22aa985b-5fdb-4e38-9382-a496220c27ec

TmComm.sys :inline

Description

TmComm.sys is a vulnerable driver and more information will be added as found.

  • UUID: 22aa985b-5fdb-4e38-9382-a496220c27ec
  • Created: 2023-01-09
  • Author: Michael Haag
  • Acknowledgement: |

DownloadBlock

This download link contains the vulnerable driver!

Commands

sc.exe create TmComm.sys binPath=C:\windows\temp\TmComm.sys type=kernel && sc.exe start TmComm.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://github.com/elastic/protections-artifacts/search?q=VulnDriver

  • Known Vulnerable Samples

    PropertyValue
    FilenameTmComm.sys
    Creation Timestamp2018-04-09 04:08:57
    MD52e1f8a2a80221deb93496a861693c565
    SHA1a00e444120449e35641d58e62ed64bb9c9f518d2
    SHA256cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64
    Authentihash MD52d7f04ca689981b18fb8a4488e029843
    Authentihash SHA16c0af836a89234e9a69363495719b686fbad8d7d
    Authentihash SHA256d580349730ace5170e7c33850bdcb37cbf16b70d0d1adc2568fdd223c2a55a77
    RichPEHeaderHash MD51ef18db502f07590b0133ea93427886b
    RichPEHeaderHash SHA1914fa70ff269481ce7c8e767d0e276b77de8e7af
    RichPEHeaderHash SHA256704350b0e89fb3277a7ba93465a4cdcd8b21bbab537ec95548227dbe1d735ac2
    CompanyTrend Micro Inc.
    DescriptionTrendMicro Common Module
    ProductTrend Micro Eyes
    OriginalFilenameTmComm.sys

