 6.315433318536223
-      Virtual Size: '0x3d80'
-    .rdata:
-      Entropy: 4.189271224540514
-      Virtual Size: '0x28c'
-    .data:
-      Entropy: 1.5279258901075148
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.418516536382236
-      Virtual Size: '0x5c2'
-    .rsrc:
-      Entropy: 3.287732512533589
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 5.472046791762154
-      Virtual Size: '0x3f6'
-  Signature: ''
-  Signatures: {}
-  Imphash: df732a700824119a3aa46e52712d50e1
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 910e58c2580f8eb3efacae948c39e947
-    SHA1: f96bc840dde4d24fcd3f2f4712fdb8143aeedf99
-    SHA256: 198a4dc1c4bd7eff31ff4d1952a592170b25bfb5fedcd9d5d4c4fd3707337e42
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 05:40:56'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - DbgPrint
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - _wcsnicmp
-  - ExFreePoolWithTag
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _vsnwprintf
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: IObitUnlocker.sys
-  MD5: 3a41edc1dda049a1b8aa411f728831e0
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5ed41271591cfd1188e26860c867cd71
-    SHA1: 5659e97f0a3d6b4b5cc6db7922ce3b1a5d2a2d62
-    SHA256: 96f9617c2e249fd97c13b33fc62066abc19a3dfc63913f8b7f680423c7d80e63
-  SHA1: abc5bbd11f26232bab2a68ecbff3cbb05f59701b
-  SHA256: 507724d96a54f3e45c16a065bf38ae82a9b80d07096a461068a701cae0c1cf29
-  Sections:
-    .text:
-      Entropy: 6.315433318536223
-      Virtual Size: '0x3d80'
-    .rdata:
-      Entropy: 4.189271224540514
-      Virtual Size: '0x28c'
-    .data:
-      Entropy: 1.5279258901075148
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.418516536382236
-      Virtual Size: '0x5c2'
-    .rsrc:
-      Entropy: 3.287732512533589
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 5.472046791762154
-      Virtual Size: '0x3f6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: df732a700824119a3aa46e52712d50e1
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d865b8b11ee0f2ddc9095e3249015abf
-    SHA1: 0aa57861ba15db6dc026c87f503fbe9635a29629
-    SHA256: 14e6f0d5f93dc52471af549de1c91c1fc1d9dbd175d5932c17e58e6b186694c9
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 05:40:47'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - DbgPrint
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - _wcsnicmp
-  - IoCreateSymbolicLink
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _vsnwprintf
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - NTOSKRNL.EXE
-  InternalName: IObitUnlocker.sys
-  MD5: 848690ca707b4850c967e3217f285fcc
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 45e8197e8972ce1575cb59ba47bbca6b
-    SHA1: 1c05376b51b700befeedb5e91c2b046898e5e955
-    SHA256: 613e1f251c62380c70363a484341431d05279fd28749c36173025f0a7108e138
-  SHA1: 9e8c4fea1f2bc9fce1e08a6e0a448e567b504f66
-  SHA256: b0dd55b4dc7e561dfe413b029673674e2a5381f5f4daede03ddf3484310a6e11
-  Sections:
-    .text:
-      Entropy: 6.352640579869565
-      Virtual Size: '0x3d9c'
-    .rdata:
-      Entropy: 4.184352632111533
-      Virtual Size: '0x29c'
-    .data:
-      Entropy: 1.5672229185382367
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.4156598647971395
-      Virtual Size: '0x5e8'
-    .rsrc:
-      Entropy: 3.287732512533589
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 5.526376244216933
-      Virtual Size: '0x3d6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 51957e796400bc7de3cfa02db5a95bce
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 979c3d1cb589639a129b4e4cec243e73
-    SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
-    SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 05:41:05'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - DbgPrint
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: IObitUnlocker.sys
-  MD5: a8dd685a6afb748c9f487a139c9c367b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
-    SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
-    SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
-  SHA1: d032ad51c9d12e08709e7b31ea705585a52cbf23
-  SHA256: a92d2736c8cd99195a1ef4d0d9a3412bee481acf585944e3b5946b465361a3e7
-  Sections:
-    .text:
-      Entropy: 6.202075133120773
-      Virtual Size: '0x5186'
-    .rdata:
-      Entropy: 4.769811652238958
-      Virtual Size: '0x594'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.179297571785238
-      Virtual Size: '0x24c'
-    INIT:
-      Entropy: 5.2106778004138254
-      Virtual Size: '0x64c'
-    .rsrc:
-      Entropy: 3.288590339240593
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d865b8b11ee0f2ddc9095e3249015abf
-    SHA1: 0aa57861ba15db6dc026c87f503fbe9635a29629
-    SHA256: 14e6f0d5f93dc52471af549de1c91c1fc1d9dbd175d5932c17e58e6b186694c9
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 05:40:47'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - DbgPrint
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - _wcsnicmp
-  - IoCreateSymbolicLink
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _vsnwprintf
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - NTOSKRNL.EXE
-  InternalName: IObitUnlocker.sys
-  MD5: 501945a3f0055033edc64be09717eef2
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 45e8197e8972ce1575cb59ba47bbca6b
-    SHA1: 1c05376b51b700befeedb5e91c2b046898e5e955
-    SHA256: 613e1f251c62380c70363a484341431d05279fd28749c36173025f0a7108e138
-  SHA1: 373d015e5faa183edc164821f68f6bf172f8b364
-  SHA256: a38c26c0754f6c9389ea43dd0149db26b95742c1b37468fcf0d8ced66da1dcb9
-  Sections:
-    .text:
-      Entropy: 6.352640579869565
-      Virtual Size: '0x3d9c'
-    .rdata:
-      Entropy: 4.184352632111533
-      Virtual Size: '0x29c'
-    .data:
-      Entropy: 1.5672229185382367
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.4156598647971395
-      Virtual Size: '0x5e8'
-    .rsrc:
-      Entropy: 3.287732512533589
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 5.526376244216933
-      Virtual Size: '0x3d6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 51957e796400bc7de3cfa02db5a95bce
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d865b8b11ee0f2ddc9095e3249015abf
-    SHA1: 0aa57861ba15db6dc026c87f503fbe9635a29629
-    SHA256: 14e6f0d5f93dc52471af549de1c91c1fc1d9dbd175d5932c17e58e6b186694c9
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 05:40:47'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - DbgPrint
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - _wcsnicmp
-  - IoCreateSymbolicLink
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _vsnwprintf
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - NTOSKRNL.EXE
-  InternalName: IObitUnlocker.sys
-  MD5: 5cc5fc8ce149dca1d05fb47c0aec9497
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 45e8197e8972ce1575cb59ba47bbca6b
-    SHA1: 1c05376b51b700befeedb5e91c2b046898e5e955
-    SHA256: 613e1f251c62380c70363a484341431d05279fd28749c36173025f0a7108e138
-  SHA1: 14488a51c38e647c2347928f675a167acec8fbd6
-  SHA256: faa9aa7118ecf9bb6594281f6b582f1ced0cc62d5db09a2fbf9b7ce70c532285
-  Sections:
-    .text:
-      Entropy: 6.352640579869565
-      Virtual Size: '0x3d9c'
-    .rdata:
-      Entropy: 4.184352632111533
-      Virtual Size: '0x29c'
-    .data:
-      Entropy: 1.5672229185382367
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.4156598647971395
-      Virtual Size: '0x5e8'
-    .rsrc:
-      Entropy: 3.287732512533589
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 5.526376244216933
-      Virtual Size: '0x3d6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 51957e796400bc7de3cfa02db5a95bce
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d08742729d8b2acaf972fcea6df3bf09
-    SHA1: d7fe09f414ea3a9f2b979c6d883079f0ed563a4b
-    SHA256: 89d96210bf36a88acb14086c96e916b790d21b7adf81d0907c823ca2afbe0ce3
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 05:40:53'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - DbgPrint
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: IObitUnlocker.sys
-  MD5: 3b967b644881ccb5a95f06e903d8b218
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 772fe1b9794caabb89ee0b78335e3f98
-    SHA1: 877c7c33339b6359e6c366e9c4744b779f24f542
-    SHA256: aed7ad05867110783a74d2c2d4c7a0d2c84075f8a3626e45df6e8f021ea3f592
-  SHA1: 3a97b4f93c69cbf25fa4c4696e44577524c3c9a0
-  SHA256: c2e1a3dd0dfb3477a3e855368b23d12b8818df8fa3bc3508abf069a0873d6bf8
-  Sections:
-    .text:
-      Entropy: 6.210028479836042
-      Virtual Size: '0x5186'
-    .rdata:
-      Entropy: 4.788425060525102
-      Virtual Size: '0x584'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.165113468119247
-      Virtual Size: '0x234'
-    INIT:
-      Entropy: 5.162190008807952
-      Virtual Size: '0x64c'
-    .rsrc:
-      Entropy: 3.288590339240593
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures: {}
-  Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 979c3d1cb589639a129b4e4cec243e73
-    SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
-    SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 05:41:05'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - DbgPrint
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: IObitUnlocker.sys
-  MD5: d7b749051da5fb4604f4141f19c47660
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
-    SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
-    SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
-  SHA1: 288daefd1ce65fb01011dc8a64491111207d3965
-  SHA256: 2b33df9aff7cb99a782b252e8eb65ca49874a112986a1c49cd9971210597a8ae
-  Sections:
-    .text:
-      Entropy: 6.202075133120773
-      Virtual Size: '0x5186'
-    .rdata:
-      Entropy: 4.769811652238958
-      Virtual Size: '0x594'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.179297571785238
-      Virtual Size: '0x24c'
-    INIT:
-      Entropy: 5.2106778004138254
-      Virtual Size: '0x64c'
-    .rsrc:
-      Entropy: 3.288590339240593
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ''
-  MD5: 47aa03a10ac3a407f8f30f1088edcbc9
-  SHA1: b5d78a1d3ae93bd343c6d65e64c0945d1d558758
-  SHA256: c79a2bb050af6436b10b58ef04dbc7082df1513cec5934432004eb56fba05e66
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: IObit
-  Description: IObitUnlocker Driver
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.1
-  FileVersion: '1.2.0.1 built by: WinDDK'
-  MachineType: AMD64
-  OriginalFilename: IObitUnlocker.sys
-  Imphash: 878e0ad08d61b8eeabe5f33873401f2d
+-   Authentihash:
+        MD5: 0a3c811c84c0731bb691dd1c2f51d932
+        SHA1: 9cfe5fdbdd41c4d4e026a588fc8df412cc4620fc
+        SHA256: c025ec72d4b8297ee2e0fac7747f39d256aad26fbf0554e3729e3e381bc6ea86
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-06-27 23:49:37'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - DbgPrint
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _vsnwprintf
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - NTOSKRNL.EXE
+    InternalName: ''
+    MD5: 05ad4a6ef441e94acb1a1a9a11a26f3a
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5b4d8c2b8c149dbd5d949b7937d828d8
+        SHA1: 64d5063b776d4a59b8a8cbb7852d9afb61df93f5
+        SHA256: 2c1db2adc3c9d42ce0e0ded5b469406d8748cb851639f3826a5bc8120e7398ae
+    SHA1: d7f12c8d515a0ad401fa02cc8ac42b11b5b7fa55
+    SHA256: 7a1feb8649a5c0679e1073e6d8a02c8a6ebc5825f02999f16c9459284f1b198b
+    Sections:
+        .text:
+            Entropy: 6.355989058358682
+            Virtual Size: '0x3d85'
+        .rdata:
+            Entropy: 4.2685062053422165
+            Virtual Size: '0x29c'
+        .data:
+            Entropy: 1.5672229185382367
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.415106162348945
+            Virtual Size: '0x5e8'
+        .reloc:
+            Entropy: 5.590213587032387
+            Virtual Size: '0x3ca'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2009-12-08 00:00:00'
+            ValidTo: '2013-01-04 23:59:59'
+            Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Version: 3
+            TBS:
+                MD5: dcd6726e69a9158dd03eb7deec112756
+                SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
+                SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
+                SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: a9e02912a3b2915e7bd0d33d49adc21e
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: edc928500093686626e4d82a09eb5681
+        SHA1: 3221d04a27d9ba6646668bea02fe9538e6eec58d
+        SHA256: ce12d9c2996a6626f6fc68415f8a94851b3468c9c62cc408dbdc0227cf77939d
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-03-03 02:01:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - DbgPrint
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - IoDeleteSymbolicLink
+    - _wcsnicmp
+    - _vsnwprintf
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - IoQueryFileDosDeviceName
+    - ZwQueryInformationFile
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: a7c2bc345d60cddf2cf4f5dd416a127b
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 25711a205330f105d8e1b00638fe7c65
+        SHA1: 3e18ce9b3a49b93de45088dc4b4b61ff6971e8eb
+        SHA256: 202a7a99049f60e8147e0c06f761af35f71afdd57862a6a6b388081172bbb8bb
+    SHA1: dcf6ee994e23893ac3b5e90a08003e026cc1fd8e
+    SHA256: 698353791261d5a9ca3245ae8f86334493df554690ec7962895c2affe4050db2
+    Sections:
+        .text:
+            Entropy: 6.317048717136059
+            Virtual Size: '0x39c0'
+        .rdata:
+            Entropy: 4.073332945379357
+            Virtual Size: '0x2ec'
+        .data:
+            Entropy: 2.4133339967645213
+            Virtual Size: '0x50'
+        INIT:
+            Entropy: 5.394756309196413
+            Virtual Size: '0x50c'
+        .reloc:
+            Entropy: 5.367759325264859
+            Virtual Size: '0x3b6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2009-12-08 00:00:00'
+            ValidTo: '2013-01-04 23:59:59'
+            Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Version: 3
+            TBS:
+                MD5: dcd6726e69a9158dd03eb7deec112756
+                SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
+                SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
+                SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 81c7c94c8652b882268a4770e95a5b03
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: fca73e05e6e7e72590d9b79ce05ac73e
+        SHA1: 6954d40b1e566c42a720ee5c8e32d73cdb7dc36f
+        SHA256: a298cc166fe3bac9e9e4cae967f8e3bb41b08a6a97117ca4f8e5c4f198dbcffa
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-06-27 23:49:19'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - DbgPrint
+    - _vsnwprintf
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _wcsnicmp
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 2491a4ddb3f7a6688669831969b47669
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 1e3feaa9c8f5818242e61732bda2b3f2
+        SHA1: 5fe2ed4fdc06aedbee2593404f4353ba09790c2b
+        SHA256: c3d3d60b87d8bac39d2996f6c599054442381256bfffdb303cec8aa1a0feedee
+    SHA1: 239e41b1a860c2b12225be48930312773726e7fc
+    SHA256: 831b62145c21557928a694e6261e830f1545b5756ad51dcbd28a15fde570f4e7
+    Sections:
+        .text:
+            Entropy: 6.320092681683187
+            Virtual Size: '0x3ddd'
+        .rdata:
+            Entropy: 4.301024031936047
+            Virtual Size: '0x28c'
+        .data:
+            Entropy: 1.5279258901075148
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.426730341906403
+            Virtual Size: '0x5c2'
+        .reloc:
+            Entropy: 5.573657266134847
+            Virtual Size: '0x3e6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2009-12-08 00:00:00'
+            ValidTo: '2013-01-04 23:59:59'
+            Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Version: 3
+            TBS:
+                MD5: dcd6726e69a9158dd03eb7deec112756
+                SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
+                SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
+                SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: c12936f479be6928286027facebe1c59
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ac13d57700837c8613f9d94f175242d0
+        SHA1: 7fb190dfa6cc3e34937991c839353331998b532f
+        SHA256: 1fe70267698ba60012ca4c2c0f21325236bafc7b42fa977a09afa6a0c5ed3784
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-06-27 23:49:46'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - DbgPrint
+    - _vsnwprintf
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _wcsnicmp
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 724a9e06f0a846f2556f2e3edd251cc4
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: cd2bd2df115786d1be082c11816bb8bf
+        SHA1: 9bbc6747d36b2e9386835a13e6e77003ba04fc02
+        SHA256: 51b7f6c1d7f3582e201c9903196ee57fa3de962c4b1d451bc2dae4467bd6576a
+    SHA1: ac593c6f4d2ad88bfca455a3a189af6d3cdace32
+    SHA256: 11bc55c0771d692279298211c1d434c04168e7c7f7c4328bfd600215b88c819b
