diff --git a/yaml/010870ad-c19b-498a-9018-70dc0c7ac3bd.yaml b/yaml/010870ad-c19b-498a-9018-70dc0c7ac3bd.yaml
deleted file mode 100644
index 6f700569..00000000
--- a/yaml/010870ad-c19b-498a-9018-70dc0c7ac3bd.yaml
+++ /dev/null
@@ -1,171 +0,0 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
-Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create AsUpIO.sys binPath=C:\windows\temp\AsUpIO.sys type=kernel
-    && sc.exe start AsUpIO.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection: []
-Id: 010870ad-c19b-498a-9018-70dc0c7ac3bd
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 3e6db96f242c0c3115075add7d7847a0
-    SHA1: c5da546e0af6119f033a5d4ed79e7f5d90c004ff
-    SHA256: 70870e20f563899e4f05be2d0049cb495552b409ca7f4729a335bcbfffc3f47c
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-10-20 01:35:13'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: AsUpIO.sys
-  ImportedFunctions:
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 6d4159694e1754f262e326b52a3b305a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ASUSTeK Computer Inc.
-  RichPEHeaderHash:
-    MD5: 058831031bc182e09fd9501e62a8c8ce
-    SHA1: 23c55978de25c037af392054d26cc72818ee3a60
-    SHA256: 7890a60d1090102ce6bb8cacac02b827a9edbbdf8ec13c022a9170b0ee036c43
-  SHA1: d5fd9fe10405c4f90235e583526164cd0902ed86
-  SHA256: b9a4e40a5d80fedd1037eaed958f9f9efed41eb01ada73d51b5dcd86e27e0cbf
-  Sections:
-    .text:
-      Entropy: 6.059938493523471
-      Virtual Size: '0xe9c'
-    .rdata:
-      Entropy: 4.411239902936905
-      Virtual Size: '0x198'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.3572264762803816
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 4.554674727952949
-      Virtual Size: '0x24a'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2009-08-03 00:00:00'
-      ValidTo: '2012-08-03 23:59:59'
-      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Version: 3
-      TBS:
-        MD5: a8e2727ca2cb8705c02aaef015feb372
-        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
-        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
-        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
-    Signer:
-    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 9d5a58052468c8e07ff3d5bd730e5d00
-  LoadsDespiteHVCI: 'TRUE'
-MitreID: T1068
-Resources:
-- ' https://github.com/namazso/physmem_drivers'
-- https://github.com/namazso/physmem_drivers
-Tags:
-- AsUpIO.sys
-Verified: 'TRUE'
diff --git a/yaml/1d2cdef1-de44-4849-80e5-e2fa288df681.yaml b/yaml/1d2cdef1-de44-4849-80e5-e2fa288df681.yaml
index 115377ea..1e68451d 100644
--- a/yaml/1d2cdef1-de44-4849-80e5-e2fa288df681.yaml
+++ b/yaml/1d2cdef1-de44-4849-80e5-e2fa288df681.yaml
@@ -223,8 +223,9 @@ Resources:
 - https://github.com/Exploitables/CVE-2015-2291
 - https://github.com/Tare05/Intel-CVE-2015-2291
 - https://github.com/TheCruZ/kdmapper
-- ''
+- https://gist.github.com/k4nfr3/af970e7facb09195e56f2112e1c9549c
 Tags:
 - iqvw64e.sys
 - iQVW64.SYS
+- NalDrv.sys
 Verified: 'TRUE'
diff --git a/yaml/20076ebf-4427-4056-b035-5238f95debe9.yaml b/yaml/20076ebf-4427-4056-b035-5238f95debe9.yaml
deleted file mode 100644
index b69ffe06..00000000
--- a/yaml/20076ebf-4427-4056-b035-5238f95debe9.yaml
+++ /dev/null
@@ -1,192 +0,0 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
-Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create BSMIXP64.sys binPath=C:\windows\temp\BSMIXP64.sys type=kernel
-    && sc.exe start BSMIXP64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 20076ebf-4427-4056-b035-5238f95debe9
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 0dea670f26bf6bf65701c4aa0dd89079
-    SHA1: cc071f9cc1cb577b22824d401b63508f61cd76c0
-    SHA256: df82f155376b4e95a3f497b7362ba6039c04d2ae78926f626dbe1a459bc626d7
-  Company: ''
-  Copyright: Copyright (C) BIOSTAR Corp. 2011
-  CreationTimestamp: '2012-08-29 02:16:01'
-  Date: ''
-  Description: SMI Driver
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.3
-  Filename: BSMIXP64.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlAssert
-  - DbgPrint
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: BSMI.sys
-  MD5: fac8eb49e2fd541b81fcbdeb98a199cb
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: BSMI.sys
-  Product: ''
-  ProductVersion: 1.0.0.3
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3be75f081abbf99ce6301a0d05ac2359
-    SHA1: a48fe1a284ba70b96c39ed2779f343bc84d3bd66
-    SHA256: a222a1ed1250afdb5191e967ce4ac6d941b921e778bf247f7c339326c86d6a63
-  SHA1: 9a35ae9a1f95ce4be64adc604c80079173e4a676