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 497c4fad471540e6e453d0cafb155740
    FieldValue
    ToBeSigned (TBS) MD578eaa337666217b1c16a9a0ebd0b8434
    ToBeSigned (TBS) SHA1ff9cb835e78f6185eed4372096c3bae53b17d18d
    ToBeSigned (TBS) SHA2561c0d9746725e176b4a7c2852878f14d7587f58e65d346bc1247f1c8ee6374250
    SubjectC=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.
    ValidFrom2017-04-27 00:00:00
    ValidTo2018-07-16 23:59:59
    Signaturef3b20c020c826fd9e2629408ffc97c9e245959d1050c9ce7708069d366d26af191812e16fce674eaca0d8f05b2a796280831737299800d2bfe0071efecf655117b7952a4d7c0701b97de034a1d42e928fd1a2082b081f9d22e9d39af3233cf05c1e61ae1f8fbfec872e78d9a0b29b4f147f1a053d1757a824601df2bb07c75c591fe7efbaf0021764b90cd446f85f80d14bc2cd42c83edfa7d2510f8f94c82d1b3ea999b1cff9093291977c7e996dc32904d3934f167077684ff76aa5327654a0bd7223d9d67657b47c5b46012dca6723d89e7fa051b3380d0c4977b9df537e75da3186ab149b27c089715a01bd695f408f7ded66bfbe920d27a6f6a7d4cc8b3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber497c4fad471540e6e453d0cafb155740
    Version3
    Certificate 611993e400000000001c
    FieldValue
    ToBeSigned (TBS) MD578a717e082dcc1cda3458d917e677d14
    ToBeSigned (TBS) SHA14a872e0e51f9b304469cd1dedb496ee9b8b983a4
    ToBeSigned (TBS) SHA256317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2011-02-22 19:25:17
    ValidTo2021-02-22 19:35:17
    Signature812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611993e400000000001c
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • RtlInitUnicodeString
    • KeInitializeEvent
    • KeClearEvent
    • KeSetEvent
    • KeEnterCriticalRegion
    • KeLeaveCriticalRegion
    • KeWaitForSingleObject
    • ExFreePoolWithTag
    • ExAcquireFastMutexUnsafe
    • ExReleaseFastMutexUnsafe
    • ProbeForRead
    • ProbeForWrite
    • ExAcquireResourceSharedLite
    • ExAcquireResourceExclusiveLite
    • ExReleaseResourceLite
    • MmProbeAndLockPages
    • MmUnlockPages
    • MmMapLockedPagesSpecifyCache
    • IoAllocateMdl
    • IoFreeMdl
    • IoGetCurrentProcess
    • ObfReferenceObject
    • ObfDereferenceObject
    • ZwClose
    • ZwCreateSection
    • ZwOpenSection
    • ZwMapViewOfSection
    • ZwUnmapViewOfSection
    • ZwOpenEvent
    • KePulseEvent
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • ObOpenObjectByPointer
    • ZwAllocateVirtualMemory
    • ZwFreeVirtualMemory
    • ZwSetEvent
    • __C_specific_handler
    • PsProcessType
    • wcslen
    • wcsncpy
    • wcsrchr
    • RtlUnicodeStringToInteger
    • ZwWaitForSingleObject
    • ZwRequestWaitReplyPort
    • ZwConnectPort
    • _stricmp
    • ExAllocatePoolWithTag
    • MmIsAddressValid
    • RtlImageNtHeader
    • ZwQuerySystemInformation
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • SeAccessCheck
    • ObGetObjectSecurity
    • ObReleaseObjectSecurity
    • PsGetProcessExitTime
    • PsThreadType
    • MmSectionObjectType
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • KeInitializeSemaphore
    • KeReleaseSemaphore
    • ExAcquireFastMutex
    • ExReleaseFastMutex
    • RtlCreateAcl
    • RtlAddAccessAllowedAce
    • RtlLengthRequiredSid
    • RtlInitializeSid
    • RtlSubAuthoritySid
    • KeDelayExecutionThread
    • ExGetPreviousMode
    • DbgPrint
    • swprintf
    • RtlCopyUnicodeString
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • PsGetCurrentProcessId
    • ZwCreateEvent
    • ExEventObjectType
    • _wcsnicmp
    • PsSetCreateProcessNotifyRoutine
    • ZwQueryInformationProcess
    • PsLookupProcessByProcessId
    • ZwOpenDirectoryObject
    • ExInitializeResourceLite
    • ExDeleteResourceLite
    • ZwCreateFile
    • ZwQueryInformationFile
    • ZwSetInformationFile
    • ZwReadFile
    • ZwWriteFile
    • towupper
    • MmGetSystemRoutineAddress
    • ObReferenceObjectByPointer
    • PsGetCurrentThreadId
    • ObQueryNameString
    • PsGetVersion
    • _snprintf
    • _vsnprintf
    • RtlInitAnsiString
    • wcscat
    • RtlFreeUnicodeString
    • RtlTimeToTimeFields
    • KeWaitForMultipleObjects
    • ExSystemTimeToLocalTime
    • ZwCreateKey
    • ZwDeviceIoControlFile
    • ZwNotifyChangeKey
    • ZwOpenFile
    • ZwQueryVolumeInformationFile
    • mbstowcs
    • IoGetDeviceObjectPointer
    • IoBuildDeviceIoControlRequest
    • IofCallDriver
    • IoCreateFile
    • RtlEqualUnicodeString
    • RtlAppendUnicodeStringToString
    • RtlUpcaseUnicodeChar
    • _snwprintf
    • strlen
    • _strnicmp
    • strncpy
    • NtOpenProcess
    • NtQueryInformationProcess
    • ObOpenObjectByName
    • KeSetPriorityThread
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • KeNumberProcessors
    • RtlLengthSecurityDescriptor
    • ZwOpenKey
    • ZwDeleteKey
    • ZwDeleteValueKey
    • ZwEnumerateKey
    • ZwEnumerateValueKey
    • ZwQueryKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • ZwTerminateProcess
    • ZwOpenProcess
    • ZwDuplicateObject
    • ZwQuerySecurityObject
    • ZwSetSecurityObject
    • ZwQueryDirectoryObject
    • ZwQueryDirectoryFile
    • NtCreateFile
    • NtQueryInformationFile
    • NtSetInformationFile
    • IoFileObjectType
    • ObInsertObject
    • wcschr
    • wcsncmp
    • RtlQueryRegistryValues
    • RtlAppendUnicodeToString
    • RtlCompareMemory
    • MmBuildMdlForNonPagedPool
    • IoAllocateIrp
    • IoFreeIrp
    • ZwOpenSymbolicLinkObject
    • ZwQuerySymbolicLinkObject
    • RtlUpcaseUnicodeString
    • NtClose
    • ZwSetInformationObject
    • SeQueryAuthenticationIdToken
    • MmSystemRangeStart
    • IoGetFileObjectGenericMapping
    • ObCreateObject
    • SeCreateAccessState
    • IoAcquireVpbSpinLock
    • IoReleaseVpbSpinLock
    • wcstombs
    • strncat
    • wcsncat
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • strcpy
    • wcsstr
    • RtlCompareUnicodeString
    • KeAcquireSpinLockRaiseToDpc
    • KeReleaseSpinLock
    • ExAllocatePool
    • ExpInterlockedPopEntrySList
    • IoBuildSynchronousFsdRequest
    • IoGetStackLimits
    • IoGetDeviceInterfaces
    • IoRegisterPlugPlayNotification
    • IoUnregisterPlugPlayNotification
    • IoGetConfigurationInformation
    • FsRtlIsNameInExpression
    • IoDeviceObjectType
    • IoCreateDevice
    • RtlGetOwnerSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlLengthSid
    • SeExports
    • IoIsWdmVersionAvailable
    • RtlAbsoluteToSelfRelativeSD
    • RtlAnsiStringToUnicodeString
    • _purecall
    • KeBugCheckEx