+    Sections:
+        .text:
+            Entropy: 6.320386750174537
+            Virtual Size: '0x3ddd'
+        .rdata:
+            Entropy: 4.2873446237083135
+            Virtual Size: '0x28c'
+        .data:
+            Entropy: 1.5279258901075148
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.424229057057279
+            Virtual Size: '0x5c2'
+        .reloc:
+            Entropy: 5.573657266134847
+            Virtual Size: '0x3e6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2009-12-08 00:00:00'
+            ValidTo: '2013-01-04 23:59:59'
+            Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Version: 3
+            TBS:
+                MD5: dcd6726e69a9158dd03eb7deec112756
+                SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
+                SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
+                SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: c12936f479be6928286027facebe1c59
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d41b2c41b706e2cd26952b00c30d7f64
+        SHA1: 68ec1d226dc2314c5f2ecc949c662b1f4d504824
+        SHA256: 773dc9256c4eada182a5b41179a522740ba994eff30f868641bc91574705b8e3
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-06-27 23:49:22'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - DbgPrint
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 67f6d2a931f194396bda9b05690008d2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ad9b91dbaee6be999d6506faf9a50496
+        SHA1: 38ea8a4d751919b531f6169cab585b4e935d6711
+        SHA256: 8f3ff18b13421201854683eaf11f9a5a1497126ef99bddf602c4eee5b66d2a50
+    SHA1: c90d334d807a0dc7f15ecff38e8f0137a378504b
+    SHA256: a7416a7d9573f1d8873ec1b3109ec683e85412ba817e0001c3ab2d2c92043d4d
+    Sections:
+        .text:
+            Entropy: 6.20613778782764
+            Virtual Size: '0x5226'
+        .rdata:
+            Entropy: 4.766241993256806
+            Virtual Size: '0x59c'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.261400850513
+            Virtual Size: '0x24c'
+        INIT:
+            Entropy: 5.206339371292222
+            Virtual Size: '0x64c'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2009-12-08 00:00:00'
+            ValidTo: '2013-01-04 23:59:59'
+            Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Version: 3
+            TBS:
+                MD5: dcd6726e69a9158dd03eb7deec112756
+                SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
+                SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
+                SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 711b758670a45a9eda505018717c0966
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 89f98b999217b326cc86ac494de536c6
+        SHA1: 6093dcbb29df29d365286d8d86b80e1027cf7d0a
+        SHA256: e73bb03d54b40035558df2e990367a1c4e9c1ef8e980df6380a63f3bc23e6740
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-09-05 02:35:34'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - ZwCreateFile
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    - __chkstk
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: b2ada4eb20649839a54db078fa6bb1bd
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b7475c5a12b5a230bc38af8999024009
+        SHA1: f0641a90dd7fbceddca5a1d1ff4adcabcc8cc5ee
+        SHA256: ca2a5d85f9030bc3a6e3128b6a6dc5f52b7e43be10b83b57951c289b80bf16d3
+    SHA1: db649f5adb5e857b2167925f270df56e5f8e5612
+    SHA256: 0aff83f28d70f425539fee3d6a780210d0406264f8a4eb124e32b074e8ffd556
+    Sections:
+        .text:
+            Entropy: 6.170150629427797
+            Virtual Size: '0x5556'
+        .rdata:
+            Entropy: 4.712345522450135
+            Virtual Size: '0x5b4'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.216695986753876
+            Virtual Size: '0x258'
+        INIT:
+            Entropy: 5.179242948978909
+            Virtual Size: '0x678'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: c89216a982b8a3b67a507c41afa93c04
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0a3c811c84c0731bb691dd1c2f51d932
+        SHA1: 9cfe5fdbdd41c4d4e026a588fc8df412cc4620fc
+        SHA256: c025ec72d4b8297ee2e0fac7747f39d256aad26fbf0554e3729e3e381bc6ea86
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-06-27 23:49:37'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - DbgPrint
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _vsnwprintf
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - NTOSKRNL.EXE
+    InternalName: ''
+    MD5: 2f6cf948117cbd383315ebf070d27aa4
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5b4d8c2b8c149dbd5d949b7937d828d8
+        SHA1: 64d5063b776d4a59b8a8cbb7852d9afb61df93f5
+        SHA256: 2c1db2adc3c9d42ce0e0ded5b469406d8748cb851639f3826a5bc8120e7398ae
+    SHA1: 338679dfda8828c6aa98e0a5c9fa9e0a1fe9e9e8
+    SHA256: 29cf2d374d7afe009bbf60ba5f50db7016314de682cf3a6f90c0996810c821ef
+    Sections:
+        .text:
+            Entropy: 6.355989058358682
+            Virtual Size: '0x3d85'
+        .rdata:
+            Entropy: 4.2685062053422165
+            Virtual Size: '0x29c'
+        .data:
+            Entropy: 1.5672229185382367
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.415106162348945
+            Virtual Size: '0x5e8'
+        .reloc:
+            Entropy: 5.590213587032387
+            Virtual Size: '0x3ca'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2009-12-08 00:00:00'
+            ValidTo: '2013-01-04 23:59:59'
+            Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Version: 3
+            TBS:
+                MD5: dcd6726e69a9158dd03eb7deec112756
+                SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
+                SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
+                SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: a9e02912a3b2915e7bd0d33d49adc21e
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0c8ced073b358dbd77b932d76929685b
+        SHA1: f96942de94a05f1ee53f49ca4e806790c0aa780e
+        SHA256: 5f4b06327ffbec2a59725a57c357daf54ea2f58aef5dc7ff3f5370168af09fb0
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-06-27 23:49:43'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - DbgPrint
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: e6ed15980616aa706bf85e6f256d2ebe
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fb793a110cd04a70e63e24ded69cda69
+        SHA1: 295f35683dd5b0da34dbacd59ee8ce840aa013f0
+        SHA256: 9ff3c3e172cdf69134a6728f7031a6c1d17cdfe2548037099ba7ea2703b99cf7
+    SHA1: b589662db0d96993cd83e97b11e9238d3d70dc2d
+    SHA256: e41d4fd99252fcf9aea529b6e148b311aa26a4ab04f6b79cce4cd19c61db0c87
+    Sections:
+        .text:
+            Entropy: 6.217525540626368
+            Virtual Size: '0x51c6'
+        .rdata:
+            Entropy: 4.819949617753762
+            Virtual Size: '0x588'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.229977191275536
+            Virtual Size: '0x234'
+        INIT:
+            Entropy: 5.159128460560333
+            Virtual Size: '0x64c'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2009-12-08 00:00:00'
+            ValidTo: '2013-01-04 23:59:59'
+            Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Version: 3
+            TBS:
+                MD5: dcd6726e69a9158dd03eb7deec112756
+                SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
+                SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
+                SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 711b758670a45a9eda505018717c0966
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d865b8b11ee0f2ddc9095e3249015abf
+        SHA1: 0aa57861ba15db6dc026c87f503fbe9635a29629
+        SHA256: 14e6f0d5f93dc52471af549de1c91c1fc1d9dbd175d5932c17e58e6b186694c9
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:40:47'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - DbgPrint
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - _wcsnicmp
+    - IoCreateSymbolicLink
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _vsnwprintf
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - NTOSKRNL.EXE
+    InternalName: IObitUnlocker.sys
+    MD5: 9c14315e086882e89a01c9700c4b5530
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 45e8197e8972ce1575cb59ba47bbca6b
+        SHA1: 1c05376b51b700befeedb5e91c2b046898e5e955
+        SHA256: 613e1f251c62380c70363a484341431d05279fd28749c36173025f0a7108e138
+    SHA1: 2446597bd4fd1f67657425310bec5db5614a8616
+    SHA256: 0209934453e9ce60b1a5e4b85412e6faf29127987505bfb1185fc9296c578b09
+    Sections:
+        .text:
+            Entropy: 6.352640579869565
+            Virtual Size: '0x3d9c'
+        .rdata:
+            Entropy: 4.184352632111533
+            Virtual Size: '0x29c'
+        .data:
+            Entropy: 1.5672229185382367
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.4156598647971395
+            Virtual Size: '0x5e8'
+        .rsrc:
+            Entropy: 3.287732512533589
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 5.526376244216933
+            Virtual Size: '0x3d6'
+    Signature: ''
+    Signatures: {}
+    Imphash: 51957e796400bc7de3cfa02db5a95bce
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d08742729d8b2acaf972fcea6df3bf09
+        SHA1: d7fe09f414ea3a9f2b979c6d883079f0ed563a4b
+        SHA256: 89d96210bf36a88acb14086c96e916b790d21b7adf81d0907c823ca2afbe0ce3
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:40:53'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: IObitUnlocker.sys
+    MD5: ad6ec006e29343c466f73bf47fe0caf3
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 772fe1b9794caabb89ee0b78335e3f98
+        SHA1: 877c7c33339b6359e6c366e9c4744b779f24f542
+        SHA256: aed7ad05867110783a74d2c2d4c7a0d2c84075f8a3626e45df6e8f021ea3f592
+    SHA1: 7f4bef1dbc56974f36c25e37b344213d144ffcb4
+    SHA256: d8096325bfe81b093dd522095b6153d9c4850ba2eaa790e12e7056ef160d0432
+    Sections:
+        .text:
+            Entropy: 6.210028479836042
+            Virtual Size: '0x5186'
+        .rdata:
+            Entropy: 4.788425060525102
+            Virtual Size: '0x584'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.165113468119247
+            Virtual Size: '0x234'
+        INIT:
+            Entropy: 5.162190008807952
+            Virtual Size: '0x64c'
+        .rsrc:
+            Entropy: 3.288590339240593
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 751c91ae91cb43aadaeaa1bb187c593a
+        SHA1: dd220acea885a954085e614b94da2b5bba5c0cc3
+        SHA256: e0aff24a54400fe9f86564b8ce9f874e7ff51e96085ff950baff05844cff2bd1
+    Company: IObit Information Technology
+    Copyright: "\xA9 IObit. All rights reserved."
+    CreationTimestamp: '2022-08-17 02:18:15'
+    Date: ''
+    Description: Unlocker Driver
+    ExportedFunctions: ''
+    FileVersion: 1.3.0.10
+    Filename: IObitUnlocker.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwCreateFile
+    - ExAllocatePool
+    - IoGetCurrentProcess
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ObOpenObjectByPointer
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - RtlAppendUnicodeToString
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - RtlAppendUnicodeStringToString
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - PsGetCurrentProcessId
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: IObitUnlocker.sys
+    MD5: 2391fb461b061d0e5fccb050d4af7941
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    Product: Unlocker
+    ProductVersion: 1.3.0.10
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 35ffa69ed506b3a5d24d6e9c10f88070
+        SHA1: a5d21268d58eebe7c8e0921d0079974d8541ffb7
+        SHA256: 7068185b0f6869fa20b8c64c2e6f2c3bedc161bc4118e602df47da640013cb62
+    SHA1: 7c6cad6a268230f6e08417d278dda4d66bb00d13
+    SHA256: f85cca4badff17d1aa90752153ccec77a68ad282b69e3985fdc4743eaea85004
+    Sections:
+        .text:
+            Entropy: 6.174805563267683
+            Virtual Size: '0x5976'
+        .rdata:
+            Entropy: 4.74536885813998
+            Virtual Size: '0x644'
+        .data:
+            Entropy: 0.8079955727472559
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.257735635509842
+            Virtual Size: '0x27c'
+        INIT:
+            Entropy: 5.202412460125397
+            Virtual Size: '0x72a'
+        .rsrc:
+            Entropy: 3.2596097351980737
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature:
+    - IObit CO., LTD
+    - DigiCert EV Code Signing CA
+    - DigiCert
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=Sichuan, ??=Wuhou District, Chengdu, ??=Private Organization,
+                serialNumber=91510107072412418F, C=CN, ST=Sichuan, L=Chengdu, O=IObit
+                CO., LTD, CN=IObit CO., LTD
+            ValidFrom: '2019-08-27 00:00:00'
+            ValidTo: '2022-08-30 12:00:00'
+            Signature: 89d53256ccf4b2e50a8e05d88de9ed33f6adde16e143a6f7f042ec4ed9220c7c4195b543ad1ae9c5ae5421f192140d62b28449c83a0c31759765c127fed77c447072976f2d5e8d44e07dafbbc5a0cea9e8020081c3f8a22a1519e53d8c69ff3ffbd7e090e92593a738b8bd6d583b27e5e797672294147fd1b8492683b1b3f202c3e0c571f9fad02d95f8204e054fa722ac42bf21e54ec1891942ab339f004ab57cb01838539bf5196fc1579e0add7c42206ff5e10bb0934b4a801fab12ed748a6a858af5c9601296ce6ca9b14b46f731a0485f49f142ab65dacb0103daaee13b2269f2c2b2d2bb2b04abe93642ecc988fa536170194acc1c73d48a781d3d5f0e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0d98f5df96c592c5b76bfde1cb823096
+            Version: 3
+            TBS:
+                MD5: d0ba095f2bdb679cea084b4106479484
+                SHA1: 80aba0ecbd2b71c84bc73ac42963bc9ce247a020
+                SHA256: a93f8b7111c3e2288e164e42131e2ad52867060479ade1f6e6b3124cde822cfa
+                SHA384: 8293c567ba382434adab5899693e47e5d6e06c0b9f3c158bf17675d5a1476627db51d00dc9573bf4b89412617e651ba6
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 0d98f5df96c592c5b76bfde1cb823096
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: b4627789883457d50964a248104cb4c2
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 979c3d1cb589639a129b4e4cec243e73
+        SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
+        SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:41:05'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: IObitUnlocker.sys
+    MD5: f58e9309d8251a3010ee022aa5a6e377
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
+        SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
+        SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
+    SHA1: 40cfe5793a25722aaf47388f8059af53e77a4b22
+    SHA256: b6ae324b84a4632cf690dd565954d64b205104fc3fa42181612c3f5b830579c6
+    Sections:
+        .text:
+            Entropy: 6.202075133120773
+            Virtual Size: '0x5186'
+        .rdata:
+            Entropy: 4.769811652238958
+            Virtual Size: '0x594'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.179297571785238
+            Virtual Size: '0x24c'
+        INIT:
+            Entropy: 5.2106778004138254
+            Virtual Size: '0x64c'
+        .rsrc:
+            Entropy: 3.288590339240593
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 979c3d1cb589639a129b4e4cec243e73
+        SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
+        SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:41:05'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: IObitUnlocker.sys
+    MD5: 3a3d54e49cae4b51f5231d3ae6724fcd
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
+        SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
+        SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
+    SHA1: 8d404be8d892e5a073eca1d872a5023014dd0b73
+    SHA256: d3e95b8d8cbb0c4c3bb78d929408b37fd3b8f305b6234f7f03954465d52454eb
+    Sections:
+        .text:
+            Entropy: 6.202075133120773
+            Virtual Size: '0x5186'
+        .rdata:
+            Entropy: 4.769811652238958
+            Virtual Size: '0x594'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.179297571785238
+            Virtual Size: '0x24c'
+        INIT:
+            Entropy: 5.2106778004138254
+            Virtual Size: '0x64c'
+        .rsrc:
+            Entropy: 3.288590339240593
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 979c3d1cb589639a129b4e4cec243e73
+        SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
+        SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:41:05'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: IObitUnlocker.sys
+    MD5: 57fdf2cc39a2865dd67dcf762d2c0b7f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
+        SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
+        SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
+    SHA1: 8628a983d81e5df59187d3272b509a5a8e12137a
+    SHA256: 5ea5f339b2e40dea57378626790ca7e9a82777aacdada5bc61ebb7d82043fa07
+    Sections:
+        .text:
+            Entropy: 6.202075133120773
+            Virtual Size: '0x5186'
+        .rdata:
+            Entropy: 4.769811652238958
+            Virtual Size: '0x594'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.179297571785238
+            Virtual Size: '0x24c'
+        INIT:
+            Entropy: 5.2106778004138254
+            Virtual Size: '0x64c'
+        .rsrc:
+            Entropy: 3.288590339240593
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures: {}
+    Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 910e58c2580f8eb3efacae948c39e947
+        SHA1: f96bc840dde4d24fcd3f2f4712fdb8143aeedf99
+        SHA256: 198a4dc1c4bd7eff31ff4d1952a592170b25bfb5fedcd9d5d4c4fd3707337e42
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:40:56'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - DbgPrint
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - _wcsnicmp
+    - ExFreePoolWithTag
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _vsnwprintf
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: IObitUnlocker.sys
+    MD5: 98eaed36ba245047410a19c191cd1a69
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5ed41271591cfd1188e26860c867cd71
+        SHA1: 5659e97f0a3d6b4b5cc6db7922ce3b1a5d2a2d62
+        SHA256: 96f9617c2e249fd97c13b33fc62066abc19a3dfc63913f8b7f680423c7d80e63
+    SHA1: e1aa2dcd6702f26c14805bb117acfb4a99b9d673
+    SHA256: 969f73a1da331e43777a3c1f08ec0734e7cf8c8136e5d469cbad8035fbfe3b47
+    Sections:
+        .text:
+            Entropy: 6.315433318536223
+            Virtual Size: '0x3d80'
+        .rdata:
+            Entropy: 4.189271224540514
+            Virtual Size: '0x28c'
+        .data:
+            Entropy: 1.5279258901075148
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.418516536382236
+            Virtual Size: '0x5c2'
+        .rsrc:
+            Entropy: 3.287732512533589
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 5.472046791762154
+            Virtual Size: '0x3f6'
+    Signature: ''
+    Signatures: {}
+    Imphash: df732a700824119a3aa46e52712d50e1
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 910e58c2580f8eb3efacae948c39e947
+        SHA1: f96bc840dde4d24fcd3f2f4712fdb8143aeedf99
+        SHA256: 198a4dc1c4bd7eff31ff4d1952a592170b25bfb5fedcd9d5d4c4fd3707337e42
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:40:56'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - DbgPrint
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - _wcsnicmp
+    - ExFreePoolWithTag
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _vsnwprintf
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: IObitUnlocker.sys
+    MD5: 3a41edc1dda049a1b8aa411f728831e0
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5ed41271591cfd1188e26860c867cd71
+        SHA1: 5659e97f0a3d6b4b5cc6db7922ce3b1a5d2a2d62
+        SHA256: 96f9617c2e249fd97c13b33fc62066abc19a3dfc63913f8b7f680423c7d80e63
+    SHA1: abc5bbd11f26232bab2a68ecbff3cbb05f59701b
+    SHA256: 507724d96a54f3e45c16a065bf38ae82a9b80d07096a461068a701cae0c1cf29
+    Sections:
+        .text:
+            Entropy: 6.315433318536223
+            Virtual Size: '0x3d80'
+        .rdata:
+            Entropy: 4.189271224540514
+            Virtual Size: '0x28c'
+        .data:
+            Entropy: 1.5279258901075148
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.418516536382236
+            Virtual Size: '0x5c2'
+        .rsrc:
+            Entropy: 3.287732512533589
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 5.472046791762154
+            Virtual Size: '0x3f6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: df732a700824119a3aa46e52712d50e1
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d865b8b11ee0f2ddc9095e3249015abf
+        SHA1: 0aa57861ba15db6dc026c87f503fbe9635a29629
+        SHA256: 14e6f0d5f93dc52471af549de1c91c1fc1d9dbd175d5932c17e58e6b186694c9
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:40:47'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - DbgPrint
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - _wcsnicmp
+    - IoCreateSymbolicLink
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _vsnwprintf
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - NTOSKRNL.EXE
+    InternalName: IObitUnlocker.sys
+    MD5: 848690ca707b4850c967e3217f285fcc
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 45e8197e8972ce1575cb59ba47bbca6b
+        SHA1: 1c05376b51b700befeedb5e91c2b046898e5e955
+        SHA256: 613e1f251c62380c70363a484341431d05279fd28749c36173025f0a7108e138
+    SHA1: 9e8c4fea1f2bc9fce1e08a6e0a448e567b504f66
+    SHA256: b0dd55b4dc7e561dfe413b029673674e2a5381f5f4daede03ddf3484310a6e11
+    Sections:
+        .text:
+            Entropy: 6.352640579869565
+            Virtual Size: '0x3d9c'
+        .rdata:
+            Entropy: 4.184352632111533
+            Virtual Size: '0x29c'
+        .data:
+            Entropy: 1.5672229185382367
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.4156598647971395
+            Virtual Size: '0x5e8'
+        .rsrc:
+            Entropy: 3.287732512533589
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 5.526376244216933
+            Virtual Size: '0x3d6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 51957e796400bc7de3cfa02db5a95bce
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 979c3d1cb589639a129b4e4cec243e73
+        SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
+        SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:41:05'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: IObitUnlocker.sys
+    MD5: a8dd685a6afb748c9f487a139c9c367b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
+        SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
+        SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
+    SHA1: d032ad51c9d12e08709e7b31ea705585a52cbf23
+    SHA256: a92d2736c8cd99195a1ef4d0d9a3412bee481acf585944e3b5946b465361a3e7
+    Sections:
+        .text:
+            Entropy: 6.202075133120773
+            Virtual Size: '0x5186'
+        .rdata:
+            Entropy: 4.769811652238958
+            Virtual Size: '0x594'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.179297571785238
+            Virtual Size: '0x24c'
+        INIT:
+            Entropy: 5.2106778004138254
+            Virtual Size: '0x64c'
+        .rsrc:
+            Entropy: 3.288590339240593
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d865b8b11ee0f2ddc9095e3249015abf
+        SHA1: 0aa57861ba15db6dc026c87f503fbe9635a29629
+        SHA256: 14e6f0d5f93dc52471af549de1c91c1fc1d9dbd175d5932c17e58e6b186694c9
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:40:47'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - DbgPrint
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - _wcsnicmp
+    - IoCreateSymbolicLink
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _vsnwprintf
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - NTOSKRNL.EXE
+    InternalName: IObitUnlocker.sys
+    MD5: 501945a3f0055033edc64be09717eef2
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 45e8197e8972ce1575cb59ba47bbca6b
+        SHA1: 1c05376b51b700befeedb5e91c2b046898e5e955
+        SHA256: 613e1f251c62380c70363a484341431d05279fd28749c36173025f0a7108e138
+    SHA1: 373d015e5faa183edc164821f68f6bf172f8b364
+    SHA256: a38c26c0754f6c9389ea43dd0149db26b95742c1b37468fcf0d8ced66da1dcb9
+    Sections:
+        .text:
+            Entropy: 6.352640579869565
+            Virtual Size: '0x3d9c'
+        .rdata:
+            Entropy: 4.184352632111533
+            Virtual Size: '0x29c'
+        .data:
+            Entropy: 1.5672229185382367
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.4156598647971395
+            Virtual Size: '0x5e8'
+        .rsrc:
+            Entropy: 3.287732512533589
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 5.526376244216933
+            Virtual Size: '0x3d6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 51957e796400bc7de3cfa02db5a95bce
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d865b8b11ee0f2ddc9095e3249015abf
+        SHA1: 0aa57861ba15db6dc026c87f503fbe9635a29629
+        SHA256: 14e6f0d5f93dc52471af549de1c91c1fc1d9dbd175d5932c17e58e6b186694c9
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:40:47'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - DbgPrint
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - _wcsnicmp
+    - IoCreateSymbolicLink
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _vsnwprintf
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - NTOSKRNL.EXE
+    InternalName: IObitUnlocker.sys
+    MD5: 5cc5fc8ce149dca1d05fb47c0aec9497
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 45e8197e8972ce1575cb59ba47bbca6b
+        SHA1: 1c05376b51b700befeedb5e91c2b046898e5e955
+        SHA256: 613e1f251c62380c70363a484341431d05279fd28749c36173025f0a7108e138
+    SHA1: 14488a51c38e647c2347928f675a167acec8fbd6
+    SHA256: faa9aa7118ecf9bb6594281f6b582f1ced0cc62d5db09a2fbf9b7ce70c532285
+    Sections:
+        .text:
+            Entropy: 6.352640579869565
+            Virtual Size: '0x3d9c'
+        .rdata:
+            Entropy: 4.184352632111533
+            Virtual Size: '0x29c'
+        .data:
+            Entropy: 1.5672229185382367
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.4156598647971395
+            Virtual Size: '0x5e8'
+        .rsrc:
+            Entropy: 3.287732512533589
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 5.526376244216933
+            Virtual Size: '0x3d6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 51957e796400bc7de3cfa02db5a95bce
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d08742729d8b2acaf972fcea6df3bf09
+        SHA1: d7fe09f414ea3a9f2b979c6d883079f0ed563a4b
+        SHA256: 89d96210bf36a88acb14086c96e916b790d21b7adf81d0907c823ca2afbe0ce3
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:40:53'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: IObitUnlocker.sys
+    MD5: 3b967b644881ccb5a95f06e903d8b218
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 772fe1b9794caabb89ee0b78335e3f98
+        SHA1: 877c7c33339b6359e6c366e9c4744b779f24f542
+        SHA256: aed7ad05867110783a74d2c2d4c7a0d2c84075f8a3626e45df6e8f021ea3f592
+    SHA1: 3a97b4f93c69cbf25fa4c4696e44577524c3c9a0
+    SHA256: c2e1a3dd0dfb3477a3e855368b23d12b8818df8fa3bc3508abf069a0873d6bf8
+    Sections:
+        .text:
+            Entropy: 6.210028479836042
+            Virtual Size: '0x5186'
+        .rdata:
+            Entropy: 4.788425060525102
+            Virtual Size: '0x584'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.165113468119247
+            Virtual Size: '0x234'
+        INIT:
+            Entropy: 5.162190008807952
+            Virtual Size: '0x64c'
+        .rsrc:
+            Entropy: 3.288590339240593
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures: {}
+    Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 979c3d1cb589639a129b4e4cec243e73
+        SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
+        SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:41:05'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: IObitUnlocker.sys
+    MD5: d7b749051da5fb4604f4141f19c47660
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
+        SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
+        SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
+    SHA1: 288daefd1ce65fb01011dc8a64491111207d3965
+    SHA256: 2b33df9aff7cb99a782b252e8eb65ca49874a112986a1c49cd9971210597a8ae
+    Sections:
+        .text:
+            Entropy: 6.202075133120773
+            Virtual Size: '0x5186'
+        .rdata:
+            Entropy: 4.769811652238958
+            Virtual Size: '0x594'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.179297571785238
+            Virtual Size: '0x24c'
+        INIT:
+            Entropy: 5.2106778004138254
+            Virtual Size: '0x64c'
+        .rsrc:
+            Entropy: 3.288590339240593
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ''
+    MD5: 47aa03a10ac3a407f8f30f1088edcbc9
+    SHA1: b5d78a1d3ae93bd343c6d65e64c0945d1d558758
+    SHA256: c79a2bb050af6436b10b58ef04dbc7082df1513cec5934432004eb56fba05e66
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: IObit
+    Description: IObitUnlocker Driver
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.1
+    FileVersion: '1.2.0.1 built by: WinDDK'
+    MachineType: AMD64
+    OriginalFilename: IObitUnlocker.sys
+    Imphash: 878e0ad08d61b8eeabe5f33873401f2d
+    Authentihash:
+        MD5: 1ed0cb218c469ce7bb2917cde85fb4dd
+        SHA1: 5193f41b2787d16decf7d50891fde34dd1162f4f
+        SHA256: 3ee89c1e8738d465d241630ccca4ce218afc02421461e6de91e4dc8133e9501c
+    RichPEHeaderHash:
+        MD5: 87e7284a82caf3f9332dfaff2f515994
+        SHA1: ba095313dc4473516b91f8c36af612b7355c31d3
+        SHA256: 2b061aa8bc49bc9cce9ba24952a5e0e1a581f7d693db1aef26aa44049811beba
+    Sections:
+        .text:
+            Entropy: 5.405554072789149
+            Virtual Size: '0x7fed'
+        .rdata:
+            Entropy: 4.194087376463995
+            Virtual Size: '0x4e8'
+        .data:
+            Entropy: 0.8079955727472559
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.175415725903598
+            Virtual Size: '0x3a8'
+        INIT:
+            Entropy: 5.217151964086442
+            Virtual Size: '0x6e6'
+        .rsrc:
+            Entropy: 3.3103115449532003
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-06-15 00:26:50'
+    InternalName: IObitUnlocker.sys
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlAssert
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - RtlAppendUnicodeToString
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - ZwCreateFile
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - RtlAppendUnicodeStringToString
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - PsGetCurrentProcessId
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                CN=IObit Information Technology
+            ValidFrom: '2015-12-23 00:00:00'
+            ValidTo: '2018-03-23 23:59:59'
+            Signature: 1eca1dc77a22ba11722bcc6c270cd10fd37c3d8222397413c95649e8785fb1bdf1dc1469688cb7ab3bb4691243c5041b3e44994a21838069d3c272f8104ad6ddbba62a3f4383107e770135da9f63e0f8a10f873db3ca001e08cad9de3b93ffd2932c2709db34f8c08de22388abe76109d78fa23adce1c13b139ab1b0d5df60ff8c337f97d6c174fe4351c5eb1875c2e2633d49e5416074e3d3971e3c3afc6369d1f9294365b97a1676dbf3db4e99b8bce5f45374c29a2c7af48e2e55df3d7e299c0ffab20515d2cc8c6e1641880a5a266702b55549a537dd4c744f98ffcd4e28a98e953c905b78bd1739d4c16391f47bc5dd03473d6ffe9452ed41d899cd790f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 454a6cd2e1e63ca9d542dfdab518fed9
+            Version: 3
+            TBS:
+                MD5: dc758b37359f3efd673d2a20e9d65970
+                SHA1: b7293447deac1ede27c037804acf694e00262d28
+                SHA256: e1f3ec931d84ca3ebf315235e9d6b203c49b53cc2fea8a3317a7f5d9717be934
+                SHA384: e14f9b9f001c64204054a84fde7d18b84f217cf42bd19d30ef1b26d399adc01a17d031f763a981ba99539d80ac8b1abe
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 454a6cd2e1e63ca9d542dfdab518fed9
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+- Filename: IObitUnlocker.sys
+  SHA256: 2ba404c50684d59b701959a1732617dec6a6a25c8005294c0d2b3822b38479a4
+  MD5: 85def55323cfc4a04a270127a20f4d2c
+  SHA1: 0e6ef35f6f68be6d72e4a225494c02557d39cacc
+  Imphash: 1dcbb2cd7749f70f37329cb3e15406f8
   Authentihash:
-    MD5: 1ed0cb218c469ce7bb2917cde85fb4dd
-    SHA1: 5193f41b2787d16decf7d50891fde34dd1162f4f
-    SHA256: 3ee89c1e8738d465d241630ccca4ce218afc02421461e6de91e4dc8133e9501c
+    MD5: 155f7930fae72378e7efe52ba679b69a
+    SHA1: d389fa80da574506516aa49b70a8be946744edbc
+    SHA256: e35d11538406dd03ac93236be37c16b2da3ad1d38fb59b70b85c484804546b6d
   RichPEHeaderHash:
-    MD5: 87e7284a82caf3f9332dfaff2f515994
-    SHA1: ba095313dc4473516b91f8c36af612b7355c31d3
-    SHA256: 2b061aa8bc49bc9cce9ba24952a5e0e1a581f7d693db1aef26aa44049811beba
+    MD5: 4bced431c6abb303e6bb74e69153fc03
+    SHA1: 3662ab731022d9217b1af69a69c114660492ba31
+    SHA256: 9a3bd07ed6821b4b33ef5c86f3e848d811b60341711a54c3ef6323c6868756f4
   Sections:
     .text:
-      Entropy: 5.405554072789149
-      Virtual Size: '0x7fed'
+      Entropy: 6.175954592086079
+      Virtual Size: '0x5586'
     .rdata:
-      Entropy: 4.194087376463995
-      Virtual Size: '0x4e8'
+      Entropy: 4.78340156437448
+      Virtual Size: '0x5f4'
     .data:
-      Entropy: 0.8079955727472559
+      Entropy: 0.8079955727472564
       Virtual Size: '0x170'
     .pdata:
-      Entropy: 4.175415725903598
-      Virtual Size: '0x3a8'
+      Entropy: 4.231501285963187
+      Virtual Size: '0x258'
     INIT:
-      Entropy: 5.217151964086442
-      Virtual Size: '0x6e6'
+      Entropy: 5.20589742734384
+      Virtual Size: '0x6d2'
     .rsrc:
-      Entropy: 3.3103115449532003
-      Virtual Size: '0x370'
+      Entropy: 3.263395141973913
+      Virtual Size: '0x368'
     .reloc:
       Entropy: 1.2987909647818572
       Virtual Size: '0x24'
   MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-06-15 02:26:50'