-  SHA256: 59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347
-  Sections:
-    .text:
-      Entropy: 5.332274090432314
-      Virtual Size: '0x1ec'
-    .rdata:
-      Entropy: 4.219189311950067
-      Virtual Size: '0x138'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.2803544650278664
-      Virtual Size: '0x78'
-    PAGE:
-      Entropy: 5.860418233355002
-      Virtual Size: '0x10b7'
-    INIT:
-      Entropy: 5.45891810936059
-      Virtual Size: '0x44a'
-    .rsrc:
-      Entropy: 3.213568148851367
-      Virtual Size: '0x378'
-  Signature:
-  - BIOSTAR MICROTECH INT'L CORP
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L CORP,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=BMA;BMG, CN=BIOSTAR
-        MICROTECH INT'L CORP
-      ValidFrom: '2010-09-19 00:00:00'
-      ValidTo: '2013-10-19 23:59:59'
-      Signature: 06b346c5f71bba225d131ad7b037d6c016703a8f3d89746a2d49e5641a0ccd4034c78e4a5a756380d88cf8321b3c886cb5e2656c16c03cff1588b126a7d206fd98fd7e2d61cc80998dfb58d4652112aa258506f779543fcc0b72c06f2174f11bb01017a5c49ae4b31fd913cee75241022e7c5bd14ffff2dbe5f9c211b1a8b3bd9cc3cb5648712c5b57397f136c105148021299be4d99ba1c29d611adb10695d4565a697efe03e6c95d869883c63dffb2fac5f3db7612608f6ee7a59646031231292c7904d69bd997c266ad2f1bca7e35453a08e53d8d9e302b9bbeeca812c64f03bc641cdeb7c5ba70999724f7d92918f1f8a8657f95290cc16ee0e281a785e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 124dc5a63cc2bd8265445e912ed07d1f
-      Version: 3
-      TBS:
-        MD5: beccd5c41126e0c537cf489954b53feb
-        SHA1: 109fbb823652c1148c4949cdc860abd5b4ad24e5
-        SHA256: aac7608d0bcb286dc9869eb39125b27a960d9533db860cc9e3148149ca149c4a
-        SHA384: 16a03de40518fd3ffcee724d218effca4edfd9abf66d374d45ef3310ccf7e5be707f27588306b4c1bf28172a7d281869
-    Signer:
-    - SerialNumber: 124dc5a63cc2bd8265445e912ed07d1f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: bc5c06a7fa9555f3f34043d828d9b123
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- ' https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md'
-- https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- BSMIXP64.sys
-Verified: 'TRUE'
diff --git a/yaml/23f11e19-0776-4dd4-9c9c-7f6b60f8553f.yaml b/yaml/23f11e19-0776-4dd4-9c9c-7f6b60f8553f.yaml
index b86372b9..5dcd8d18 100644
--- a/yaml/23f11e19-0776-4dd4-9c9c-7f6b60f8553f.yaml
+++ b/yaml/23f11e19-0776-4dd4-9c9c-7f6b60f8553f.yaml
@@ -220,4 +220,5 @@ Resources:
 - https://gist.github.com/k4nfr3/af970e7facb09195e56f2112e1c9549c
 Tags:
 - ATSZIO.sys
+- ATSZIO64.sys
 Verified: 'TRUE'
diff --git a/yaml/2651f5c4-d9e1-4b06-92be-e9e7313f87c4.yaml b/yaml/2651f5c4-d9e1-4b06-92be-e9e7313f87c4.yaml
index 8e453346..66f0edd6 100644
--- a/yaml/2651f5c4-d9e1-4b06-92be-e9e7313f87c4.yaml
+++ b/yaml/2651f5c4-d9e1-4b06-92be-e9e7313f87c4.yaml
@@ -1,18 +1,20 @@
 Id: 2651f5c4-d9e1-4b06-92be-e9e7313f87c4
-Author: Nasreddine Bencherchali
-Created: '2023-05-06'
+Author: Nasreddine Bencherchali, Michael Haag
+Created: '2023-01-09'
 MitreID: T1068
 Category: vulnerable driver
 Verified: 'TRUE'
 Commands:
   Command: sc.exe create asio.sys binPath=C:\windows\temp\asio.sys type=kernel &&
     sc.exe start asio.sys
-  Description: ''
+  Description: Confirmed vulnerable driver from Microsoft Block List
   Usecase: Elevate privileges
   Privileges: kernel
   OperatingSystem: Windows 10
 Resources:
 - Internal Research
+- https://github.com/namazso/physmem_drivers
+- https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
 Acknowledgement:
   Person: ''
   Handle: ''
@@ -2789,5 +2791,1721 @@ KnownVulnerableSamples:
   CreationTimestamp: '2022-02-17 05:12:10'
   Imphash: b3e26c5e0de2d01597dca208ef27cc38
   LoadsDespiteHVCI: 'TRUE'
+- Authentihash:
+    MD5: 9fd03554246c6c74c232919c680d7be8
+    SHA1: b25550309c902a21b03367ae27694c5a29b891b5
+    SHA256: c3e3719ca592ba65a67f594ec1a08d0d7ad724b088be77d48cb33627c56f4614
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2010-06-27 23:19:38'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: AsIO.sys
+  ImportedFunctions:
+  - ZwMapViewOfSection
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - RtlInitUnicodeString
+  - IoDeleteDevice
+  - IoDeleteSymbolicLink
+  - ZwClose
+  - MmGetPhysicalAddress
+  - MmAllocateContiguousMemory
+  - ZwUnmapViewOfSection
+  - IoIs32bitProcess
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - IofCompleteRequest
+  - KeDelayExecutionThread
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: 1dc94a6a82697c62a04e461d7a94d0b0
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ASUSTeK Computer Inc.