    Exported Functions

    Expand
    • ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
    • ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
    • ??0CBlobConfig@@QEAA@AEBV0@@Z
    • ??0CBlobConfig@@QEAA@K@Z
    • ??0CContext@@QEAA@AEBV0@@Z
    • ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
    • ??0CContextList@@QEAA@AEBV0@@Z
    • ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
    • ??0CDebugLog@@QEAA@AEBV0@@Z
    • ??0CDebugLog@@QEAA@PEBG@Z
    • ??0CDebugLogEx@@QEAA@AEBV0@@Z
    • ??0CDebugLogEx@@QEAA@K@Z
    • ??0CDelayLoadThread@@QEAA@AEBV0@@Z
    • ??0CDelayLoadThread@@QEAA@XZ
    • ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
    • ??0CExclusionExtConfig@@QEAA@KKE@Z
    • ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
    • ??0CExclusionFileNameConfig@@QEAA@KK@Z
    • ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
    • ??0CExclusionFilePathConfig@@QEAA@KK@Z
    • ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
    • ??0CExclusionFolderConfig@@QEAA@KK@Z
    • ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
    • ??0CExclusionRegistryConfig@@QEAA@KK@Z
    • ??0CFile@@QEAA@AEBV0@@Z
    • ??0CFile@@QEAA@E@Z
    • ??0CFileExtension@@QEAA@AEBV0@@Z
    • ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
    • ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
    • ??0CInclusionExtConfig@@QEAA@KKE@Z
    • ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
    • ??0CInclusionFileNameConfig@@QEAA@KK@Z
    • ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
    • ??0CInclusionFilePathConfig@@QEAA@KK@Z
    • ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
    • ??0CInclusionFolderConfig@@QEAA@KK@Z
    • ??0CKEvent@@QEAA@AEBV0@@Z
    • ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
    • ??0CList@@QEAA@AEBV0@@Z
    • ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
    • ??0CLockEvent@@QEAA@AEBV0@@Z
    • ??0CLockEvent@@QEAA@XZ
    • ??0CLockList@@QEAA@AEBV0@@Z
    • ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
    • ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
    • ??0CMemoryAllocator@@QEAA@AEBV0@@Z
    • ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
    • ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
    • ??0CModuleConfig@@QEAA@AEBV0@@Z
    • ??0CModuleConfig@@QEAA@XZ
    • ??0CModuleConfigList@@QEAA@AEBV0@@Z
    • ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
    • ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
    • ??0CModuleFileExtConfig@@QEAA@KKE@Z
    • ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
    • ??0CModuleFlagConfig@@QEAA@K@Z
    • ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
    • ??0CModuleMultiStringConfig@@QEAA@KK@Z
    • ??0CModuleStringConfig@@QEAA@AEBV0@@Z
    • ??0CModuleStringConfig@@QEAA@K@Z
    • ??0CNoLockList@@QEAA@AEBV0@@Z
    • ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
    • ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
    • ??0CSmartLock@@QEAA@XZ
    • ??0CSmartReference@@QEAA@AEAJ@Z
    • ??0CSmartReference@@QEAA@AEAK@Z
    • ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
    • ??0CStrList@@QEAA@AEBV0@@Z
    • ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
    • ??0CSystemThread@@QEAA@AEBV0@@Z
    • ??0CSystemThread@@QEAA@K@Z
    • ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
    • ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
    • ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
    • ??0CWorkerThread@@QEAA@AEBV0@@Z
    • ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
    • ??0CWorkerThreadJob@@QEAA@E@Z
    • ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
    • ??0CWorkerThreadJobQueue@@QEAA@K@Z
    • ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
    • ??0CWorkerThreadPool@@QEAA@K@Z
    • ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
    • ??0CWorkerThreadPoolEx@@QEAA@KK@Z
    • ??0IMemoryAllocator@@QEAA@AEBV0@@Z
    • ??0IMemoryAllocator@@QEAA@XZ
    • ??1CAutoUpdateConfigThread@@UEAA@XZ
    • ??1CBlobConfig@@UEAA@XZ
    • ??1CContext@@UEAA@XZ
    • ??1CContextList@@UEAA@XZ
    • ??1CDebugLog@@UEAA@XZ
    • ??1CDebugLogEx@@UEAA@XZ
    • ??1CDelayLoadThread@@UEAA@XZ
    • ??1CExclusionExtConfig@@UEAA@XZ
    • ??1CExclusionFileNameConfig@@UEAA@XZ
    • ??1CExclusionFilePathConfig@@UEAA@XZ