+  CreationTimestamp: '2020-10-10 10:04:32'
+  Description: Unlocker Driver
+  Company: IObit Information Technology
   InternalName: IObitUnlocker.sys
-  Copyright: "IObit Copyright \xA9 2005-2013"
+  OriginalFilename: IObitUnlocker.sys
+  FileVersion: 1.2.0.2
+  Product: Unlocker
+  ProductVersion: 1.2.0.2
+  Copyright: "IObit Copyright \xA9 2005-2018"
+  MachineType: AMD64
   Imports:
   - ntoskrnl.exe
   ExportedFunctions: ''
@@ -4074,7 +4022,6 @@ KnownVulnerableSamples:
   - IofCompleteRequest
   - IoCreateSymbolicLink
   - IoCreateDevice
-  - RtlAssert
   - _wcsnicmp
   - ZwReadFile
   - IoGetRelatedDeviceObject
@@ -4125,95 +4072,51 @@ KnownVulnerableSamples:
   - CertificatesInfo: ''
     SignerInfo: ''
     Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+        EV Root CA
+      ValidFrom: '2011-04-15 19:45:33'
+      ValidTo: '2021-04-15 19:55:33'
+      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
       SignatureAlgorithmOID: 1.2.840.113549.1.1.5
       IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+      SerialNumber: 61204db4000000000027
       Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
       TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+    - Subject: ??=CN, ??=Sichuan, ??=Wuhou District, Chengdu, ??=Private Organization,
+        serialNumber=91510107072412418F, C=CN, ST=Sichuan, L=Chengdu, O=IObit CO.,
+        LTD, CN=IObit CO., LTD
+      ValidFrom: '2019-08-27 00:00:00'
+      ValidTo: '2022-08-30 12:00:00'
+      Signature: 89d53256ccf4b2e50a8e05d88de9ed33f6adde16e143a6f7f042ec4ed9220c7c4195b543ad1ae9c5ae5421f192140d62b28449c83a0c31759765c127fed77c447072976f2d5e8d44e07dafbbc5a0cea9e8020081c3f8a22a1519e53d8c69ff3ffbd7e090e92593a738b8bd6d583b27e5e797672294147fd1b8492683b1b3f202c3e0c571f9fad02d95f8204e054fa722ac42bf21e54ec1891942ab339f004ab57cb01838539bf5196fc1579e0add7c42206ff5e10bb0934b4a801fab12ed748a6a858af5c9601296ce6ca9b14b46f731a0485f49f142ab65dacb0103daaee13b2269f2c2b2d2bb2b04abe93642ecc988fa536170194acc1c73d48a781d3d5f0e
       SignatureAlgorithmOID: 1.2.840.113549.1.1.5
       IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, CN=IObit
-        Information Technology
-      ValidFrom: '2015-12-23 00:00:00'
-      ValidTo: '2018-03-23 23:59:59'
-      Signature: 1eca1dc77a22ba11722bcc6c270cd10fd37c3d8222397413c95649e8785fb1bdf1dc1469688cb7ab3bb4691243c5041b3e44994a21838069d3c272f8104ad6ddbba62a3f4383107e770135da9f63e0f8a10f873db3ca001e08cad9de3b93ffd2932c2709db34f8c08de22388abe76109d78fa23adce1c13b139ab1b0d5df60ff8c337f97d6c174fe4351c5eb1875c2e2633d49e5416074e3d3971e3c3afc6369d1f9294365b97a1676dbf3db4e99b8bce5f45374c29a2c7af48e2e55df3d7e299c0ffab20515d2cc8c6e1641880a5a266702b55549a537dd4c744f98ffcd4e28a98e953c905b78bd1739d4c16391f47bc5dd03473d6ffe9452ed41d899cd790f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 454a6cd2e1e63ca9d542dfdab518fed9
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: dc758b37359f3efd673d2a20e9d65970
-        SHA1: b7293447deac1ede27c037804acf694e00262d28
-        SHA256: e1f3ec931d84ca3ebf315235e9d6b203c49b53cc2fea8a3317a7f5d9717be934
-        SHA384: e14f9b9f001c64204054a84fde7d18b84f217cf42bd19d30ef1b26d399adc01a17d031f763a981ba99539d80ac8b1abe
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+      SerialNumber: 0d98f5df96c592c5b76bfde1cb823096
       Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
       TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+        MD5: d0ba095f2bdb679cea084b4106479484
+        SHA1: 80aba0ecbd2b71c84bc73ac42963bc9ce247a020
+        SHA256: a93f8b7111c3e2288e164e42131e2ad52867060479ade1f6e6b3124cde822cfa
+        SHA384: 8293c567ba382434adab5899693e47e5d6e06c0b9f3c158bf17675d5a1476627db51d00dc9573bf4b89412617e651ba6
+    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
+        CA
+      ValidFrom: '2012-04-18 12:00:00'
+      ValidTo: '2027-04-18 12:00:00'
+      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
       SignatureAlgorithmOID: 1.2.840.113549.1.1.5
       IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
+      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
       Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
       TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        MD5: f92649915476229b093c211c2b18e6c4
+        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
     Signer:
-    - SerialNumber: 454a6cd2e1e63ca9d542dfdab518fed9
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
+    - SerialNumber: 0d98f5df96c592c5b76bfde1cb823096
+      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
+        CA
+      Version: 1
\ No newline at end of file
diff --git a/yaml/e5f12b82-8d07-474e-9587-8c7b3714d60c.yaml b/yaml/e5f12b82-8d07-474e-9587-8c7b3714d60c.yaml
index 549517c23..1c6756e2a 100644
--- a/yaml/e5f12b82-8d07-474e-9587-8c7b3714d60c.yaml
+++ b/yaml/e5f12b82-8d07-474e-9587-8c7b3714d60c.yaml
@@ -38,2919 +38,3063 @@ Acknowledgement:
   Person: ''
   Handle: ''
 KnownVulnerableSamples:
-- Filename: zam64.sys
-  MD5: 2a3ce41bb2a7894d939fbd1b20dae5a0
-  SHA1: cd248648eafca6ef77c1b76237a6482f449f13be
-  SHA256: 2bbc6b9dd5e6d0327250b32305be20c89b19b56d33a096522ee33f22d8c82ff1
-  Authentihash:
-    MD5: 689e0587c7821c19c711424fa619dbad
-    SHA1: b9b230bb66c82e15f563ac0873a3a1db25995064
-    SHA256: 1997b7217dfddd8fbd4924e86b58fe585ef4bd91c3069d3deeb34ea70eb82d60
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ZAM
-  ProductVersion: 2.18.371
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwClose
-  - RtlUpperString
-  - RtlUpcaseUnicodeString
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - PsGetProcessImageFileName
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - strchr
-  - RtlAppendUnicodeToString
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - PsGetCurrentThreadId
-  - ZwDeleteFile
-  - _vsnprintf
-  - PsThreadType
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - ZwCreateFile
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ZwQuerySystemInformation
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlSetDaclSecurityDescriptor
-  - PsGetProcessId
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - PsGetProcessSectionBaseAddress
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ProbeForRead
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - wcsstr
-  - IoCreateFileSpecifyDeviceObjectHint
-  - strstr
-  - FltSendMessage
-  - FltCloseCommunicationPort
-  - FltCreateCommunicationPort
-  - FltStartFiltering
-  - FltUnregisterFilter
-  - FltRegisterFilter
-  - FltBuildDefaultSecurityDescriptor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 5e737552d7162062a00f6f22da1133c4
-    SHA1: 4b43c25befb85e28d65bac423a06403c6043fd79
-    SHA256: b53db7580900ee00aaed432b8a5b36169f820f16bbf6d85d34ef641b1e5bfdcb
-  Sections:
-    .text:
-      Entropy: 6.311575029098583
-      Virtual Size: '0x20975'
-    .hook:
-      Entropy: 5.097466333253085
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.539147413432647
-      Virtual Size: '0x463c'
-    .data:
-      Entropy: 4.8888094657184
-      Virtual Size: '0x53c88'
-    .pdata:
-      Entropy: 5.125727272335482
-      Virtual Size: '0x84c'
-    INIT:
-      Entropy: 5.341472095080265
-      Virtual Size: '0xf2e'
-    .rsrc:
-      Entropy: 3.1200681658662868
-      Virtual Size: '0x270'
-    .reloc:
-      Entropy: 4.004251703727133
-      Virtual Size: '0x58'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-11-20 18:27:25'
-  Imphash: b35d1d3faa6c97b106b343823d5df867
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zam64.sys
-  MD5: db46c56849bbce9a55a03283efc8c280
-  SHA1: 8f4b79b8026da7f966d38a8ba494c113c5e3894b
-  SHA256: 3c18ae965fba56d09a65770b4d8da54ccd7801f979d3ebd283397bc99646004b
-  Authentihash:
-    MD5: a7d940958aa06308dfb68ed67e6ae18c
-    SHA1: ddb4d31681eb2e8e95aa33b78d454b29542d2a98
-    SHA256: ab1290211250af83be645072d346693890f3f29feda5a3a23ea97758247f7ba1
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ZAM
-  ProductVersion: 2.16.928
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ObfDereferenceObject
-  - ZwCreateFile
-  - ZwClose
-  - RtlUpperString
-  - RtlUpcaseUnicodeString
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - DbgPrint
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - ObReferenceObjectByHandle
-  - FsRtlGetFileSize
-  - ZwDeleteFile
-  - ZwQuerySystemInformation
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - PsGetProcessId
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - ProbeForRead
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - wcsstr
-  - IoGetDeviceAttachmentBaseRef
-  - strstr
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ae5755ef6edfaf47c756c813503d9491
-    SHA1: 12e5b706039cb80653dac2ed809faf430e392b64
-    SHA256: 9cb52aae7fdcaabee6e2e9b8640a4a386e7610f0fdedd53413fd1a9d1e7c044b
-  Sections:
-    .text:
-      Entropy: 6.394396532876167
-      Virtual Size: '0xb374'
-    .hook:
-      Entropy: 5.038393262108047
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.496538814940608
-      Virtual Size: '0x4354'
-    .data:
-      Entropy: 4.885486089888766
-      Virtual Size: '0x95b0'
-    .pdata:
-      Entropy: 4.837204199996544
-      Virtual Size: '0x774'
-    INIT:
-      Entropy: 5.364871219090765
-      Virtual Size: '0xcea'
-    .rsrc:
-      Entropy: 3.1167029968436752
-      Virtual Size: '0x270'
-    .reloc:
-      Entropy: 4.005527221234636
-      Virtual Size: '0x5c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-07-23 07:10:50'
-  Imphash: 7fba20994f76fb31b9f5a2b3f0c00055
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zamguard64.sys
-  MD5: 99c131567c10c25589e741e69a8f8aa3
-  SHA1: 3b8ddf860861cc4040dea2d2d09f80582547d105
-  SHA256: 45f42c5d874369d6be270ea27a5511efcca512aeac7977f83a51b7c4dee6b5ef
-  Authentihash:
-    MD5: 38757cf8a65976f362f287c3e94f8c1b
-    SHA1: 87cdb7698822d92a070b83b732fffa0ea99e34a2
-    SHA256: 950b672d3300bcacefe568156fbc8b16fa09da13df2f6ecda31254faaaf041f9
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ZAM
-  ProductVersion: 2.20.865
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - FsRtlIsNameInExpression
-  - PsGetProcessImageFileName
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - strchr
-  - RtlAppendUnicodeToString
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - PsGetCurrentThreadId
-  - ZwDeleteFile
-  - _vsnprintf
-  - PsThreadType
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ObQueryNameString
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlSetDaclSecurityDescriptor
-  - MmMapLockedPagesSpecifyCache
-  - PsGetProcessId
-  - IoThreadToProcess
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - PsGetProcessSectionBaseAddress
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - PsLookupProcessByProcessId
-  - ZwOpenProcess
-  - PsGetCurrentProcessId
-  - RtlUpcaseUnicodeString
-  - RtlUpperString
-  - ZwClose
-  - ZwCreateFile
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ProbeForRead
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - wcsstr
-  - ZwQuerySystemInformation
-  - strstr
-  - FltSendMessage
-  - FltCloseCommunicationPort
-  - FltCreateCommunicationPort
-  - FltReleaseContext
-  - FltGetStreamHandleContext
-  - FltSetStreamHandleContext
-  - FltAllocateContext
-  - FltCancelFileOpen
-  - FltQueryInformationFile
-  - FltReadFile
-  - FltParseFileNameInformation
-  - FltReleaseFileNameInformation
-  - FltGetFileNameInformation
-  - FltFreePoolAlignedWithTag
-  - FltAllocatePoolAlignedWithTag
-  - FltStartFiltering
-  - FltUnregisterFilter
-  - FltRegisterFilter
-  - FltBuildDefaultSecurityDescriptor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c0210f91c028886456549a7aa78f8147
-    SHA1: ea5478898d988d1bfa1287940ad74e5445f80a8d
-    SHA256: 820b53e3b20277040944a1286a3f401ca8fb24b4f93535dc570e2261632e2f26
-  Sections:
-    .text:
-      Entropy: 6.318184968025881
-      Virtual Size: '0x217a5'
-    .hook:
-      Entropy: 5.11576244605271
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.528539978421143
-      Virtual Size: '0x4744'
-    .data:
-      Entropy: 4.888903009535537
-      Virtual Size: '0x53c88'
-    .pdata:
-      Entropy: 5.14656609792469
-      Virtual Size: '0x8d0'
-    INIT:
-      Entropy: 5.334266463396646
-      Virtual Size: '0x1106'
-    .rsrc:
-      Entropy: 3.1014865335947537
-      Virtual Size: '0x270'
-    .reloc:
-      Entropy: 4.064239284774715
-      Virtual Size: '0x60'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-05-24 05:38:42'
-  Imphash: 3edc60bda68569cac7ad7604728ff40d
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zam64.sys
-  MD5: e5f8fcdfb52155ed4dffd8a205b3d091
-  SHA1: 90abd7670c84c47e6ffc45c67d676db8c12b1939
-  SHA256: 76614f2e372f33100a8d92bf372cdbc1e183930ca747eed0b0cf2501293b990a
-  Authentihash:
-    MD5: ad2c4382390a8740dcea8b0aef5552c2
-    SHA1: 0740faffcb163f4c8cd204c367b9492f2e361207
-    SHA256: b529550e8d2ec6133be50d7139179654301ff84ba09da0cd256c5dec924a185c
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ZAM
-  ProductVersion: 2.18.229
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwClose
-  - RtlUpperString
-  - RtlUpcaseUnicodeString
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - PsGetProcessImageFileName
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - strchr
-  - RtlAppendUnicodeToString
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - PsGetCurrentThreadId
-  - ZwDeleteFile
-  - _vsnprintf
-  - PsThreadType
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwOpenSymbolicLinkObject
-  - ZwCreateFile
-  - IoCreateFileSpecifyDeviceObjectHint
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ZwQuerySystemInformation
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlSetDaclSecurityDescriptor
-  - PsGetProcessId
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ProbeForRead
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - wcsstr
-  - ZwQuerySymbolicLinkObject
-  - strstr
-  - FltSendMessage
-  - FltCloseCommunicationPort
-  - FltCreateCommunicationPort
-  - FltStartFiltering
-  - FltUnregisterFilter
-  - FltRegisterFilter
-  - FltBuildDefaultSecurityDescriptor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 9b5178d71a0cb5373b4990094392a528
-    SHA1: 155e20603f42078857e8d77b8729385f21b38222
-    SHA256: 20fee3293ed1f05bc11ae72145db01fabac5b03a5373d99becc657699f98b330
-  Sections:
-    .text:
-      Entropy: 6.311766074951009
-      Virtual Size: '0x20925'
-    .hook:
-      Entropy: 5.1040723684174
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.537965882188229
-      Virtual Size: '0x464c'
-    .data:
-      Entropy: 4.8888094657184
-      Virtual Size: '0x53c88'
-    .pdata:
-      Entropy: 5.128533673234583
-      Virtual Size: '0x84c'
-    INIT:
-      Entropy: 5.3440427741633085
-      Virtual Size: '0xf04'
-    .rsrc:
-      Entropy: 3.11127988172195
-      Virtual Size: '0x270'
-    .reloc:
-      Entropy: 4.004251703727133
-      Virtual Size: '0x58'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-11-03 09:00:59'
-  Imphash: c6a0f65ba653ee78255cc9e314abc442
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zam64.sys
-  MD5: 707ab1170389eba44ffd4cfad01b5969
-  SHA1: b99a5396094b6b20cea72fbf0c0083030155f74e
-  SHA256: 7cb594af6a3655daebc9fad9c8abf2417b00ba31dcd118707824e5316fc0cc21
-  Authentihash:
-    MD5: fb3161dd2e402cfdd3495278974f4181
-    SHA1: 9c7deb9def09bca28c37211992c76880f575b9ef
-    SHA256: a59ad5be59f73f2a138c70d8aa634bf5f3364a67e072b64ff2a6d4627514a9ad
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: 3.0.0.000
-  Product: ZAM
-  ProductVersion: 3.0.0.000
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - FsRtlIsNameInExpression
-  - PsGetProcessImageFileName
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - strchr
-  - RtlAppendUnicodeToString
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - PsGetCurrentThreadId
-  - ZwDeleteFile
-  - _vsnprintf
-  - PsThreadType
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ObQueryNameString
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlSetDaclSecurityDescriptor
-  - MmMapLockedPagesSpecifyCache
-  - PsGetProcessId
-  - IoThreadToProcess
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - PsGetProcessSectionBaseAddress
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - PsLookupProcessByProcessId
-  - ZwOpenProcess
-  - PsGetCurrentProcessId
-  - RtlUpcaseUnicodeString
-  - RtlUpperString
-  - ZwClose
-  - ZwCreateFile
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ProbeForRead
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - wcsstr
-  - ZwQuerySystemInformation
-  - strstr
-  - FltSendMessage
-  - FltCloseCommunicationPort
-  - FltCreateCommunicationPort
-  - FltReleaseContext
-  - FltGetStreamHandleContext
-  - FltSetStreamHandleContext
-  - FltAllocateContext
-  - FltCancelFileOpen
-  - FltQueryInformationFile
-  - FltReadFile
-  - FltParseFileNameInformation
-  - FltReleaseFileNameInformation
-  - FltGetFileNameInformation
-  - FltFreePoolAlignedWithTag
-  - FltAllocatePoolAlignedWithTag