+  RichPEHeaderHash:
+    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
+    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
+    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
+  SHA1: b97a8d506be2e7eaa4385f70c009b22adbd071ba
+  SHA256: 2da330a2088409efc351118445a824f11edbe51cf3d653b298053785097fe40e
+  Sections:
+    .text:
+      Entropy: 6.108859458208728
+      Virtual Size: '0xd86'
+    .rdata:
+      Entropy: 4.337980114178664
+      Virtual Size: '0x188'
+    .data:
+      Entropy: 0.0
+      Virtual Size: '0xc'
+    .pdata:
+      Entropy: 3.2608964358708645
+      Virtual Size: '0x84'
+    INIT:
+      Entropy: 4.571215641554434
+      Virtual Size: '0x24a'
+  Signature:
+  - ASUSTeK Computer Inc.
+  - VeriSign Class 3 Code Signing 2009-2 CA
+  - VeriSign Class 3 Public Primary CA
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
+        G2
+      ValidFrom: '2007-06-15 00:00:00'
+      ValidTo: '2012-06-14 23:59:59'
+      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+      Version: 3
+      TBS:
+        MD5: d6c7684e9aaa508cf268335f83afe040
+        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+      ValidFrom: '2003-12-04 00:00:00'
+      ValidTo: '2013-12-03 23:59:59'
+      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+      Version: 3
+      TBS:
+        MD5: 518d2ea8a21e879c942d504824ac211c
+        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
+        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
+        CA
+      ValidFrom: '2009-05-21 00:00:00'
+      ValidTo: '2019-05-20 23:59:59'
+      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+      Version: 3
+      TBS:
+        MD5: 650704c342850095f3288eaf791147d4
+        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+      ValidFrom: '2006-05-23 17:01:29'
+      ValidTo: '2016-05-23 17:11:29'
+      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 610c120600000000001b
+      Version: 3
+      TBS:
+        MD5: 53c41bc1164e09e0cd1617a5bf913efd
+        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
+        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
+        CN=ASUSTeK Computer Inc.
+      ValidFrom: '2009-08-03 00:00:00'
+      ValidTo: '2012-08-03 23:59:59'
+      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+      Version: 3
+      TBS:
+        MD5: a8e2727ca2cb8705c02aaef015feb372
+        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
+        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
+        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
+    Signer:
+    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
+        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
+        CA
+      Version: 1
+  Imphash: b4b90c1b054ebe273bff4b2fd6927990
+  LoadsDespiteHVCI: 'FALSE'
+- Authentihash:
+    MD5: 7bb2dcc29ba50372d08fea800c190f09
+    SHA1: e5c090903a20744ba3583a8ea684d035e8cecc34
+    SHA256: 9dcfd796e244d0687cc35eac9538f209f76c6df12de166f19dbc7d2c47fb16b3
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2012-08-22 03:54:47'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: AsIO.sys
+  ImportedFunctions:
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - RtlInitUnicodeString
+  - ZwClose
+  - IoDeleteDevice
+  - IoDeleteSymbolicLink
+  - ZwMapViewOfSection
+  - MmGetPhysicalAddress
+  - MmAllocateContiguousMemory
+  - ZwUnmapViewOfSection
+  - IoIs32bitProcess
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - IofCompleteRequest
+  - KeDelayExecutionThread
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: 798de15f187c1f013095bbbeb6fb6197
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ASUSTeK Computer Inc.