    • ??1CExclusionFolderConfig@@UEAA@XZ
    • ??1CExclusionRegistryConfig@@UEAA@XZ
    • ??1CFile@@UEAA@XZ
    • ??1CFileExtension@@UEAA@XZ
    • ??1CInclusionExtConfig@@UEAA@XZ
    • ??1CInclusionFileNameConfig@@UEAA@XZ
    • ??1CInclusionFilePathConfig@@UEAA@XZ
    • ??1CInclusionFolderConfig@@UEAA@XZ
    • ??1CKEvent@@UEAA@XZ
    • ??1CList@@UEAA@XZ
    • ??1CLockEvent@@UEAA@XZ
    • ??1CLockList@@UEAA@XZ
    • ??1CMemoryAllocator@@UEAA@XZ
    • ??1CMemoryPoolAllocator@@UEAA@XZ
    • ??1CModuleConfig@@UEAA@XZ
    • ??1CModuleConfigList@@UEAA@XZ
    • ??1CModuleFileExtConfig@@UEAA@XZ
    • ??1CModuleFlagConfig@@UEAA@XZ
    • ??1CModuleMultiStringConfig@@UEAA@XZ
    • ??1CModuleStringConfig@@UEAA@XZ
    • ??1CNoLockList@@UEAA@XZ
    • ??1CSmartLock@@QEAA@XZ
    • ??1CSmartReference@@QEAA@XZ
    • ??1CSmartResource@@QEAA@XZ
    • ??1CStrList@@UEAA@XZ
    • ??1CSystemThread@@UEAA@XZ
    • ??1CUserFuncAdapterJob@@UEAA@XZ
    • ??1CWorkerThread@@UEAA@XZ
    • ??1CWorkerThreadJob@@UEAA@XZ
    • ??1CWorkerThreadJobQueue@@UEAA@XZ
    • ??1CWorkerThreadPool@@UEAA@XZ
    • ??1CWorkerThreadPoolEx@@UEAA@XZ
    • ??1IMemoryAllocator@@UEAA@XZ
    • ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
    • ??2CMemoryAllocator@@SAPEAX_K@Z
    • ??2CMemoryPoolAllocator@@SAPEAX_K@Z
    • ??3@YAXPEAX@Z
    • ??3@YAXPEAX_K@Z
    • ??3IMemoryAllocator@@SAXPEAX@Z
    • ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
    • ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
    • ??4CContext@@QEAAAEAV0@AEBV0@@Z
    • ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
    • ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
    • ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
    • ??4CFile@@QEAAAEAV0@AEBV0@@Z
    • ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
    • ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
    • ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
    • ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
    • ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
    • ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
    • ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
    • ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
    • ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
    • ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
    • ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
    • ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
    • ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
    • ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
    • ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
    • ??_7CAutoUpdateConfigThread@@6B@
    • ??_7CBlobConfig@@6B@
    • ??_7CContext@@6B@
    • ??_7CContextList@@6B@
    • ??_7CDebugLog@@6B@
    • ??_7CDebugLogEx@@6B@
    • ??_7CDelayLoadThread@@6B@
    • ??_7CExclusionExtConfig@@6B@
    • ??_7CExclusionFileNameConfig@@6B@
    • ??_7CExclusionFilePathConfig@@6B@
    • ??_7CExclusionFolderConfig@@6B@
    • ??_7CExclusionRegistryConfig@@6B@
    • ??_7CFile@@6B@
    • ??_7CFileExtension@@6B@
    • ??_7CInclusionExtConfig@@6B@
    • ??_7CInclusionFileNameConfig@@6B@
    • ??_7CInclusionFilePathConfig@@6B@
    • ??_7CInclusionFolderConfig@@6B@
    • ??_7CKEvent@@6B@
    • ??_7CList@@6B@
    • ??_7CLockEvent@@6B@
    • ??_7CLockList@@6B@
    • ??_7CMemoryAllocator@@6B@
    • ??_7CMemoryPoolAllocator@@6B@
    • ??_7CModuleConfig@@6B@
    • ??_7CModuleConfigList@@6B@
    • ??_7CModuleFileExtConfig@@6B@
    • ??_7CModuleFlagConfig@@6B@
    • ??_7CModuleMultiStringConfig@@6B@
    • ??_7CModuleStringConfig@@6B@
    • ??_7CNoLockList@@6B@
    • ??_7CStrList@@6B@
    • ??_7CSystemThread@@6B@
    • ??_7CUserFuncAdapterJob@@6B@
    • ??_7CWorkerThread@@6B@
    • ??_7CWorkerThreadJob@@6B@
    • ??_7CWorkerThreadJobQueue@@6B@
    • ??_7CWorkerThreadPool@@6B@
    • ??_7CWorkerThreadPoolEx@@6B@
    • ??_7IMemoryAllocator@@6B@
    • ??_FCContextList@@QEAAXXZ
    • ??_FCFile@@QEAAXXZ
    • ??_FCFileExtension@@QEAAXXZ
    • ??_FCModuleConfigList@@QEAAXXZ
    • ??_FCStrList@@QEAAXXZ
    • ??_FCSystemThread@@QEAAXXZ
    • ??_FCWorkerThread@@QEAAXXZ
    • ??_FCWorkerThreadJob@@QEAAXXZ
    • ??_FCWorkerThreadJobQueue@@QEAAXXZ
    • ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
    • ??_V@YAXPEAX@Z
    • ??_V@YAXPEAX_K@Z
    • ?Acquire@CLockEvent@@QEAAXXZ