-  - FltStartFiltering
-  - FltUnregisterFilter
-  - FltRegisterFilter
-  - FltBuildDefaultSecurityDescriptor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:07'
-      ValidTo: '2023-06-01 18:08:07'
-      Signature: 4c967b89d7f96aa22dbaa9eee6cdc8dad16669620cd9c5c84bf3ca1ec4eaa4a67df9fafb84ba75fcec635f0a3d484541d890d65542406e5792504ecb8fd428068837b11d8e9d4cdb503608d0842dea48428247b46364746dc86b79cdc3379acb229e67b749ed31d3c6bcc88624bff3e066355d59b7ef9e715d3c3270506d1e794959edd8df2572505c15876ac0f42ed0d05f70214f50fb109627ab192b217d6a2bf503fe35811f6ffcf0585ae508c37589dc8015eea615f36ea2f1105c0f677a6758cb4898b57458cab4fc2e1c60f8af32baf51cb41b775e79815713693db878a935b1fb8232232310bba545e57c74d63a406968c36818974ea1e425839b83e81c94897f1b896d2974e32ff5a47f8bcefdebfde84a4d01c5918bf98aececb8edb2ef9dc697054676a10c04313f3a131469c978f2e7839f11a28e436936cc07e227fd705becbb54ba67c2eeaaa025658811de22f37e4ce51109c10ed94a65583cc4e4024432cedf41b3b18b175360b1f4e12a0cc9d562e7fabd80bacb78a74e9262a9a46c3d0a7757f71e4202522cb70d9591c77e1a4b0ca24739a9cef78f7d2fb376c4cf56a35b58deb7dba458bee058254bc3883ba356c79f458815e3bbcac600b063594db47ffdbb215783bf5c38c74a1fc6271a093aab79b4cf253c14b1eeb89f9c607d7956203166fa4420482b52ab4f3bd3f0e6bda4a13a018f0ecdb0a0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000058e7c589c068dca727000000000058
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: d83c9268bb1f35e4ea0f81b7b876b4f8
-        SHA1: 6a784e02bf67f5791a85567716aa2d0fd701fcd0
-        SHA256: 00dab92fcb3753ac06147a6d8888b5731877d84979e3f178f572e3a1dff33fa8
-        SHA384: 75264b08d0862968698b184e6049337dbb3ddaab64c4cb71aaa8b990f10bc8b8660e2b1044da616784559b92f6b45280
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000058e7c589c068dca727000000000058
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c0210f91c028886456549a7aa78f8147
-    SHA1: ea5478898d988d1bfa1287940ad74e5445f80a8d
-    SHA256: 820b53e3b20277040944a1286a3f401ca8fb24b4f93535dc570e2261632e2f26
-  Sections:
-    .text:
-      Entropy: 6.31806175189807
-      Virtual Size: '0x217b5'
-    .hook:
-      Entropy: 5.11599521430575
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.529476686216564
-      Virtual Size: '0x4744'
-    .data:
-      Entropy: 4.888903009535537
-      Virtual Size: '0x53c88'
-    .pdata:
-      Entropy: 5.138271966562841
-      Virtual Size: '0x8d0'
-    INIT:
-      Entropy: 5.334070329167121
-      Virtual Size: '0x1106'
-    .rsrc:
-      Entropy: 3.1501576835148613
-      Virtual Size: '0x298'
-    .reloc:
-      Entropy: 4.064239284774715
-      Virtual Size: '0x60'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-08-17 13:06:53'
-  Imphash: 3edc60bda68569cac7ad7604728ff40d
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: zam64.sys
-  MD5: 9e0659d443a2b9d1afc75a160f500605
-  SHA1: 09f117d83f2f206ee37f1eb19eea576a0ac9bdcc
-  SHA256: 8fe9828bea83adc8b1429394db7a556a17f79846ad0bfb7f242084a5c96edf2a
-  Authentihash:
-    MD5: 536527a09edbc7e8c174f7f7423a79a1
-    SHA1: 60d4d82640d4550c3e2cfba69f00b5c7472e4926
-    SHA256: dcf9bc1e511993fd8c87b8cab5c23366cc818cccc40617cabc8f242d4a8751d7
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ZAM
-  ProductVersion: 2.17.115
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ObfDereferenceObject
-  - ZwCreateFile
-  - ZwClose
-  - RtlUpperString
-  - RtlUpcaseUnicodeString
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - DbgPrint
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - ObReferenceObjectByHandle
-  - FsRtlGetFileSize
-  - ZwDeleteFile
-  - ZwQuerySystemInformation
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - PsGetProcessId
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - ProbeForRead
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - wcsstr
-  - IoGetDeviceAttachmentBaseRef
-  - strstr
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ae5755ef6edfaf47c756c813503d9491
-    SHA1: 12e5b706039cb80653dac2ed809faf430e392b64
-    SHA256: 9cb52aae7fdcaabee6e2e9b8640a4a386e7610f0fdedd53413fd1a9d1e7c044b
-  Sections:
-    .text:
-      Entropy: 6.39444173923497
-      Virtual Size: '0xb374'
-    .hook:
-      Entropy: 5.038393262108047
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.49649919697251
-      Virtual Size: '0x4354'
-    .data:
-      Entropy: 4.885486089888766
-      Virtual Size: '0x95b0'
-    .pdata:
-      Entropy: 4.837204199996544
-      Virtual Size: '0x774'
-    INIT:
-      Entropy: 5.364871219090765
-      Virtual Size: '0xcea'
-    .rsrc:
-      Entropy: 3.1027914592928436
-      Virtual Size: '0x270'
-    .reloc:
-      Entropy: 4.005527221234636
-      Virtual Size: '0x5c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-08-30 08:52:48'
-  Imphash: 7fba20994f76fb31b9f5a2b3f0c00055
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zamguard64.sys
-  MD5: 51e7b58f6e9b776568ffbd4dd9972a60
-  SHA1: 2cf75df00c69d907cfe683cb25077015d05be65d
-  SHA256: 9a95a70f68144980f2d684e96c79bdc93ebca1587f46afae6962478631e85d0c
-  Authentihash:
-    MD5: e03436e22127cd75a132169b627e5a3f
-    SHA1: b8d8e15e952b3fd2a510699d2124253565ecd611
-    SHA256: 082adcdc2d246d2291bcf135a7519840a84f27cfa3143d1372a9e2aa5e514dbd
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ZAM
-  ProductVersion: 2.16.287
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strstr
-  - wcsstr
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - RtlGetVersion
-  - KeDelayExecutionThread
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ProbeForRead
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwCreateFile
-  - ZwClose
-  - RtlUpperString
-  - RtlUpcaseUnicodeString
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - DbgPrint
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ZwDeleteFile
-  - ZwQuerySystemInformation
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - PsGetProcessId
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e0c0e404602172aa48774d25d95566a0
-    SHA1: 0063132555d9e0100f871f754fde426fbd9ad317
-    SHA256: abed6bb7959144a794ce1a624a4c333b89d73ac622d253fca9f3aab4a3505783
-  Sections:
-    .text:
-      Entropy: 6.385878636968825
-      Virtual Size: '0xb224'
-    .hook:
-      Entropy: 5.044794310603694
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.531467293507371
-      Virtual Size: '0x41d4'
-    .data:
-      Entropy: 4.886572228837024
-      Virtual Size: '0x8f58'
-    .pdata:
-      Entropy: 4.807436318496407
-      Virtual Size: '0x75c'
-    INIT:
-      Entropy: 5.3696053533373425
-      Virtual Size: '0xcea'
-    .rsrc:
-      Entropy: 3.1111150668737135
-      Virtual Size: '0x270'
-    .reloc:
-      Entropy: 3.8191100346914766
-      Virtual Size: '0x54'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-06-30 09:29:29'
-  Imphash: 0e9dfd08346bbe128159bff440d13389
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zamguard32.sys
-  MD5: 06897b431c07886454e0681723dd53e6
-  SHA1: 40d29aa7b3fafd27c8b27c7ca7a3089ccb88d69b
-  SHA256: ab2632a4d93a7f3b7598c06a9fdc773a1b1b69a7dd926bdb7cf578992628e9dd
-  Authentihash:
-    MD5: 4e0b0bd19c0f3c4a2a75e786474d9d06
-    SHA1: c5388c61135c7fe5617607206d663ac3eaef649c
-    SHA256: de99cea1cb680816afa10d2629a8067af1dc289d2d162a21b9dba71eb0e47745
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ZAM
-  ProductVersion: 2.21.63
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - FLTMGR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - _allmul
-  - strchr
-  - RtlAppendUnicodeToString
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - KeWaitForSingleObject
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - PsGetCurrentThreadId
-  - ZwDeleteFile
-  - _vsnprintf
-  - PsThreadType
-  - KeQuerySystemTime
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - KeGetCurrentThread
-  - RtlIntegerToUnicodeString
-  - RtlCompareMemory
-  - KeInitializeEvent
-  - KeSetEvent
-  - KefAcquireSpinLockAtDpcLevel
-  - KefReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ZwQuerySystemInformation
-  - IoFileObjectType
-  - ZwQueryInformationProcess
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlSetDaclSecurityDescriptor
-  - MmMapLockedPagesSpecifyCache
-  - PsGetProcessId
-  - IoThreadToProcess
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExfInterlockedInsertHeadList
-  - ExfInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - KeServiceDescriptorTable
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - PsGetProcessSectionBaseAddress
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - RtlUnwind
-  - PsGetProcessImageFileName
-  - FsRtlIsNameInExpression
-  - ObQueryNameString
-  - PsLookupProcessByProcessId
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - RtlUpcaseUnicodeString
-  - RtlUpperString
-  - ZwClose
-  - ZwCreateFile
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ProbeForRead
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - wcsstr
-  - strstr
-  - _aullshr
-  - memcpy
-  - KeReadStateEvent
-  - memset
-  - KfRaiseIrql
-  - KfLowerIrql
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - KeGetCurrentIrql
-  - FltSendMessage
-  - FltCloseCommunicationPort
-  - FltCreateCommunicationPort
-  - FltReleaseContext
-  - FltGetStreamHandleContext
-  - FltSetStreamHandleContext
-  - FltAllocateContext
-  - FltCancelFileOpen
-  - FltQueryInformationFile
-  - FltReadFile
-  - FltParseFileNameInformation
-  - FltReleaseFileNameInformation
-  - FltGetFileNameInformation
-  - FltFreePoolAlignedWithTag
-  - FltAllocatePoolAlignedWithTag
-  - FltStartFiltering
-  - FltUnregisterFilter
-  - FltRegisterFilter
-  - FltBuildDefaultSecurityDescriptor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: bf4174b7e1b1688fc834924419fb2346
-    SHA1: 829a54d3ecb838b80db5f3231a409664bff1b987
-    SHA256: da5b2c2f97975f75865da42c25ff8a3f10f02a2eb3f7a80ccb37de3f16118e12
-  Sections:
-    .text:
-      Entropy: 6.572668371587258
-      Virtual Size: '0x1b995'
-    .hook:
-      Entropy: 4.580963402374781
-      Virtual Size: '0x889'
-    .rdata:
-      Entropy: 5.467252707390709
-      Virtual Size: '0x3934'
-    .data:
-      Entropy: 4.880345457711278
-      Virtual Size: '0x3668c'
-    INIT:
-      Entropy: 5.638118044252383
-      Virtual Size: '0xf8c'
-    .rsrc:
-      Entropy: 3.132774613745373
-      Virtual Size: '0x268'
-    .reloc:
-      Entropy: 6.750936493564276
-      Virtual Size: '0x222c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-08-17 13:07:02'
-  Imphash: a49a51d7f2ae972483961eb64d17888e
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zam64.sys
-  MD5: d4a10447fdaff7a001715191c1f914b6
-  SHA1: 628e63caf72c29042e162f5f7570105d2108e3c2
-  SHA256: d7e091e0d478c34232e8479b950c5513077b3a69309885cee4c61063e5f74ac0
-  Authentihash:
-    MD5: 8ff959801623fcaf37f6fde89a4aeec1
-    SHA1: b24f8e34221cb7eaa5bed2f177f6701380a0e71f
-    SHA256: 1a166e70dcaf3ef12836db1927953ee528e532cdae8165e67d776971e4cbc48c
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: 2.11.1.510
-  Product: ZAM
-  ProductVersion: 2.11.1.510
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strstr
-  - wcsstr
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - RtlGetVersion
-  - KeDelayExecutionThread
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ProbeForRead
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwCreateFile
-  - ZwClose
-  - RtlUpperString
-  - RtlUpcaseUnicodeString
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - DbgPrint
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ZwDeleteFile
-  - ZwQuerySystemInformation
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - PsGetProcessId
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 03ecbde4b65b5fc87f13e1aac3284168
-    SHA1: 40790d40c391b7325d1843e2c39597720c8c4f69
-    SHA256: 86aa19cd5e2beaf013e66553b916cc39a8c456d7000e46bcfc4719eda41206b5
-  Sections:
-    .text:
-      Entropy: 6.391414310346214
-      Virtual Size: '0xaf64'
-    .hook:
-      Entropy: 5.064996868770916
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.536191925684008
-      Virtual Size: '0x414c'
-    .data:
-      Entropy: 4.88510732017845
-      Virtual Size: '0x8f58'
-    .pdata:
-      Entropy: 4.8352396491085745
-      Virtual Size: '0x720'
-    INIT:
-      Entropy: 5.371003736727007
-      Virtual Size: '0xcba'
-    .rsrc:
-      Entropy: 3.2000366091764283
-      Virtual Size: '0x2a8'
-    .reloc:
-      Entropy: 3.7715246176915187
-      Virtual Size: '0x54'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-05-12 09:14:11'
-  Imphash: 089e8a8f2bb007852c63b64e66430293
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zam64.sys
-  MD5: 75e50ae2e0f783e0caf912f45e15248a
-  SHA1: a3d612a5ea3439ba72157bd96e390070bdddbbf3
-  SHA256: de8f8006d8ee429b5f333503defa54b25447f4ed6aeade5e4219e23f3473ef1c
-  Authentihash:
-    MD5: cf4707d1cc2b1d1344058ac750e4e61e
-    SHA1: 3bd3de766013c31d87545bd7affd8e52c4e24f72
-    SHA256: e5316670c0bddc0519ef96b2db89285a8620a260429a97f9d2cf5b58b0287d91
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ZAM
-  ProductVersion: 2.20.104
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - FsRtlIsNameInExpression
-  - PsGetProcessImageFileName
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - strchr
-  - RtlAppendUnicodeToString
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - PsGetCurrentThreadId
-  - ZwDeleteFile
-  - _vsnprintf
-  - PsThreadType
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ObQueryNameString
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlSetDaclSecurityDescriptor
-  - MmMapLockedPagesSpecifyCache
-  - PsGetProcessId
-  - IoThreadToProcess
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - PsGetProcessSectionBaseAddress
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - PsLookupProcessByProcessId
-  - ZwOpenProcess
-  - PsGetCurrentProcessId
-  - RtlUpcaseUnicodeString
-  - RtlUpperString
-  - ZwClose
-  - ZwCreateFile
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ProbeForRead
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - wcsstr
-  - strstr
-  - ZwQuerySystemInformation
-  - DbgPrint
-  - FltSendMessage
-  - FltCloseCommunicationPort
-  - FltCreateCommunicationPort
-  - FltReleaseContext
-  - FltGetStreamHandleContext
-  - FltSetStreamHandleContext
-  - FltAllocateContext
-  - FltCancelFileOpen
-  - FltQueryInformationFile
-  - FltReadFile
-  - FltParseFileNameInformation
-  - FltReleaseFileNameInformation
-  - FltGetFileNameInformation
-  - FltFreePoolAlignedWithTag
-  - FltAllocatePoolAlignedWithTag
-  - FltStartFiltering
-  - FltUnregisterFilter
-  - FltRegisterFilter
-  - FltBuildDefaultSecurityDescriptor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
+-   Filename: zam64.sys
+    MD5: 2a3ce41bb2a7894d939fbd1b20dae5a0
+    SHA1: cd248648eafca6ef77c1b76237a6482f449f13be
+    SHA256: 2bbc6b9dd5e6d0327250b32305be20c89b19b56d33a096522ee33f22d8c82ff1
+    Authentihash:
+        MD5: 689e0587c7821c19c711424fa619dbad
+        SHA1: b9b230bb66c82e15f563ac0873a3a1db25995064
+        SHA256: 1997b7217dfddd8fbd4924e86b58fe585ef4bd91c3069d3deeb34ea70eb82d60
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ZAM
+    ProductVersion: 2.18.371
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwClose
+    - RtlUpperString
+    - RtlUpcaseUnicodeString
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - PsGetProcessImageFileName
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - strchr
+    - RtlAppendUnicodeToString
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - PsGetCurrentThreadId
+    - ZwDeleteFile
+    - _vsnprintf
+    - PsThreadType
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - ZwCreateFile
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ZwQuerySystemInformation
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlSetDaclSecurityDescriptor
+    - PsGetProcessId
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - PsGetProcessSectionBaseAddress
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - IoCreateFileSpecifyDeviceObjectHint
+    - strstr
+    - FltSendMessage
+    - FltCloseCommunicationPort
+    - FltCreateCommunicationPort
+    - FltStartFiltering
+    - FltUnregisterFilter
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 5e737552d7162062a00f6f22da1133c4
+        SHA1: 4b43c25befb85e28d65bac423a06403c6043fd79
+        SHA256: b53db7580900ee00aaed432b8a5b36169f820f16bbf6d85d34ef641b1e5bfdcb
+    Sections:
+        .text:
+            Entropy: 6.311575029098583
+            Virtual Size: '0x20975'
+        .hook:
+            Entropy: 5.097466333253085
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.539147413432647
+            Virtual Size: '0x463c'
+        .data:
+            Entropy: 4.8888094657184
+            Virtual Size: '0x53c88'
+        .pdata:
+            Entropy: 5.125727272335482
+            Virtual Size: '0x84c'
+        INIT:
+            Entropy: 5.341472095080265
+            Virtual Size: '0xf2e'
+        .rsrc:
+            Entropy: 3.1200681658662868
+            Virtual Size: '0x270'
+        .reloc:
+            Entropy: 4.004251703727133