+  RichPEHeaderHash:
+    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
+    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
+    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
+  SHA1: 92f251358b3fe86fd5e7aa9b17330afa0d64a705
+  SHA256: 436ccab6f62fa2d29827916e054ade7acae485b3de1d3e5c6c62d3debf1480e7
+  Sections:
+    .text:
+      Entropy: 6.1181571322303645
+      Virtual Size: '0xd66'
+    .rdata:
+      Entropy: 4.313686441268313
+      Virtual Size: '0x188'
+    .data:
+      Entropy: 0.0
+      Virtual Size: '0xc'
+    .pdata:
+      Entropy: 3.3006321366120503
+      Virtual Size: '0x84'
+    INIT:
+      Entropy: 4.548019208277369
+      Virtual Size: '0x24a'
+  Signature:
+  - ASUSTeK Computer Inc.
+  - VeriSign Class 3 Code Signing 2010 CA
+  - VeriSign
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
+        , G3
+      ValidFrom: '2012-05-01 00:00:00'
+      ValidTo: '2012-12-31 23:59:59'
+      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+      Version: 3
+      TBS:
+        MD5: e6d820afb23af20a65cf0b03247ea05e
+        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+      ValidFrom: '2003-12-04 00:00:00'
+      ValidTo: '2013-12-03 23:59:59'
+      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+      Version: 3
+      TBS:
+        MD5: 518d2ea8a21e879c942d504824ac211c
+        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
+        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
+        Authority , G5
+      ValidFrom: '2006-11-08 00:00:00'
+      ValidTo: '2021-11-07 23:59:59'
+      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+      Version: 3
+      TBS:
+        MD5: 918d9eb6a6cd36c531eceb926170a7e1
+        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+      ValidFrom: '2006-05-23 17:01:29'
+      ValidTo: '2016-05-23 17:11:29'
+      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 610c120600000000001b
+      Version: 3
+      TBS:
+        MD5: 53c41bc1164e09e0cd1617a5bf913efd
+        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
+        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
+        CN=ASUSTeK Computer Inc.
+      ValidFrom: '2012-07-31 00:00:00'
+      ValidTo: '2015-08-03 23:59:59'
+      Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+      Version: 3
+      TBS:
+        MD5: 72cafb0a175f0481177fa2c9803283c7
+        SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
+        SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
+        SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
+    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
+        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
+        CA
+      ValidFrom: '2010-02-08 00:00:00'
+      ValidTo: '2020-02-07 23:59:59'
+      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+      Version: 3
+      TBS:
+        MD5: b30c31a572b0409383ed3fbe17e56e81
+        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+    Signer:
+    - SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
+        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
+        CA
+      Version: 1
+  Imphash: d7de998e454f947f62d4a6b66490563b
+  LoadsDespiteHVCI: 'FALSE'
+- Authentihash:
+    MD5: 1e97ead4c5049f8fefe2b72edd5fa90e
+    SHA1: 2a95f882dd9bafcc57f144a2708a7ec67dd7844c
+    SHA256: 7f75d91844b0c162eeb24d14bcf63b7f230e111daa7b0a26eaa489eeb22d9057
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2010-08-02 20:47:59'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: AsIO.sys
+  ImportedFunctions:
+  - ZwMapViewOfSection
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - RtlInitUnicodeString
+  - IoDeleteDevice
+  - IoDeleteSymbolicLink
+  - ZwClose
+  - MmGetPhysicalAddress
+  - MmAllocateContiguousMemory
+  - ZwUnmapViewOfSection
+  - IoIs32bitProcess
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - IofCompleteRequest
+  - KeDelayExecutionThread
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: 1392b92179b07b672720763d9b1028a5
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ASUSTeK Computer Inc.
+  RichPEHeaderHash:
+    MD5: 058831031bc182e09fd9501e62a8c8ce
+    SHA1: 23c55978de25c037af392054d26cc72818ee3a60
+    SHA256: 7890a60d1090102ce6bb8cacac02b827a9edbbdf8ec13c022a9170b0ee036c43
+  SHA1: 8b6aa5b2bff44766ef7afbe095966a71bc4183fa
+  SHA256: b4d47ea790920a4531e3df5a4b4b0721b7fea6b49a35679f0652f1e590422602
+  Sections:
+    .text:
+      Entropy: 6.128485959548185
+      Virtual Size: '0x10fc'
+    .rdata:
+      Entropy: 4.469326855336564
+      Virtual Size: '0x1a0'
+    .data:
+      Entropy: 0.0
+      Virtual Size: '0xc'
+    .pdata:
+      Entropy: 3.3216749799000778
+      Virtual Size: '0x90'
+    INIT:
+      Entropy: 4.5288929688981066
+      Virtual Size: '0x24a'
+  Signature:
+  - ASUSTeK Computer Inc.