    • ?Add@CContextList@@QEAAEPEAVCContext@@@Z
    • ?Add@CFileExtension@@QEAAEPEBGK@Z
    • ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
    • ?Add@CStrList@@QEAAEPEBG@Z
    • ?AddNode@CLockList@@UEAAEQEAXE@Z
    • ?AddNode@CNoLockList@@UEAAEQEAXE@Z
    • ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
    • ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
    • ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
    • ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
    • ?Cancel@CWorkerThreadJob@@QEAAXXZ
    • ?CheckNode@CLockList@@UEAAHQEAX@Z
    • ?CheckNode@CNoLockList@@UEAAHQEAX@Z
    • ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
    • ?Cleanup@CBlobConfig@@AEAAXXZ
    • ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
    • ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
    • ?Cleanup@CModuleStringConfig@@AEAAXXZ
    • ?Close@CFile@@QEAAJXZ
    • ?Count@CLockList@@QEAAKXZ
    • ?Count@CNoLockList@@QEAAKXZ
    • ?Create@CFile@@QEAAJPEBGKKKK@Z
    • ?Create@CSystemThread@@QEAAEXZ
    • ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
    • ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
    • ?CreatePool@CWorkerThreadPool@@QEAAEXZ
    • ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
    • ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
    • ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
    • ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
    • ?Delete@CFile@@QEAAJXZ
    • ?Delete@CFileExtension@@QEAAEPEBGK@Z
    • ?Delete@CStrList@@QEAAEPEBG@Z
    • ?DeleteAll@CList@@UEAAXXZ
    • ?DeleteAll@CLockList@@UEAAXXZ
    • ?DeleteAll@CNoLockList@@UEAAXXZ
    • ?DeleteNode@CContextList@@MEAAXPEAX@Z
    • ?DeleteNode@CList@@UEAAXPEAX@Z
    • ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
    • ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
    • ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
    • ?DoIt@CWorkerThreadJob@@QEAAJXZ
    • ?EntryPoint@CSystemThread@@KAXPEAX@Z
    • ?Find@CContextList@@QEAAPEAVCContext@@K@Z
    • ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
    • ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
    • ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
    • ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
    • ?FindNode@CContextList@@IEAAPEAXPEAX@Z
    • ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
    • ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
    • ?FinishIt@CWorkerThreadJob@@QEAAJXZ
    • ?First@CList@@UEAAPEAXXZ
    • ?First@CLockList@@UEAAPEAXXZ
    • ?First@CNoLockList@@UEAAPEAXXZ
    • ?Free@CMemoryAllocator@@UEAAXPEAX@Z
    • ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
    • ?GetAttributes@CFile@@QEAAKXZ
    • ?GetBasicInfomration@CFile@@IEAAJXZ
    • ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
    • ?GetCategory@CContext@@QEAAKXZ
    • ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
    • ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
    • ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
    • ?GetData@CModuleFlagConfig@@QEAAKXZ
    • ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
    • ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
    • ?GetData@CModuleStringConfig@@QEAAPEAGXZ
    • ?GetData@CStrList@@QEAAEPEAGPEAK@Z
    • ?GetDataType@CModuleConfig@@QEAAKXZ
    • ?GetEngineContext@CContext@@QEAAPEAXXZ
    • ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
    • ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
    • ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
    • ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
    • ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
    • ?GetID@CModuleConfig@@QEAAKXZ
    • ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
    • ?GetLength@CModuleStringConfig@@QEAAKXZ
    • ?GetLinkContext@CContext@@QEAAPEAXXZ
    • ?GetLogFlag@CDebugLog@@QEAAKXZ
    • ?GetLogFlag@CDebugLogEx@@QEAAKXZ
    • ?GetModuleId@CModuleConfig@@QEAAKXZ
    • ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
    • ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
    • ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
    • ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
    • ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
    • ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
    • ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
    • ?GetSize@CBlobConfig@@QEAAKXZ
    • ?GetStringConfig@CContext@@QEAAPEAGK@Z
    • ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
    • ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
    • ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
    • ?GetThreadID@CSystemThread@@QEAA_KXZ
    • ?GetType@CContext@@QEAAKXZ
    • ?GetUserParameter@CContext@@QEAA_KXZ
    • ?InitProcMon@CDebugLogEx@@IEAAXXZ
    • ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
    • ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
    • ?InitializeFlagConfig@CContext@@QEAAHKK@Z
    • ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
    • ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
    • ?Insert@CList@@UEAAXQEAXE@Z
    • ?Insert@CLockList@@UEAAXQEAXE@Z
    • ?Insert@CNoLockList@@UEAAXQEAXE@Z
    • ?InsertAfter@CList@@UEAAXPEAX0@Z
    • ?InsertBefore@CList@@UEAAXPEAX0@Z
    • ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
    • ?IsEmpty@CList@@UEAAEXZ
    • ?IsEmpty@CLockList@@UEAAEXZ
    • ?IsEmpty@CNoLockList@@UEAAEXZ
    • ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
    • ?IsFull@CLockList@@QEBAEXZ
    • ?IsFull@CNoLockList@@QEBAEXZ
    • ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
    • ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
    • ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
    • ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
    • ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
    • ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
    • ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
    • ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
    • ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
    • ?IsOpened@CFile@@QEAAEXZ
    • ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
    • ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
    • ?IsValid@CMemoryAllocator@@UEAAEXZ
    • ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
    • ?IsValid@IMemoryAllocator@@UEAAEXZ
    • ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
    • ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
    • ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
    • ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
    • ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
    • ?Limit@CLockList@@QEAAKXZ
    • ?Limit@CNoLockList@@QEAAKXZ
    • ?MatchAllExtensions@CFileExtension@@QEAAEXZ
    • ?MatchNoExtensions@CFileExtension@@QEAAEXZ
    • ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
    • ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
    • ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
    • ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
    • ?NewNode@CList@@UEAAPEAXXZ
    • ?NewNode@CStrList@@EEAAPEAXXZ
    • ?NewNodeVariant@CList@@IEAAPEAXK@Z
    • ?Next@CList@@UEBAPEAXQEAX@Z
    • ?Next@CLockList@@UEBAPEAXQEAX@Z
    • ?Next@CNoLockList@@UEBAPEAXQEAX@Z
    • ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
    • ?NotityTerminate@CWorkerThread@@QEAAXXZ
    • ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
    • ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
    • ?Pulse@CKEvent@@QEAAJJE@Z
    • ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
    • ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
    • ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
    • ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
    • ?Read@CFile@@QEAAJPEADKPEAK@Z
    • ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
    • ?ReferenceCount@CContext@@QEAAAEAKXZ
    • ?Release@CLockEvent@@QEAAXXZ
    • ?Remove@CContextList@@UEAAEQEAX@Z
    • ?Remove@CList@@UEAAEQEAX@Z
    • ?Remove@CLockList@@UEAAEQEAX@Z
    • ?Remove@CNoLockList@@UEAAEQEAX@Z
    • ?RemoveHead@CList@@UEAAPEAXXZ
    • ?RemoveHead@CLockList@@UEAAPEAXXZ
    • ?RemoveHead@CNoLockList@@UEAAPEAXXZ
    • ?RemoveTail@CList@@UEAAPEAXXZ
    • ?RemoveTail@CLockList@@UEAAPEAXXZ
    • ?RemoveTail@CNoLockList@@UEAAPEAXXZ
    • ?Reset@CKEvent@@QEAAXXZ
    • ?ResetData@CInclusionExtConfig@@QEAAXXZ
    • ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
    • ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
    • ?ResetData@CInclusionFolderConfig@@QEAAXXZ
    • ?RestoreCR0@@YAXPEAX@Z