+            Virtual Size: '0x58'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-11-20 16:27:25'
+    Imphash: b35d1d3faa6c97b106b343823d5df867
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zam64.sys
+    MD5: db46c56849bbce9a55a03283efc8c280
+    SHA1: 8f4b79b8026da7f966d38a8ba494c113c5e3894b
+    SHA256: 3c18ae965fba56d09a65770b4d8da54ccd7801f979d3ebd283397bc99646004b
+    Authentihash:
+        MD5: a7d940958aa06308dfb68ed67e6ae18c
+        SHA1: ddb4d31681eb2e8e95aa33b78d454b29542d2a98
+        SHA256: ab1290211250af83be645072d346693890f3f29feda5a3a23ea97758247f7ba1
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ZAM
+    ProductVersion: 2.16.928
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ObfDereferenceObject
+    - ZwCreateFile
+    - ZwClose
+    - RtlUpperString
+    - RtlUpcaseUnicodeString
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - DbgPrint
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - ObReferenceObjectByHandle
+    - FsRtlGetFileSize
+    - ZwDeleteFile
+    - ZwQuerySystemInformation
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - PsGetProcessId
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - IoGetDeviceAttachmentBaseRef
+    - strstr
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ae5755ef6edfaf47c756c813503d9491
+        SHA1: 12e5b706039cb80653dac2ed809faf430e392b64
+        SHA256: 9cb52aae7fdcaabee6e2e9b8640a4a386e7610f0fdedd53413fd1a9d1e7c044b
+    Sections:
+        .text:
+            Entropy: 6.394396532876167
+            Virtual Size: '0xb374'
+        .hook:
+            Entropy: 5.038393262108047
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.496538814940608
+            Virtual Size: '0x4354'
+        .data:
+            Entropy: 4.885486089888766
+            Virtual Size: '0x95b0'
+        .pdata:
+            Entropy: 4.837204199996544
+            Virtual Size: '0x774'
+        INIT:
+            Entropy: 5.364871219090765
+            Virtual Size: '0xcea'
+        .rsrc:
+            Entropy: 3.1167029968436752
+            Virtual Size: '0x270'
+        .reloc:
+            Entropy: 4.005527221234636
+            Virtual Size: '0x5c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-07-23 05:10:50'
+    Imphash: 7fba20994f76fb31b9f5a2b3f0c00055
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zamguard64.sys
+    MD5: 99c131567c10c25589e741e69a8f8aa3
+    SHA1: 3b8ddf860861cc4040dea2d2d09f80582547d105
+    SHA256: 45f42c5d874369d6be270ea27a5511efcca512aeac7977f83a51b7c4dee6b5ef
+    Authentihash:
+        MD5: 38757cf8a65976f362f287c3e94f8c1b
+        SHA1: 87cdb7698822d92a070b83b732fffa0ea99e34a2
+        SHA256: 950b672d3300bcacefe568156fbc8b16fa09da13df2f6ecda31254faaaf041f9
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ZAM
+    ProductVersion: 2.20.865
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - FsRtlIsNameInExpression
+    - PsGetProcessImageFileName
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - strchr
+    - RtlAppendUnicodeToString
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - PsGetCurrentThreadId
+    - ZwDeleteFile
+    - _vsnprintf
+    - PsThreadType
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ObQueryNameString
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlSetDaclSecurityDescriptor
+    - MmMapLockedPagesSpecifyCache
+    - PsGetProcessId
+    - IoThreadToProcess
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - PsGetProcessSectionBaseAddress
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - PsLookupProcessByProcessId
+    - ZwOpenProcess
+    - PsGetCurrentProcessId
+    - RtlUpcaseUnicodeString
+    - RtlUpperString
+    - ZwClose
+    - ZwCreateFile
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - ZwQuerySystemInformation
+    - strstr
+    - FltSendMessage
+    - FltCloseCommunicationPort
+    - FltCreateCommunicationPort
+    - FltReleaseContext
+    - FltGetStreamHandleContext
+    - FltSetStreamHandleContext
+    - FltAllocateContext
+    - FltCancelFileOpen
+    - FltQueryInformationFile
+    - FltReadFile
+    - FltParseFileNameInformation
+    - FltReleaseFileNameInformation
+    - FltGetFileNameInformation
+    - FltFreePoolAlignedWithTag
+    - FltAllocatePoolAlignedWithTag
+    - FltStartFiltering
+    - FltUnregisterFilter
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c0210f91c028886456549a7aa78f8147
+        SHA1: ea5478898d988d1bfa1287940ad74e5445f80a8d
+        SHA256: 820b53e3b20277040944a1286a3f401ca8fb24b4f93535dc570e2261632e2f26
+    Sections:
+        .text:
+            Entropy: 6.318184968025881
+            Virtual Size: '0x217a5'
+        .hook:
+            Entropy: 5.11576244605271
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.528539978421143
+            Virtual Size: '0x4744'
+        .data:
+            Entropy: 4.888903009535537
+            Virtual Size: '0x53c88'
+        .pdata:
+            Entropy: 5.14656609792469
+            Virtual Size: '0x8d0'
+        INIT:
+            Entropy: 5.334266463396646
+            Virtual Size: '0x1106'
+        .rsrc:
+            Entropy: 3.1014865335947537
+            Virtual Size: '0x270'
+        .reloc:
+            Entropy: 4.064239284774715
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-05-24 03:38:42'
+    Imphash: 3edc60bda68569cac7ad7604728ff40d
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zam64.sys
+    MD5: e5f8fcdfb52155ed4dffd8a205b3d091
+    SHA1: 90abd7670c84c47e6ffc45c67d676db8c12b1939
+    SHA256: 76614f2e372f33100a8d92bf372cdbc1e183930ca747eed0b0cf2501293b990a
+    Authentihash:
+        MD5: ad2c4382390a8740dcea8b0aef5552c2
+        SHA1: 0740faffcb163f4c8cd204c367b9492f2e361207
+        SHA256: b529550e8d2ec6133be50d7139179654301ff84ba09da0cd256c5dec924a185c
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ZAM
+    ProductVersion: 2.18.229
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwClose
+    - RtlUpperString
+    - RtlUpcaseUnicodeString
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - PsGetProcessImageFileName
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - strchr
+    - RtlAppendUnicodeToString
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - PsGetCurrentThreadId
+    - ZwDeleteFile
+    - _vsnprintf
+    - PsThreadType
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwOpenSymbolicLinkObject
+    - ZwCreateFile
+    - IoCreateFileSpecifyDeviceObjectHint
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ZwQuerySystemInformation
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlSetDaclSecurityDescriptor
+    - PsGetProcessId
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - ZwQuerySymbolicLinkObject
+    - strstr
+    - FltSendMessage
+    - FltCloseCommunicationPort
+    - FltCreateCommunicationPort
+    - FltStartFiltering
+    - FltUnregisterFilter
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 9b5178d71a0cb5373b4990094392a528
+        SHA1: 155e20603f42078857e8d77b8729385f21b38222
+        SHA256: 20fee3293ed1f05bc11ae72145db01fabac5b03a5373d99becc657699f98b330
+    Sections:
+        .text:
+            Entropy: 6.311766074951009
+            Virtual Size: '0x20925'
+        .hook:
+            Entropy: 5.1040723684174
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.537965882188229
+            Virtual Size: '0x464c'
+        .data:
+            Entropy: 4.8888094657184
+            Virtual Size: '0x53c88'
+        .pdata:
+            Entropy: 5.128533673234583
+            Virtual Size: '0x84c'
+        INIT:
+            Entropy: 5.3440427741633085
+            Virtual Size: '0xf04'
+        .rsrc:
+            Entropy: 3.11127988172195
+            Virtual Size: '0x270'
+        .reloc:
+            Entropy: 4.004251703727133
+            Virtual Size: '0x58'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-11-03 07:00:59'
+    Imphash: c6a0f65ba653ee78255cc9e314abc442
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zam64.sys
+    MD5: 707ab1170389eba44ffd4cfad01b5969
+    SHA1: b99a5396094b6b20cea72fbf0c0083030155f74e
+    SHA256: 7cb594af6a3655daebc9fad9c8abf2417b00ba31dcd118707824e5316fc0cc21
+    Authentihash:
+        MD5: fb3161dd2e402cfdd3495278974f4181
+        SHA1: 9c7deb9def09bca28c37211992c76880f575b9ef
+        SHA256: a59ad5be59f73f2a138c70d8aa634bf5f3364a67e072b64ff2a6d4627514a9ad
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: 3.0.0.000
+    Product: ZAM
+    ProductVersion: 3.0.0.000
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - FsRtlIsNameInExpression
+    - PsGetProcessImageFileName
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - strchr
+    - RtlAppendUnicodeToString
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - PsGetCurrentThreadId
+    - ZwDeleteFile
+    - _vsnprintf
+    - PsThreadType
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ObQueryNameString
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlSetDaclSecurityDescriptor
+    - MmMapLockedPagesSpecifyCache
+    - PsGetProcessId
+    - IoThreadToProcess
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - PsGetProcessSectionBaseAddress
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - PsLookupProcessByProcessId
+    - ZwOpenProcess
+    - PsGetCurrentProcessId
+    - RtlUpcaseUnicodeString
+    - RtlUpperString
+    - ZwClose
+    - ZwCreateFile
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - ZwQuerySystemInformation
+    - strstr
+    - FltSendMessage
+    - FltCloseCommunicationPort
+    - FltCreateCommunicationPort
+    - FltReleaseContext
+    - FltGetStreamHandleContext
+    - FltSetStreamHandleContext
+    - FltAllocateContext
+    - FltCancelFileOpen
+    - FltQueryInformationFile
+    - FltReadFile
+    - FltParseFileNameInformation
+    - FltReleaseFileNameInformation
+    - FltGetFileNameInformation
+    - FltFreePoolAlignedWithTag
+    - FltAllocatePoolAlignedWithTag
+    - FltStartFiltering
+    - FltUnregisterFilter
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:07'
+            ValidTo: '2023-06-01 18:08:07'
+            Signature: 4c967b89d7f96aa22dbaa9eee6cdc8dad16669620cd9c5c84bf3ca1ec4eaa4a67df9fafb84ba75fcec635f0a3d484541d890d65542406e5792504ecb8fd428068837b11d8e9d4cdb503608d0842dea48428247b46364746dc86b79cdc3379acb229e67b749ed31d3c6bcc88624bff3e066355d59b7ef9e715d3c3270506d1e794959edd8df2572505c15876ac0f42ed0d05f70214f50fb109627ab192b217d6a2bf503fe35811f6ffcf0585ae508c37589dc8015eea615f36ea2f1105c0f677a6758cb4898b57458cab4fc2e1c60f8af32baf51cb41b775e79815713693db878a935b1fb8232232310bba545e57c74d63a406968c36818974ea1e425839b83e81c94897f1b896d2974e32ff5a47f8bcefdebfde84a4d01c5918bf98aececb8edb2ef9dc697054676a10c04313f3a131469c978f2e7839f11a28e436936cc07e227fd705becbb54ba67c2eeaaa025658811de22f37e4ce51109c10ed94a65583cc4e4024432cedf41b3b18b175360b1f4e12a0cc9d562e7fabd80bacb78a74e9262a9a46c3d0a7757f71e4202522cb70d9591c77e1a4b0ca24739a9cef78f7d2fb376c4cf56a35b58deb7dba458bee058254bc3883ba356c79f458815e3bbcac600b063594db47ffdbb215783bf5c38c74a1fc6271a093aab79b4cf253c14b1eeb89f9c607d7956203166fa4420482b52ab4f3bd3f0e6bda4a13a018f0ecdb0a0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000058e7c589c068dca727000000000058
+            Version: 3
+            TBS:
+                MD5: d83c9268bb1f35e4ea0f81b7b876b4f8
+                SHA1: 6a784e02bf67f5791a85567716aa2d0fd701fcd0
+                SHA256: 00dab92fcb3753ac06147a6d8888b5731877d84979e3f178f572e3a1dff33fa8
+                SHA384: 75264b08d0862968698b184e6049337dbb3ddaab64c4cb71aaa8b990f10bc8b8660e2b1044da616784559b92f6b45280
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000058e7c589c068dca727000000000058
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c0210f91c028886456549a7aa78f8147
+        SHA1: ea5478898d988d1bfa1287940ad74e5445f80a8d
+        SHA256: 820b53e3b20277040944a1286a3f401ca8fb24b4f93535dc570e2261632e2f26
+    Sections:
+        .text:
+            Entropy: 6.31806175189807
+            Virtual Size: '0x217b5'
+        .hook:
+            Entropy: 5.11599521430575
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.529476686216564
+            Virtual Size: '0x4744'
+        .data:
+            Entropy: 4.888903009535537
+            Virtual Size: '0x53c88'
+        .pdata:
+            Entropy: 5.138271966562841
+            Virtual Size: '0x8d0'
+        INIT:
+            Entropy: 5.334070329167121
+            Virtual Size: '0x1106'
+        .rsrc:
+            Entropy: 3.1501576835148613
+            Virtual Size: '0x298'
+        .reloc:
+            Entropy: 4.064239284774715
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-08-17 11:06:53'
+    Imphash: 3edc60bda68569cac7ad7604728ff40d
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: zam64.sys
+    MD5: 9e0659d443a2b9d1afc75a160f500605
+    SHA1: 09f117d83f2f206ee37f1eb19eea576a0ac9bdcc
+    SHA256: 8fe9828bea83adc8b1429394db7a556a17f79846ad0bfb7f242084a5c96edf2a
+    Authentihash:
+        MD5: 536527a09edbc7e8c174f7f7423a79a1
+        SHA1: 60d4d82640d4550c3e2cfba69f00b5c7472e4926
+        SHA256: dcf9bc1e511993fd8c87b8cab5c23366cc818cccc40617cabc8f242d4a8751d7
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ZAM
+    ProductVersion: 2.17.115
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ObfDereferenceObject
+    - ZwCreateFile
+    - ZwClose
+    - RtlUpperString
+    - RtlUpcaseUnicodeString
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - DbgPrint
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - ObReferenceObjectByHandle
+    - FsRtlGetFileSize
+    - ZwDeleteFile
+    - ZwQuerySystemInformation
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - PsGetProcessId
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - IoGetDeviceAttachmentBaseRef
+    - strstr
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ae5755ef6edfaf47c756c813503d9491
+        SHA1: 12e5b706039cb80653dac2ed809faf430e392b64
+        SHA256: 9cb52aae7fdcaabee6e2e9b8640a4a386e7610f0fdedd53413fd1a9d1e7c044b
+    Sections:
+        .text:
+            Entropy: 6.39444173923497
+            Virtual Size: '0xb374'
+        .hook:
+            Entropy: 5.038393262108047
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.49649919697251
+            Virtual Size: '0x4354'
+        .data:
+            Entropy: 4.885486089888766
+            Virtual Size: '0x95b0'
+        .pdata:
+            Entropy: 4.837204199996544
+            Virtual Size: '0x774'
+        INIT:
+            Entropy: 5.364871219090765
+            Virtual Size: '0xcea'
+        .rsrc:
+            Entropy: 3.1027914592928436
+            Virtual Size: '0x270'
+        .reloc:
+            Entropy: 4.005527221234636
+            Virtual Size: '0x5c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-08-30 06:52:48'
+    Imphash: 7fba20994f76fb31b9f5a2b3f0c00055
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zamguard64.sys
+    MD5: 51e7b58f6e9b776568ffbd4dd9972a60
+    SHA1: 2cf75df00c69d907cfe683cb25077015d05be65d
+    SHA256: 9a95a70f68144980f2d684e96c79bdc93ebca1587f46afae6962478631e85d0c
+    Authentihash:
+        MD5: e03436e22127cd75a132169b627e5a3f
+        SHA1: b8d8e15e952b3fd2a510699d2124253565ecd611
+        SHA256: 082adcdc2d246d2291bcf135a7519840a84f27cfa3143d1372a9e2aa5e514dbd
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ZAM
+    ProductVersion: 2.16.287
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strstr
+    - wcsstr
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - RtlGetVersion
+    - KeDelayExecutionThread
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ProbeForRead
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwCreateFile
+    - ZwClose
+    - RtlUpperString
+    - RtlUpcaseUnicodeString
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - DbgPrint
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ZwDeleteFile
+    - ZwQuerySystemInformation
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - PsGetProcessId
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e0c0e404602172aa48774d25d95566a0
+        SHA1: 0063132555d9e0100f871f754fde426fbd9ad317
+        SHA256: abed6bb7959144a794ce1a624a4c333b89d73ac622d253fca9f3aab4a3505783
+    Sections:
+        .text:
+            Entropy: 6.385878636968825
+            Virtual Size: '0xb224'
+        .hook:
+            Entropy: 5.044794310603694
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.531467293507371
+            Virtual Size: '0x41d4'
+        .data:
+            Entropy: 4.886572228837024
+            Virtual Size: '0x8f58'
+        .pdata:
+            Entropy: 4.807436318496407
+            Virtual Size: '0x75c'
+        INIT:
+            Entropy: 5.3696053533373425
+            Virtual Size: '0xcea'
+        .rsrc:
+            Entropy: 3.1111150668737135
+            Virtual Size: '0x270'
+        .reloc:
+            Entropy: 3.8191100346914766
+            Virtual Size: '0x54'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-06-30 07:29:29'
+    Imphash: 0e9dfd08346bbe128159bff440d13389
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zamguard32.sys