+  - VeriSign Class 3 Code Signing 2009-2 CA
+  - VeriSign Class 3 Public Primary CA
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
+        G2
+      ValidFrom: '2007-06-15 00:00:00'
+      ValidTo: '2012-06-14 23:59:59'
+      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+      Version: 3
+      TBS:
+        MD5: d6c7684e9aaa508cf268335f83afe040
+        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+      ValidFrom: '2003-12-04 00:00:00'
+      ValidTo: '2013-12-03 23:59:59'
+      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+      Version: 3
+      TBS:
+        MD5: 518d2ea8a21e879c942d504824ac211c
+        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
+        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
+        CA
+      ValidFrom: '2009-05-21 00:00:00'
+      ValidTo: '2019-05-20 23:59:59'
+      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+      Version: 3
+      TBS:
+        MD5: 650704c342850095f3288eaf791147d4
+        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+      ValidFrom: '2006-05-23 17:01:29'
+      ValidTo: '2016-05-23 17:11:29'
+      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 610c120600000000001b
+      Version: 3
+      TBS:
+        MD5: 53c41bc1164e09e0cd1617a5bf913efd
+        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
+        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
+        CN=ASUSTeK Computer Inc.
+      ValidFrom: '2009-08-03 00:00:00'
+      ValidTo: '2012-08-03 23:59:59'
+      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+      Version: 3
+      TBS:
+        MD5: a8e2727ca2cb8705c02aaef015feb372
+        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
+        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
+        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
+    Signer:
+    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
+        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
+        CA
+      Version: 1
+  Imphash: b4b90c1b054ebe273bff4b2fd6927990
+  LoadsDespiteHVCI: 'FALSE'
+- Authentihash:
+    MD5: 9e7fb1f3c75f1f5e6769813c545643fc
+    SHA1: 86f07797273b7f0e0805d2add8c1a0be116eb88c
+    SHA256: 191689c53195dbe828f406b206cb167dcd4671ecdab32b80e01c885f706a6baf
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2010-08-23 19:53:02'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: AsIO.sys
+  ImportedFunctions:
+  - ZwMapViewOfSection
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - RtlInitUnicodeString
+  - IoDeleteDevice
+  - IoDeleteSymbolicLink
+  - ZwClose
+  - MmGetPhysicalAddress
+  - MmAllocateContiguousMemory
+  - ZwUnmapViewOfSection
+  - IoIs32bitProcess
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - IofCompleteRequest
+  - KeDelayExecutionThread
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: fef9dd9ea587f8886ade43c1befbdafe
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ASUSTeK Computer Inc.
+  RichPEHeaderHash:
+    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
+    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
+    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
+  SHA1: af6e1f2cfb230907476e8b2d676129b6d6657124
+  SHA256: dde6f28b3f7f2abbee59d4864435108791631e9cb4cdfb1f178e5aa9859956d8
+  Sections:
+    .text:
+      Entropy: 6.107404762164129
+      Virtual Size: '0xd86'
+    .rdata:
+      Entropy: 4.358520944651229
+      Virtual Size: '0x188'
+    .data:
+      Entropy: 0.0
+      Virtual Size: '0xc'
+    .pdata:
+      Entropy: 3.2608964358708645
+      Virtual Size: '0x84'
+    INIT:
+      Entropy: 4.571215641554434
+      Virtual Size: '0x24a'
+  Signature:
+  - ASUSTeK Computer Inc.
+  - VeriSign Class 3 Code Signing 2009-2 CA
+  - VeriSign Class 3 Public Primary CA
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
+        G2
+      ValidFrom: '2007-06-15 00:00:00'
+      ValidTo: '2012-06-14 23:59:59'
+      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+      Version: 3
+      TBS:
+        MD5: d6c7684e9aaa508cf268335f83afe040
+        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+      ValidFrom: '2003-12-04 00:00:00'
+      ValidTo: '2013-12-03 23:59:59'
+      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+      Version: 3
+      TBS:
+        MD5: 518d2ea8a21e879c942d504824ac211c
+        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
+        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
+        CA
+      ValidFrom: '2009-05-21 00:00:00'
+      ValidTo: '2019-05-20 23:59:59'
+      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+      Version: 3
+      TBS:
+        MD5: 650704c342850095f3288eaf791147d4
+        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+      ValidFrom: '2006-05-23 17:01:29'
+      ValidTo: '2016-05-23 17:11:29'
+      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 610c120600000000001b
+      Version: 3
+      TBS:
+        MD5: 53c41bc1164e09e0cd1617a5bf913efd
+        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
+        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
+        CN=ASUSTeK Computer Inc.