    • ?Run@CAutoUpdateConfigThread@@UEAAXXZ
    • ?Run@CDelayLoadThread@@UEAAXXZ
    • ?Run@CWorkerThread@@UEAAXXZ
    • ?SeekToEnd@CFile@@QEAAJXZ
    • ?Set@CKEvent@@QEAAJJE@Z
    • ?SetAttributes@CFile@@QEAAJK@Z
    • ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
    • ?SetData@CBlobConfig@@QEAAHPEAXK@Z
    • ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
    • ?SetData@CModuleFlagConfig@@QEAAHK@Z
    • ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
    • ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
    • ?SetEngineContext@CContext@@QEAAXPEAX@Z
    • ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
    • ?SetFlagConfig@CContext@@UEAAJKK@Z
    • ?SetLinkContext@CContext@@QEAAXPEAX@Z
    • ?SetLogFlag@CDebugLog@@QEAAEK@Z
    • ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
    • ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
    • ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
    • ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
    • ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
    • ?SetPriority@CSystemThread@@QEAAXK@Z
    • ?SetStopUse@CContext@@QEAAXXZ
    • ?SetStringConfig@CContext@@UEAAJKPEBG@Z
    • ?Setup@CSystemThread@@MEAAXXZ
    • ?StopUse@CContext@@QEAAHXZ
    • ?TearDown@CSystemThread@@MEAAXXZ
    • ?Terminate@CSystemThread@@QEAAXE@Z
    • ?Terminate@CWorkerThreadPool@@QEAAEXZ
    • ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
    • ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
    • ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
    • ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
    • ?WaitForInit@CDelayLoadThread@@QEAAEXZ
    • ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
    • ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
    • ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
    • ?Write@CDebugLog@@QEAAXPEBDZZ
    • ?Write@CDebugLogEx@@QEAAXPEBDZZ
    • ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
    • ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
    • ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
    • ?WriteSystemInformation@CDebugLog@@QEAAXXZ
    • ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
    • ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
    • ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
    • ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
    • ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
    • ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
    • ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
    • ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
    • ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
    • AllocFullFileName
    • DeInitKm2UmCommunication
    • DeInitKmLPC
    • DuplicateFullFileName
    • FreeFullFileName
    • GetKm2UmMode
    • GetModuleInfoByAddress
    • GetModuleInfoByModuleName
    • InitKm2UmCommunication
    • InitKmLPC
    • IsVerifierCodeCheckFlagOn
    • IsWindows8_1_update
    • KmCallUm
    • KmCallUmByLPC
    • KmCallUmEx
    • KmCleanupCommPortAPIs
    • KmGetUmInitProcess
    • KmSetBackupCommPortAPIs
    • KmSetCommPortAPIs
    • ModGetExportProcAddress
    • ModLoadDLLToBuffer
    • ModLoadDLLToBufferWithImageSize
    • ModLoadModule
    • ModUnLoadModule
    • NormalizeFileName
    • NormalizeFullNtPathToDosName
    • TmCommConfigRoutine
    • UtilAddDeviceInDriveTable
    • UtilAddReparsePointMapping
    • UtilCleanFileReadOnly
    • UtilCloseExclusiveHandle
    • UtilCreateDosFileName
    • UtilDeleteFileForce
    • UtilGetDeviceObjectName
    • UtilGetFileNameFromFileObject
    • UtilGetFileObjectForProcessByEPROC
    • UtilGetFileObjectFromFileName
    • UtilGetProcessName
    • UtilGetSystemDirectory
    • UtilGetSystemDirectoryEx
    • UtilGetSystemDirectoryLength
    • UtilGetSystemTime
    • UtilIoSetFileInfo
    • UtilIopCreateFileIRP
    • UtilKeGetLowFileDevice
    • UtilModuleIATHook
    • UtilModuleIATUnHook
    • UtilPostJobToWorkerThread
    • UtilQueryExclusiveHandle
    • UtilQueryKeyValue
    • UtilRemoveDeviceFromDriveTable
    • UtilVolumeDeviceToDosName
    • UtilWaitValueChangeToZero
    • UtilWriteVersionToRegistry
    • UtilbuildDynamicDiskMappingTable
    • UtlWriteBinValueKeyToRegistry
    • ValidateAddressWithSize
    • _ResetProtectFromClose
    • _UtilDosPathNameToNtPathName