+    MD5: 06897b431c07886454e0681723dd53e6
+    SHA1: 40d29aa7b3fafd27c8b27c7ca7a3089ccb88d69b
+    SHA256: ab2632a4d93a7f3b7598c06a9fdc773a1b1b69a7dd926bdb7cf578992628e9dd
+    Authentihash:
+        MD5: 4e0b0bd19c0f3c4a2a75e786474d9d06
+        SHA1: c5388c61135c7fe5617607206d663ac3eaef649c
+        SHA256: de99cea1cb680816afa10d2629a8067af1dc289d2d162a21b9dba71eb0e47745
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ZAM
+    ProductVersion: 2.21.63
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - FLTMGR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - _allmul
+    - strchr
+    - RtlAppendUnicodeToString
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - KeWaitForSingleObject
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - PsGetCurrentThreadId
+    - ZwDeleteFile
+    - _vsnprintf
+    - PsThreadType
+    - KeQuerySystemTime
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - KeGetCurrentThread
+    - RtlIntegerToUnicodeString
+    - RtlCompareMemory
+    - KeInitializeEvent
+    - KeSetEvent
+    - KefAcquireSpinLockAtDpcLevel
+    - KefReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ZwQuerySystemInformation
+    - IoFileObjectType
+    - ZwQueryInformationProcess
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlSetDaclSecurityDescriptor
+    - MmMapLockedPagesSpecifyCache
+    - PsGetProcessId
+    - IoThreadToProcess
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExfInterlockedInsertHeadList
+    - ExfInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - KeServiceDescriptorTable
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - PsGetProcessSectionBaseAddress
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - RtlUnwind
+    - PsGetProcessImageFileName
+    - FsRtlIsNameInExpression
+    - ObQueryNameString
+    - PsLookupProcessByProcessId
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - RtlUpcaseUnicodeString
+    - RtlUpperString
+    - ZwClose
+    - ZwCreateFile
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - strstr
+    - _aullshr
+    - memcpy
+    - KeReadStateEvent
+    - memset
+    - KfRaiseIrql
+    - KfLowerIrql
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - KeGetCurrentIrql
+    - FltSendMessage
+    - FltCloseCommunicationPort
+    - FltCreateCommunicationPort
+    - FltReleaseContext
+    - FltGetStreamHandleContext
+    - FltSetStreamHandleContext
+    - FltAllocateContext
+    - FltCancelFileOpen
+    - FltQueryInformationFile
+    - FltReadFile
+    - FltParseFileNameInformation
+    - FltReleaseFileNameInformation
+    - FltGetFileNameInformation
+    - FltFreePoolAlignedWithTag
+    - FltAllocatePoolAlignedWithTag
+    - FltStartFiltering
+    - FltUnregisterFilter
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: bf4174b7e1b1688fc834924419fb2346
+        SHA1: 829a54d3ecb838b80db5f3231a409664bff1b987
+        SHA256: da5b2c2f97975f75865da42c25ff8a3f10f02a2eb3f7a80ccb37de3f16118e12
+    Sections:
+        .text:
+            Entropy: 6.572668371587258
+            Virtual Size: '0x1b995'
+        .hook:
+            Entropy: 4.580963402374781
+            Virtual Size: '0x889'
+        .rdata:
+            Entropy: 5.467252707390709
+            Virtual Size: '0x3934'
+        .data:
+            Entropy: 4.880345457711278
+            Virtual Size: '0x3668c'
+        INIT:
+            Entropy: 5.638118044252383
+            Virtual Size: '0xf8c'
+        .rsrc:
+            Entropy: 3.132774613745373
+            Virtual Size: '0x268'
+        .reloc:
+            Entropy: 6.750936493564276
+            Virtual Size: '0x222c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-08-17 11:07:02'
+    Imphash: a49a51d7f2ae972483961eb64d17888e
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zam64.sys
+    MD5: d4a10447fdaff7a001715191c1f914b6
+    SHA1: 628e63caf72c29042e162f5f7570105d2108e3c2
+    SHA256: d7e091e0d478c34232e8479b950c5513077b3a69309885cee4c61063e5f74ac0
+    Authentihash:
+        MD5: 8ff959801623fcaf37f6fde89a4aeec1
+        SHA1: b24f8e34221cb7eaa5bed2f177f6701380a0e71f
+        SHA256: 1a166e70dcaf3ef12836db1927953ee528e532cdae8165e67d776971e4cbc48c
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: 2.11.1.510
+    Product: ZAM
+    ProductVersion: 2.11.1.510
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strstr
+    - wcsstr
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - RtlGetVersion
+    - KeDelayExecutionThread
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ProbeForRead
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwCreateFile
+    - ZwClose
+    - RtlUpperString
+    - RtlUpcaseUnicodeString
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - DbgPrint
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ZwDeleteFile
+    - ZwQuerySystemInformation
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - PsGetProcessId
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 03ecbde4b65b5fc87f13e1aac3284168
+        SHA1: 40790d40c391b7325d1843e2c39597720c8c4f69
+        SHA256: 86aa19cd5e2beaf013e66553b916cc39a8c456d7000e46bcfc4719eda41206b5
+    Sections:
+        .text:
+            Entropy: 6.391414310346214
+            Virtual Size: '0xaf64'
+        .hook:
+            Entropy: 5.064996868770916
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.536191925684008
+            Virtual Size: '0x414c'
+        .data:
+            Entropy: 4.88510732017845
+            Virtual Size: '0x8f58'
+        .pdata:
+            Entropy: 4.8352396491085745
+            Virtual Size: '0x720'
+        INIT:
+            Entropy: 5.371003736727007
+            Virtual Size: '0xcba'
+        .rsrc:
+            Entropy: 3.2000366091764283
+            Virtual Size: '0x2a8'
+        .reloc:
+            Entropy: 3.7715246176915187
+            Virtual Size: '0x54'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-05-12 07:14:11'
+    Imphash: 089e8a8f2bb007852c63b64e66430293
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zam64.sys
+    MD5: 75e50ae2e0f783e0caf912f45e15248a
+    SHA1: a3d612a5ea3439ba72157bd96e390070bdddbbf3
+    SHA256: de8f8006d8ee429b5f333503defa54b25447f4ed6aeade5e4219e23f3473ef1c
+    Authentihash:
+        MD5: cf4707d1cc2b1d1344058ac750e4e61e
+        SHA1: 3bd3de766013c31d87545bd7affd8e52c4e24f72
+        SHA256: e5316670c0bddc0519ef96b2db89285a8620a260429a97f9d2cf5b58b0287d91
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ZAM
+    ProductVersion: 2.20.104
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - FsRtlIsNameInExpression
+    - PsGetProcessImageFileName
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - strchr
+    - RtlAppendUnicodeToString
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - PsGetCurrentThreadId
+    - ZwDeleteFile
+    - _vsnprintf
+    - PsThreadType
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ObQueryNameString
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlSetDaclSecurityDescriptor
+    - MmMapLockedPagesSpecifyCache
+    - PsGetProcessId
+    - IoThreadToProcess
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - PsGetProcessSectionBaseAddress
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - PsLookupProcessByProcessId
+    - ZwOpenProcess
+    - PsGetCurrentProcessId
+    - RtlUpcaseUnicodeString
+    - RtlUpperString
+    - ZwClose
+    - ZwCreateFile
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - strstr
+    - ZwQuerySystemInformation
+    - DbgPrint
+    - FltSendMessage
+    - FltCloseCommunicationPort
+    - FltCreateCommunicationPort
+    - FltReleaseContext
+    - FltGetStreamHandleContext
+    - FltSetStreamHandleContext
+    - FltAllocateContext
+    - FltCancelFileOpen
+    - FltQueryInformationFile
+    - FltReadFile
+    - FltParseFileNameInformation
+    - FltReleaseFileNameInformation
+    - FltGetFileNameInformation
+    - FltFreePoolAlignedWithTag
+    - FltAllocatePoolAlignedWithTag
+    - FltStartFiltering
+    - FltUnregisterFilter
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: de13056bb6ad645db28aad154de62bbd
+        SHA1: fab3d62fdad6b298341cc10935165f8e565b4f0b
+        SHA256: a0d4900197b774247b0cb136ab600bfdb16e2ea139e80b8ee4bd0cc768223a5a
+    Sections:
+        .text:
+            Entropy: 5.993512424846143
+            Virtual Size: '0x2c275'
+        .hook:
+            Entropy: 5.054306709915981
+            Virtual Size: '0x9cf'
+        .rdata:
+            Entropy: 5.401668155372347
+            Virtual Size: '0x43d4'
+        .data:
+            Entropy: 4.886684982431987
+            Virtual Size: '0x53c88'
+        .pdata:
+            Entropy: 5.218831215225971
+            Virtual Size: '0xa38'
+        INIT:
+            Entropy: 5.34672539398453
+            Virtual Size: '0x1106'
+        .rsrc:
+            Entropy: 3.099017887403996
+            Virtual Size: '0x270'
+        .reloc:
+            Entropy: 4.067679213183045
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-04-01 04:23:58'
+    Imphash: 5f6fd4ffba177389f414dd1a6ded24b4
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zam64.sys
+    MD5: 5054083cf29649a76c94658ba7ff5bce
+    SHA1: dd4cd182192b43d4105786ba87f55a036ec45ef2
+    SHA256: e428ddf9afc9b2d11e2271f0a67a2d6638b860c2c12d4b8cc63d33f3349ee93f
+    Authentihash:
+        MD5: 8d4a371e8da97e8dfd254e7b860bf147
+        SHA1: d2a888f664ffa91e876dbd797ca1fc95c511c5bc
+        SHA256: 27f5c5eb9a5fc9e02d3ac3cd83fc26b07f3d0143b03db69d6dcf7554d0c50fb6
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ZAM
+    ProductVersion: 2.17.984
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlUpperString
+    - RtlUpcaseUnicodeString
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - DbgPrint
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ZwDeleteFile
+    - ZwClose
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlSetDaclSecurityDescriptor
+    - PsGetProcessId
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - ZwCreateFile
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - ZwQuerySystemInformation
+    - strstr
+    - FltSendMessage
+    - FltCloseCommunicationPort
+    - FltCreateCommunicationPort
+    - FltStartFiltering
+    - FltUnregisterFilter
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 665ad4c00f9eec6edc1f766ccac676f0
+        SHA1: 08d0338ae7414b104b0fa26a31d46b90e001bd19
+        SHA256: 02f7c54750b6c80addc5b62d3517dfc10363a27e0277cc87d5c12136d341d484
+    Sections:
+        .text:
+            Entropy: 6.399466980549077
+            Virtual Size: '0xbae4'
+        .hook:
+            Entropy: 5.065053175214044
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.476727334664607
+            Virtual Size: '0x43ec'
+        .data:
+            Entropy: 4.8858201894451
+            Virtual Size: '0x30398'
+        .pdata:
+            Entropy: 4.828897068133496
+            Virtual Size: '0x7c8'
+        INIT:
+            Entropy: 5.313494891405246
+            Virtual Size: '0xe24'
+        .rsrc:
+            Entropy: 3.118718502578378
+            Virtual Size: '0x270'
+        .reloc:
+            Entropy: 3.983795976674783
+            Virtual Size: '0x58'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-10-22 05:36:54'
+    Imphash: 519cf5394541bf5e2869edeec81521e1
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zam64.sys
+    MD5: 21e13f2cb269defeae5e1d09887d47bb
+    SHA1: 16d7ecf09fc98798a6170e4cef2745e0bee3f5c7
+    SHA256: 543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91
+    Signature:
+    - Zemana Ltd.
+    - DigiCert High Assurance Code Signing CA-1
+    - DigiCert
+    Date: ''
+    Publisher: ''
+    Company: Zemana Ltd.
+    Description: ZAM
+    Product: ZAM
+    ProductVersion: 2.21.63
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Authentihash:
+        MD5: 3f2771b22553380efcee72a27dc4d96c
+        SHA1: 0d15b7de0f1129b540f48d7a3cba2c6bf5d44112
+        SHA256: ceb1bf90d8652dac481fba362e5c3a6548a116897e729733f2be27f4edc5fc1f
+    InternalName: ''
+    Copyright: Zemana Ltd. All rights reserved.
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - FsRtlIsNameInExpression
+    - PsGetProcessImageFileName
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - strchr
+    - RtlAppendUnicodeToString
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - PsGetCurrentThreadId
+    - ZwDeleteFile
+    - _vsnprintf
+    - PsThreadType
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ObQueryNameString
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlSetDaclSecurityDescriptor
+    - MmMapLockedPagesSpecifyCache
+    - PsGetProcessId
+    - IoThreadToProcess
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - PsGetProcessSectionBaseAddress
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - PsLookupProcessByProcessId
+    - ZwOpenProcess
+    - PsGetCurrentProcessId
+    - RtlUpcaseUnicodeString
+    - RtlUpperString
+    - ZwClose
+    - ZwCreateFile
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - ZwQuerySystemInformation
+    - strstr
+    - FltSendMessage
+    - FltCloseCommunicationPort
+    - FltCreateCommunicationPort
+    - FltReleaseContext
+    - FltGetStreamHandleContext
+    - FltSetStreamHandleContext
+    - FltAllocateContext
+    - FltCancelFileOpen
+    - FltQueryInformationFile
+    - FltReadFile
+    - FltParseFileNameInformation
+    - FltReleaseFileNameInformation
+    - FltGetFileNameInformation
+    - FltFreePoolAlignedWithTag
+    - FltAllocatePoolAlignedWithTag
+    - FltStartFiltering
+    - FltUnregisterFilter
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c0210f91c028886456549a7aa78f8147
+        SHA1: ea5478898d988d1bfa1287940ad74e5445f80a8d
+        SHA256: 820b53e3b20277040944a1286a3f401ca8fb24b4f93535dc570e2261632e2f26
+    Sections:
+        .text:
+            Entropy: 6.318212914980563
+            Virtual Size: '0x217b5'
+        .hook:
+            Entropy: 5.11599521430575
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.529476686216564
+            Virtual Size: '0x4744'
+        .data:
+            Entropy: 4.888903009535537
+            Virtual Size: '0x53c88'
+        .pdata:
+            Entropy: 5.138271966562841
+            Virtual Size: '0x8d0'
+        INIT:
+            Entropy: 5.334070329167121
+            Virtual Size: '0x1106'
+        .rsrc:
+            Entropy: 3.11126789304551
+            Virtual Size: '0x268'
+        .reloc:
+            Entropy: 4.064239284774715
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-08-17 11:06:53'
+    Imphash: 3edc60bda68569cac7ad7604728ff40d
+    LoadsDespiteHVCI: 'TRUE'
+- Filename: tProtect.dll
+  SHA256: 078e7fb479ad6f0734682d41a17d41518de35bf4f6c5c212643b7d37e641041e
+  MD5: a87587ee2f2281297f24bbd96902faa5
+  SHA1: 63399ac91e92f0c92ffaeac43616e1b7c77a9791
+  Imphash: 3edc60bda68569cac7ad7604728ff40d
+  Authentihash:
+    MD5: 096b2f20901609e482340d5f8cbc79ac
+    SHA1: 1c6501199c9d759970a11cc41b9077a946c3c276
+    SHA256: 196c803aa8217eb8d2783ad9750cd27bbe540a449480c842cc128cc7a5a64f04
   RichPEHeaderHash:
-    MD5: de13056bb6ad645db28aad154de62bbd
-    SHA1: fab3d62fdad6b298341cc10935165f8e565b4f0b
-    SHA256: a0d4900197b774247b0cb136ab600bfdb16e2ea139e80b8ee4bd0cc768223a5a
+    MD5: c0210f91c028886456549a7aa78f8147
+    SHA1: ea5478898d988d1bfa1287940ad74e5445f80a8d
+    SHA256: 820b53e3b20277040944a1286a3f401ca8fb24b4f93535dc570e2261632e2f26
   Sections:
     .text:
-      Entropy: 5.993512424846143
-      Virtual Size: '0x2c275'
+      Entropy: 6.318212914980563
+      Virtual Size: '0x217b5'
     .hook:
-      Entropy: 5.054306709915981
-      Virtual Size: '0x9cf'
+      Entropy: 5.11599521430575
+      Virtual Size: '0x9af'
     .rdata:
-      Entropy: 5.401668155372347
-      Virtual Size: '0x43d4'
+      Entropy: 5.529476686216564
+      Virtual Size: '0x4744'
     .data:
-      Entropy: 4.886684982431987
+      Entropy: 4.888903009535537
       Virtual Size: '0x53c88'
     .pdata:
-      Entropy: 5.218831215225971
-      Virtual Size: '0xa38'
+      Entropy: 5.138271966562841
+      Virtual Size: '0x8d0'
     INIT:
-      Entropy: 5.34672539398453
+      Entropy: 5.334070329167121
       Virtual Size: '0x1106'
     .rsrc:
-      Entropy: 3.099017887403996
-      Virtual Size: '0x270'
+      Entropy: 3.1311542715985277
+      Virtual Size: '0x25c'
     .reloc:
-      Entropy: 4.067679213183045
+      Entropy: 4.064239284774715
       Virtual Size: '0x60'
   MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-04-01 06:23:58'
-  Imphash: 5f6fd4ffba177389f414dd1a6ded24b4
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zam64.sys
-  MD5: 5054083cf29649a76c94658ba7ff5bce
-  SHA1: dd4cd182192b43d4105786ba87f55a036ec45ef2
-  SHA256: e428ddf9afc9b2d11e2271f0a67a2d6638b860c2c12d4b8cc63d33f3349ee93f
-  Authentihash:
-    MD5: 8d4a371e8da97e8dfd254e7b860bf147
-    SHA1: d2a888f664ffa91e876dbd797ca1fc95c511c5bc
-    SHA256: 27f5c5eb9a5fc9e02d3ac3cd83fc26b07f3d0143b03db69d6dcf7554d0c50fb6
+  CreationTimestamp: '2016-08-17 19:06:53'
   Description: ZAM
-  Company: Zemana Ltd.
+  Company: Zmana Ltd.