+      ValidFrom: '2009-08-03 00:00:00'
+      ValidTo: '2012-08-03 23:59:59'
+      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+      Version: 3
+      TBS:
+        MD5: a8e2727ca2cb8705c02aaef015feb372
+        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
+        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
+        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
+    Signer:
+    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
+        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
+        CA
+      Version: 1
+  Imphash: b4b90c1b054ebe273bff4b2fd6927990
+  LoadsDespiteHVCI: 'TRUE'
+- Authentihash:
+    MD5: 9f79edf758e219929902ec7564e0f435
+    SHA1: c92148d0666f2235500805975be79738b84e48c2
+    SHA256: 19c74ea0e0baf04820e5642bd2fa224158801ed966be1041539e3c55bd65c471
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2009-04-06 01:21:08'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: ''
+  ImportedFunctions:
+  - ZwMapViewOfSection
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - RtlInitUnicodeString
+  - IoDeleteDevice
+  - ZwClose
+  - IofCompleteRequest
+  - ZwUnmapViewOfSection
+  - IoIs32bitProcess
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - IoDeleteSymbolicLink
+  - KeDelayExecutionThread
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: 517d484bdbad4637188ec7a908335b86
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  PDBPath: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ''
+  RichPEHeaderHash:
+    MD5: deb9c1e252f598099d70d2b33a313da3
+    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+  SHA1: 2207cdee7deaba1492ae2349392864f19eb4dfaf
+  SHA256: db73b0fa032be22405fa0b52fbfe3b30e56ac4787e620e4854c32668ae43bc33
+  Sections:
+    .text:
+      Entropy: 6.140846081676954
+      Virtual Size: '0xca6'
+    .rdata:
+      Entropy: 4.362536233544753
+      Virtual Size: '0x170'
+    .data:
+      Entropy: 0.0
+      Virtual Size: '0xc'
+    .pdata:
+      Entropy: 3.245354266022441
+      Virtual Size: '0x84'
+    INIT:
+      Entropy: 4.455848230056508
+      Virtual Size: '0x204'
+  Signature: ''
+  Signatures: {}
+  Imphash: 12befc0a82dcb0585359d335ed47af19
+  LoadsDespiteHVCI: 'FALSE'
+- Authentihash:
+    MD5: 7bb2dcc29ba50372d08fea800c190f09
+    SHA1: e5c090903a20744ba3583a8ea684d035e8cecc34
+    SHA256: 9dcfd796e244d0687cc35eac9538f209f76c6df12de166f19dbc7d2c47fb16b3
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2012-08-22 03:54:47'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: ''
+  ImportedFunctions:
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - RtlInitUnicodeString
+  - ZwClose
+  - IoDeleteDevice
+  - IoDeleteSymbolicLink
+  - ZwMapViewOfSection
+  - MmGetPhysicalAddress
+  - MmAllocateContiguousMemory
+  - ZwUnmapViewOfSection
+  - IoIs32bitProcess
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - IofCompleteRequest
+  - KeDelayExecutionThread
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: b2e4e588ce7b993cc31c18a0721d904d
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  PDBPath: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ''
+  RichPEHeaderHash:
+    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
+    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
+    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
+  SHA1: a714a2a045fa8f46d0165b78fe3eecf129c1de3a
+  SHA256: 707b4b5f5c4585156d8a4d8c39cf26729f5ad05d7f77b17f48e670e808e3e6a0
+  Sections:
+    .text:
+      Entropy: 6.1181571322303645
+      Virtual Size: '0xd66'
+    .rdata:
+      Entropy: 4.313686441268313
+      Virtual Size: '0x188'
+    .data:
+      Entropy: 0.0
+      Virtual Size: '0xc'
+    .pdata:
+      Entropy: 3.3006321366120503
+      Virtual Size: '0x84'
+    INIT:
+      Entropy: 4.548019208277369
+      Virtual Size: '0x24a'
+  Signature: ''
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft
+        Windows Hardware Compatibility Publisher
+      ValidFrom: '2014-12-19 19:27:34'
+      ValidTo: '2016-03-19 19:27:34'
+      Signature: 9c8895d0b78e2fb9a8fff5d730270c52de3a7ead8c7e649a21d81298c0a56bed1fb109217ae8b55a5c3a4334ee73203e5d44c03ef843ef2b93621369e7079513d72985c1143d04b5f342dc3a92f554bd1a8a58943c177dda5dd7c3e5280891583cd251dac090051e36faa455e751498657c06ff9f886e6d431b498fce1ea596e21d8bc45c8ad97e2376158c2d18a1f1daaa694fd736ab959c8980358f5f83ccf340fc6594ddeb60587c567e7167ea1129a81f536222046cdde2706e30d6f2fb3b9984bace9f40afe2473a4b4ee4e1fb799259ba41101e08b546d55b55ecd52f10296d5ad0dadeba22cf7c250d5f029457c15f95dee91af4ee7ee0ed6f67ff4fc