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • .gfids
    • PAGE
    • .edata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
          "Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
          "TBS": {
            "MD5": "d0785ad36e427c92b19f6826ab1e8020",
            "SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
            "SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
            "SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
          },
          "ValidFrom": "2012-12-21 00:00:00",
          "ValidTo": "2020-12-30 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
          "Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
          "TBS": {
            "MD5": "e9d38360b914c8863f6cba3ee58764d3",
            "SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
            "SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
            "SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
          },
          "ValidFrom": "2012-10-18 00:00:00",
          "ValidTo": "2020-12-29 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "497c4fad471540e6e453d0cafb155740",
          "Signature": "f3b20c020c826fd9e2629408ffc97c9e245959d1050c9ce7708069d366d26af191812e16fce674eaca0d8f05b2a796280831737299800d2bfe0071efecf655117b7952a4d7c0701b97de034a1d42e928fd1a2082b081f9d22e9d39af3233cf05c1e61ae1f8fbfec872e78d9a0b29b4f147f1a053d1757a824601df2bb07c75c591fe7efbaf0021764b90cd446f85f80d14bc2cd42c83edfa7d2510f8f94c82d1b3ea999b1cff9093291977c7e996dc32904d3934f167077684ff76aa5327654a0bd7223d9d67657b47c5b46012dca6723d89e7fa051b3380d0c4977b9df537e75da3186ab149b27c089715a01bd695f408f7ded66bfbe920d27a6f6a7d4cc8b3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.",
          "TBS": {
            "MD5": "78eaa337666217b1c16a9a0ebd0b8434",
            "SHA1": "ff9cb835e78f6185eed4372096c3bae53b17d18d",
            "SHA256": "1c0d9746725e176b4a7c2852878f14d7587f58e65d346bc1247f1c8ee6374250",
            "SHA384": "ffe3c75b860679a5de399c7d2c2844dbfac51d5d8581e24648d208daba1e4bed5c867808e02dc8d7cb3df1d4b2b53d10"
          },
          "ValidFrom": "2017-04-27 00:00:00",
          "ValidTo": "2018-07-16 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611993e400000000001c",
          "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "78a717e082dcc1cda3458d917e677d14",
            "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
            "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
            "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
          },
          "ValidFrom": "2011-02-22 19:25:17",
          "ValidTo": "2021-02-22 19:35:17",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "497c4fad471540e6e453d0cafb155740",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    source

    last_updated: 2024-09-26