   InternalName: ''
   OriginalFilename: ''
   FileVersion: ''
   Product: ZAM
-  ProductVersion: 2.17.984
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlUpperString
-  - RtlUpcaseUnicodeString
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - DbgPrint
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ZwDeleteFile
-  - ZwClose
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlSetDaclSecurityDescriptor
-  - PsGetProcessId
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - ZwCreateFile
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ProbeForRead
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - wcsstr
-  - ZwQuerySystemInformation
-  - strstr
-  - FltSendMessage
-  - FltCloseCommunicationPort
-  - FltCreateCommunicationPort
-  - FltStartFiltering
-  - FltUnregisterFilter
-  - FltRegisterFilter
-  - FltBuildDefaultSecurityDescriptor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 665ad4c00f9eec6edc1f766ccac676f0
-    SHA1: 08d0338ae7414b104b0fa26a31d46b90e001bd19
-    SHA256: 02f7c54750b6c80addc5b62d3517dfc10363a27e0277cc87d5c12136d341d484
-  Sections:
-    .text:
-      Entropy: 6.399466980549077
-      Virtual Size: '0xbae4'
-    .hook:
-      Entropy: 5.065053175214044
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.476727334664607
-      Virtual Size: '0x43ec'
-    .data:
-      Entropy: 4.8858201894451
-      Virtual Size: '0x30398'
-    .pdata:
-      Entropy: 4.828897068133496
-      Virtual Size: '0x7c8'
-    INIT:
-      Entropy: 5.313494891405246
-      Virtual Size: '0xe24'
-    .rsrc:
-      Entropy: 3.118718502578378
-      Virtual Size: '0x270'
-    .reloc:
-      Entropy: 3.983795976674783
-      Virtual Size: '0x58'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-10-22 07:36:54'
-  Imphash: 519cf5394541bf5e2869edeec81521e1
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zam64.sys
-  MD5: 21e13f2cb269defeae5e1d09887d47bb
-  SHA1: 16d7ecf09fc98798a6170e4cef2745e0bee3f5c7
-  SHA256: 543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91
-  Signature:
-  - Zemana Ltd.
-  - DigiCert High Assurance Code Signing CA-1
-  - DigiCert
-  Date: ''
-  Publisher: ''
-  Company: Zemana Ltd.
-  Description: ZAM
-  Product: ZAM
   ProductVersion: 2.21.63
-  FileVersion: ''
+  Copyright: Zmana Ltd. All rights reserved.
   MachineType: AMD64
-  OriginalFilename: ''
-  Authentihash:
-    MD5: 3f2771b22553380efcee72a27dc4d96c
-    SHA1: 0d15b7de0f1129b540f48d7a3cba2c6bf5d44112
-    SHA256: ceb1bf90d8652dac481fba362e5c3a6548a116897e729733f2be27f4edc5fc1f
-  InternalName: ''
-  Copyright: Zemana Ltd. All rights reserved.
   Imports:
   - ntoskrnl.exe
   - FLTMGR.SYS
@@ -3095,125 +3239,115 @@ KnownVulnerableSamples:
   - CertificatesInfo: ''
     SignerInfo: ''
     Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+    - Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
+      ValidFrom: '2018-09-19 00:00:00'
+      ValidTo: '2028-01-28 12:00:00'
+      Signature: 2370e9cfe2bef559ae94426fc44333aacd3f3ab96417f262064b48f140880617a1feabd15f3cc633f2f38edd1f1d3ecc1a6099820bacc7fc7e9a872aa57d0fa657eeac3b6a85d6debd4063f8ada6c888b012fcf641df0f09971e38ea539fbe05f43eead39f501276be098bc20b487d1e2e51f68d53d3ab1f401b8a8eed7dfb4f7956705f0cd38e1bb3a7700d372b9795abdae0126b1c40cec5c77eedc26258ec77ed7322c28af5864388adea136efdd8fe422fb97d5ead18ef9490ca3d27ab26949975c7cbd37bf7ca4cd3af5121925b847d2b9f153f74cb51e89e830e166f1be746ce23bdf9e4a28bd2396baa791c912ce261242d8e2a487090c41ec5e8e070
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
       IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+      SerialNumber: 01ee5f169dff97352b6465d66a
       Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
       TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+        MD5: 51c3959a45cecf3d21a3effb05762573
+        SHA1: ecfcd25fd0525448a74875ba271566bc0bfbf061
+        SHA256: de1da11668f0a8d5e13346ed3ab2755f5d25bebffcfd1d0bde5b9f87bc292c91
+        SHA384: f0eab75baf1f24a53d63bd795cd07292a312f603513c8cb0f40fe5acbdb477ed72607d309fad21471a16f6223fb3a838
+    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+      ValidFrom: '2011-04-15 19:55:08'
+      ValidTo: '2021-04-15 20:05:08'
+      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
       SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+      IsCertificateAuthority: true
+      SerialNumber: 6129152700000000002a
       Version: 3
-      CertificateType: Intermediate
-      IsCodeSigning: false
-      IsCA: false
       TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
+        MD5: 0bb058d116f02817737920f112d9fd3b
+        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root
+        G4
+      ValidFrom: '2022-08-01 00:00:00'
+      ValidTo: '2031-11-09 23:59:59'
+      Signature: 70a0bf435c55e7385fa0a3741b3db616d7f7bf5707bd9aaca1872cec855ea91abb22f8871a695422eda488776dbd1a14f4134a7a2f2db738eff4ff80b9f8a1f7f272de24bc5203c84ed02adefa2d56cff9f4f7ac307a9a8bb25ed4cfd143449b4321eb9672a148b499cb9d4fa7060313772744d4e77fe859a8f0bf2f0ba6e9f2343cecf703c787a8d24c401935466a6954b0b8a1568eeca4d53de8b1dcfd1cd8f4775a5c548c6fefa1503dfc760968849f6fcadb208d35601c0203cb20b0ac58a00e4063c59822c1b259f5556bcf27ab6c76ce6f232df47e716a236b22ff12b8542d277ed83ad9f0b68796fd5bd15cac18c34d9f73b701a99f57aa5e28e2b994
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+      IsCertificateAuthority: true
+      SerialNumber: 0e9b188ef9d02de7efdb50e20840185a
       Version: 3
-      CertificateType: Leaf (Code Signing)
-      IsCodeSigning: true
-      IsCA: false
       TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+        MD5: 21a266bd49f2778b24d13d95641ea6ac
+        SHA1: 21319f341fdf06bf6a104427afa8b7823b1ea7f3
+        SHA256: e933dc68ee65abd1f9b1aa6738eff60a6895d3d8cc4accf0c69069aa3decd757
+        SHA384: 11533efd6b326a4e065a936de300fe0586a479f93d569d2403bd62c7ad35f1b2199daee3adb510f429c4fc97b4b024e3
+    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Code Signing Root R45
+      ValidFrom: '2020-07-28 00:00:00'
+      ValidTo: '2029-03-18 00:00:00'
+      Signature: acf7cc158b3079a81d0b28881909d71c7ffe86bd7b5a336e0d670e7b62d9e1185cb0bd135d1d23ae39507637aa44fd5f01235986564cccadbc64131430a420a8e03fe89c72dc7ef3d80c23baa82daa3cf6ec9f87310765f539a7518275e1f22f97f6d1e165968364fea11d51fbb5249bf5d27769bc852c5cfa5877d1aea7b10be2d677bba9b4344aa96f3df4f30d955de6f97a45b02517312edbf70f68e6831fa9f7e5d49d988cd3614b2fc3287e7ade930eb47da00a6d92c4b4663f7da758eeacf7ecc30801ab38fc0a1ca9c597b288c8090219f65c9a1af14d6c30d4b306ab0060480d78abcf17ad9293622077756cbdc832b4dc4debd9dfc1909629bdc17f
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
       IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
+      SerialNumber: 7803184245708a41cf6f01b8eeb4a954
       Version: 3
-      CertificateType: CA
-      IsCodeSigning: false
-      IsCA: true
       TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+        MD5: a33260428269bc902bc1cd280e4b1837
+        SHA1: 254209ca172cffcc67bd2a88996556d2f09538f0
+        SHA256: a67411358594f2cf016741a63fd49f36de917f86531b3e3a43eb6a421c654868
+        SHA384: fec727af43d1569995cea26e8eb97167165842a5b185304425a92c03b71254c5d51222837515f33e60cb8ed2e8c625ba
+    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping
+        CA
+      ValidFrom: '2022-03-23 00:00:00'
+      ValidTo: '2037-03-22 23:59:59'
+      Signature: 7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+      IsCertificateAuthority: true
+      SerialNumber: 073637b724547cd847acfd28662a5e5b
+      Version: 3
+      TBS:
+        MD5: e4b8ad9932ff9205f580cf8fb2afbb86
+        SHA1: 5301f7044d78bf94dd2b6e4871083a17fdba1dcc
+        SHA256: c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa
+        SHA384: 84b5f399da5a4f4387269adfd951ef7d2197c29552ed2d2e449060664c3825d6bdb2acc3e563d999e54652f7384f445e
+    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2023
+      ValidFrom: '2023-07-14 00:00:00'
+      ValidTo: '2034-10-13 23:59:59'
+      Signature: 811ad6dea0a9b59817bc708d4f8a3c689cd825ffcb2ce4cdea5d2292ec8c2202a9b8cf80a8d9e7e3c5ed26828a712f18dd4eb6de6cd7e1609c2beded3d488eb86bba7c5dbdc26137684977a3eb90aa12d72785f38e1e92dac240389f5dc8a02e2578259d2a057a842998b657798fdb26562bb0f3a7bd370cd898764f56b952c2b69d38a981e76d415c8c69d1b92bc4c67bcf9cfa78e2931a76a26975d350e44412be200d9ea944d0f8e54977085a21c5b4cf98951a54bab9bcc16919bacf16f28337346eb04126ddde5a974f338dd48d777d7545a1a558266a0345ded950b5508caf56bd4cc5e146c528d3ade7430070decc989e198903ead49137ef4d52f3c96021c45647edda114b8c32c388e658e2b6db3ef95fb042d68fe31791d1aac055e386bfac272c41d09a334aa836d4b972967e977938485fcac2dc3d32df75d636675a89f8f6a7c7e54f353c00bdbe9c2a6c7901dcda44e63ade383b075e3958f47c733155a08011cb140c7eaebcfea4eb7965aa68d622ca3beb9a8235572816cb69f2329ab2d2d83ab8b146866bba17fdc4776c156caeabaf733ae84946b7d57fccb638c0d8ec1cf5b6a1b8432cdf4e4c7d1e6870c0770ad402e05c60bb28ff38e5525ad6ac1722234ef4ecd317fb506bff07771f71974441c9b846d36c327c582f674765e51b73b699f96b2c0646ef411ef0f05fe0dbd9ad908044af8010418a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+      IsCertificateAuthority: false
+      SerialNumber: 0544aff3949d0839a6bfdb3f5fe56116
+      Version: 3
+      TBS:
+        MD5: 7630cbd02cc6732394e9fdfe99d0d8f8
+        SHA1: bc1890d694f9d392c4cbae6a174e35d70e7ec8b1
+        SHA256: 594a02de632b3a08ed6644c36994025e57f35bc8e7bd16cec5d347883390d1d8
+        SHA384: 31d9fb75262762d17046f31e5c54509f58a295d505e411019544000b64f607b44b3346b708fa50d48f199dba56f0c0b1
+    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning CA 2020
+      ValidFrom: '2020-07-28 00:00:00'
+      ValidTo: '2030-07-28 00:00:00'
+      Signature: 2575a009c939bab7a139892f189fabd6eb1d4be8947c0d07689b1c9def71b6176a6b024fb33f864587cc659b4ce35806022266d56102c5638fd4a2f1b65e250b7796e9cd7140338829eceef3a26dbc4db53e064bc97333ca08142d3d4ce8b0ba75a6742da4583a6c1349f8a5150a149685b16a68342542af9656f410fa247df12b72c116e16bebe6a998c73e5af4d0189dfd74978677462a3d237d28738aaeef2b1b9abf6c53a7149e3c8771c05e8ec8fbd32a9233ea574d5e075ecac118ac812d1a21fa6ecf97617bdf717a3aca63f7d530443732febb4385dcbafca6ca33192b776ddbcb05f07e5f752ea2b6bf35aa3663c9ce64d9bdfcbc2cf3495600c8122bc627bb37af57efc4cf1e29c4f4e22dce2a61cf57edf50a40e2f518d61ee9902fcad3875f938a481a111de537859f2e66629a5e814e95ac555743dc538b257e3c610f8a0bbaf53fa6d78ef704565e21bb9fd76a7180bf96de7203d8d8222bf327164f38e851400cae92efbe3d7df780c64c36578495a7841548300e5227088d8ea2bd22c719c9a6ca0ea87a36db6aba615f112495a4e28e68ee19a949995ed0b434bdd6f940c710973152393529118724d3c4fba963cb7748d5fa62fc24e0047a4ed0e46edece9e385026f4217165d70925d4c907007ab8c7f377e8c5d4e255d0d31ef67f52e2498db911720c88442633660144dfe4330e21de62894807daf5
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
       IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+      SerialNumber: 77bd0e05b7590bb61d4761531e3f75ed
+      Version: 3
+      TBS:
+        MD5: 65fd1dac1f115d9507f4e1840c8cb36a
+        SHA1: c7cf5607e19b22fe60c055e71d9b555d70f71f66
+        SHA256: d9c7db0b704f07089440c56e69a0f31d730edf77cfbf7514630e8b5390a270fe
+        SHA384: defe810317bd1215b4d1ee0ec8a5fb38b21d094ef1173cae670956cd899232638e4f9473fd947bd550a4a77300bbb2ab
+    - Subject: ??=Private Organization, serialNumber=91440300MA5FD6WK46, ??=CN, ??=Guangdong,
+        ??=Shenzhen, C=CN, ST=Guangdong, L=Shenzhen, O=CleverSoar Electronic Technology
+        Co., Ltd., CN=CleverSoar Electronic Technology Co., Ltd.
+      ValidFrom: '2023-07-24 08:30:28'
+      ValidTo: '2024-07-24 08:30:28'
+      Signature: 81e71777c185f29a3d776650ad84c90e6419af36c0041dbf22561902437ea07c17adddd61992777afa3afa1868cd90b5c1b1a0539c8a23f03134ee0fbd128497f1dbcf42ba3bc2108c013dbdadbb8b8b4f8e1da4d38f6467a237726090c32399514c87099fe5e143462081dda34a986817de71808ac8b682ca973731156648fd38f20d8c5f3b3bff004098d1e0633bced928b8b708ea94104a227f2591794c12f82b45141bba1333f7f12c5c7e84be6b1773cda0745ef788d54af51e1639c2b00cd6986e4bb32840ff5925fa1e1deecdda8287d47b9ce51afa81baa5d62dfc07fbf8c96ae842a6cf299b0182a11eca956e6506deb18e48b3a0f635b1dc352b4a238aa01fe9d0b3a79b6596b572331e22dbbc734a745761d7d38889ad03690f8ac7531dc09ba0bdcb525af1ba58165c436c1005330f7cc3b44e1ede21e736e767bc2939d1acd00487bb5175ab2ad3d77d0b9ba75d472ed672b02f90c49dc453925f22265e66cd5ff872e80d554c016efb6377dcf61bf0eb04c0f0b697278f9c1e8c10f601e36ca9fd3b2dbfab74f66df00488995217394ee05c9b8b2af03a00589b7add6d10a341e36abf81898576cc6856ecd4443d2fa8bcdd5a4d79812d5a95ae19e69de79d6280eff57738c42f4ca318086ae54c3e47aeb0691b17bee017cfd272efd2d3a5efb6a7476b5fb1986ec1d5254741c683318a63affaf1ec2c0497
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+      IsCertificateAuthority: false
+      SerialNumber: 5b3b40442fc61bf39d4ad414
       Version: 3
-      CertificateType: CA
-      IsCodeSigning: true
-      IsCA: true
       TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        MD5: 69e097228223b745d14e726062ecbd27
+        SHA1: aebee16d3f77ca075ede3e4896b6e46e2a9274f0
+        SHA256: d54dc9cdcee1f196c17901082956b7be8d78bdd2cd91e72fbda164e4909341df
+        SHA384: 4749e6d5bc7cdb0ef47528b6bb927f9738f98b7cc2f14ede3424d601d6ec635b030ef97a278fe874dc65ceeb5ee83f18
     Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
+    - SerialNumber: 5b3b40442fc61bf39d4ad414
+      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning CA 2020
       Version: 1
-  RichPEHeaderHash:
-    MD5: c0210f91c028886456549a7aa78f8147
-    SHA1: ea5478898d988d1bfa1287940ad74e5445f80a8d
-    SHA256: 820b53e3b20277040944a1286a3f401ca8fb24b4f93535dc570e2261632e2f26
-  Sections:
-    .text:
-      Entropy: 6.318212914980563
-      Virtual Size: '0x217b5'
-    .hook:
-      Entropy: 5.11599521430575
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.529476686216564
-      Virtual Size: '0x4744'
-    .data:
-      Entropy: 4.888903009535537
-      Virtual Size: '0x53c88'
-    .pdata:
-      Entropy: 5.138271966562841
-      Virtual Size: '0x8d0'
-    INIT:
-      Entropy: 5.334070329167121
-      Virtual Size: '0x1106'
-    .rsrc:
-      Entropy: 3.11126789304551
-      Virtual Size: '0x268'
-    .reloc:
-      Entropy: 4.064239284774715
-      Virtual Size: '0x60'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-08-17 13:06:53'
-  Imphash: 3edc60bda68569cac7ad7604728ff40d
-  LoadsDespiteHVCI: 'TRUE'