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+      IsCertificateAuthority: false
+      SerialNumber: 330000001dc31a761624754f8000000000001d
+      Version: 3
+      TBS:
+        MD5: df2a0bc442ef65cd9973329be21c642f
+        SHA1: d13bcda797c6b986a1a45b7ce9184e87ba0f994c
+        SHA256: 41718d172e45eaa02ec88494587672cf50f96a310aebc5b49a66c0adae99edc5
+        SHA384: db7864a35b468726f3d431e07825ae860ddb0d6250b3bd8906f1b0ff98ce7b4c563c73288b01ec8f1ec5a2a06f31bc40
+    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+        Windows Third Party Component CA 2012
+      ValidFrom: '2012-04-18 23:48:38'
+      ValidTo: '2027-04-18 23:58:38'
+      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+      IsCertificateAuthority: true
+      SerialNumber: 610baac1000000000009
+      Version: 3
+      TBS:
+        MD5: a569061297e8e824767dbc3184a69bea
+        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+    Signer:
+    - SerialNumber: 330000001dc31a761624754f8000000000001d
+      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+        Windows Third Party Component CA 2012
+      Version: 1
+  Imphash: d7de998e454f947f62d4a6b66490563b
+  LoadsDespiteHVCI: 'FALSE'
+- Authentihash:
+    MD5: 5b13f61ef5173aaea45b31d934fa2b37
+    SHA1: 55ab7e27412eca433d76513edc7e6e03bcdd7eda
+    SHA256: c1b41d6b91448e2409bb2f4fbf4aeb952adf373d0decc9d052277b89ba401407
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2009-08-03 01:02:32'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: ''
+  ImportedFunctions:
+  - READ_REGISTER_UCHAR
+  - READ_REGISTER_USHORT
+  - READ_REGISTER_ULONG
+  - WRITE_REGISTER_UCHAR
+  - WRITE_REGISTER_USHORT
+  - KeQuerySystemTime
+  - ZwClose
+  - ZwMapViewOfSection
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - IoDeleteSymbolicLink
+  - KeDelayExecutionThread
+  - ZwUnmapViewOfSection
+  - IofCompleteRequest
+  - RtlInitUnicodeString
+  - IoCreateDevice
+  - IoCreateSymbolicLink
+  - WRITE_REGISTER_ULONG
+  - IoDeleteDevice
+  - WRITE_PORT_USHORT
+  - WRITE_PORT_UCHAR
+  - HalTranslateBusAddress
+  - READ_PORT_ULONG
+  - READ_PORT_USHORT
+  - READ_PORT_UCHAR
+  - WRITE_PORT_ULONG
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: 9d8cb58b9a9e177ddd599791a58a654d
+  MachineType: I386
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  PDBPath: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ''
+  RichPEHeaderHash:
+    MD5: 1dca2593c812b9d1ad59cd6c601d9984
+    SHA1: ed8d9ab054b6e3b43e55dff40654162d6abc6657
+    SHA256: 332168c7827fb42ec1ee5e08f64bb7273db098da638241b85585b8daf24ba5fb
+  SHA1: e4e40032376279e29487afc18527804dce792883
+  SHA256: b3e645e8817696fa5d5e2255f9328f3b6a2e5fce91737f4d654ff155dc9851e5
+  Sections:
+    .text:
+      Entropy: 6.1960789663995905
+      Virtual Size: '0x872'
+    .rdata:
+      Entropy: 2.808152433711106
+      Virtual Size: '0xc4'
+    .data:
+      Entropy: -0.0
+      Virtual Size: '0xc'
+    INIT:
+      Entropy: 5.208673110075946
+      Virtual Size: '0x2f0'
+    .reloc:
+      Entropy: 3.9280891177162527
+      Virtual Size: '0x92'
+  Signature: ''
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
+        G2
+      ValidFrom: '2007-06-15 00:00:00'
+      ValidTo: '2012-06-14 23:59:59'
+      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+      Version: 3
+      TBS:
+        MD5: d6c7684e9aaa508cf268335f83afe040
+        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+      ValidFrom: '2003-12-04 00:00:00'
+      ValidTo: '2013-12-03 23:59:59'
+      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+      Version: 3
+      TBS:
+        MD5: 518d2ea8a21e879c942d504824ac211c
+        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
+        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
+        CA
+      ValidFrom: '2009-05-21 00:00:00'
+      ValidTo: '2019-05-20 23:59:59'
+      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+      Version: 3
+      TBS:
+        MD5: 650704c342850095f3288eaf791147d4
+        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+      ValidFrom: '2006-05-23 17:01:29'
+      ValidTo: '2016-05-23 17:11:29'
+      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 610c120600000000001b
+      Version: 3
+      TBS:
+        MD5: 53c41bc1164e09e0cd1617a5bf913efd
+        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
+        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
+        CN=ASUSTeK Computer Inc.
+      ValidFrom: '2009-08-03 00:00:00'
+      ValidTo: '2012-08-03 23:59:59'
+      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+      Version: 3
+      TBS:
+        MD5: a8e2727ca2cb8705c02aaef015feb372
+        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
+        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
+        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
+    Signer:
+    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
+        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
+        CA
+      Version: 1
+  Imphash: b0e74761cced2dde5173ae05ec562085
+  LoadsDespiteHVCI: 'FALSE'
+- Authentihash:
+    MD5: 4fcf3854e63dee328f9deefa6ce069cb
+    SHA1: d569d4bab86e70efbcdfdac9d822139d6f477b7c
+    SHA256: 80599708ce61ec5d6dcfc5977208a2a0be2252820a88d9ba260d8cdf5dc7fbe4
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2005-12-21 01:55:21'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: ''
+  ImportedFunctions:
+  - READ_REGISTER_UCHAR
+  - READ_REGISTER_USHORT
+  - READ_REGISTER_ULONG
+  - WRITE_REGISTER_UCHAR
+  - KeQuerySystemTime
+  - KeDelayExecutionThread
+  - IofCompleteRequest
+  - ZwClose
+  - ZwMapViewOfSection
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - IoDeleteSymbolicLink
+  - DbgPrint
+  - ZwUnmapViewOfSection
+  - IoCreateSymbolicLink
+  - RtlInitUnicodeString
+  - IoCreateDevice
+  - WRITE_REGISTER_USHORT
+  - IoDeleteDevice
+  - WRITE_REGISTER_ULONG
+  - WRITE_PORT_ULONG
+  - WRITE_PORT_USHORT
+  - HalTranslateBusAddress
+  - READ_PORT_ULONG
+  - WRITE_PORT_UCHAR
+  - READ_PORT_UCHAR
+  - READ_PORT_USHORT
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: 663f2fb92608073824ee3106886120f3
+  MachineType: I386
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  PDBPath: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ''
+  RichPEHeaderHash:
+    MD5: b39d8b5610182849a95fa415c9786274
+    SHA1: 47e24c8d5f1687b4811c2267b1519e4f53576005
+    SHA256: bde1051ba0a00c5223e7850f91b66678c6236ab82415e73114502cd4e9e2bef8
+  SHA1: 470633a3a1e1b1f13c3f6c5192ce881efd206d7c
+  SHA256: 41765151df57125286b398cc107ff8007972f4653527f876d133dac1548865d6
+  Sections:
+    .text:
+      Entropy: 6.41894248761542
+      Virtual Size: '0xcac'
+    .rdata:
+      Entropy: 2.710450233592338
+      Virtual Size: '0xd4'
+    .data:
+      Entropy: -0.0
+      Virtual Size: '0xc'
+    INIT:
+      Entropy: 5.25231831216104
+      Virtual Size: '0x300'
+    .reloc:
+      Entropy: 4.575666038623564
+      Virtual Size: '0xcc'
+  Signature: ''
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+      ValidFrom: '2003-12-04 00:00:00'
+      ValidTo: '2013-12-03 23:59:59'
+      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+      Version: 3
+      TBS:
+        MD5: 518d2ea8a21e879c942d504824ac211c
+        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+      ValidFrom: '2003-12-04 00:00:00'
+      ValidTo: '2008-12-03 23:59:59'
+      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 0de92bf0d4d82988183205095e9a7688
+      Version: 3
+      TBS:
+        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
+        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
+        CA
+      ValidFrom: '2004-07-16 00:00:00'
+      ValidTo: '2014-07-15 23:59:59'
+      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+      Version: 3
+      TBS:
+        MD5: 41011f8d0e7c7a6408334ca387914c61
+        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+      ValidFrom: '2006-05-23 17:01:29'
+      ValidTo: '2016-05-23 17:11:29'
+      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 610c120600000000001b
+      Version: 3
+      TBS:
+        MD5: 53c41bc1164e09e0cd1617a5bf913efd
+        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
+        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
+        CN=ASUSTeK Computer Inc.
+      ValidFrom: '2006-06-27 00:00:00'
+      ValidTo: '2007-07-16 23:59:59'
+      Signature: 3e9083070ad85eabc973807c097269557b889eba86f794582fdc292452dcb7f8bcc45cd4743a1f6fb1b4a2186c7be5c62cea2cfa8d7a8cf6b343ddd3da952369aeea7cdbb7fb2d0c172e9bd3f834d838e598760aa04f073962665cce0382d2f549978ec5b9b3d039eddfb4c4b3403f5a7ba908e6523bd44e39705deee334eb3d4dba63ac71da30b5a6a3c9bde15f52b39732144d7e59acae08622c5f78f0097899265af6be9d1f1b868e500fca79fe967ddd6d777597d52c201210d4903c6929e59ca804518364ab1f75925a99b70591290cab0f4c079392a985797cc99b1fc87cf7237ec4ce715abd07f108e320e42c327d305be93dde94161251414fc46516
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 284649f592786c4851c1138e364185ae
+      Version: 3
+      TBS:
+        MD5: 2fc1a78b4874ed1ac403284a5d4084fb
+        SHA1: 9ae9b025b3a9ebfacdf55104f3fc1c143457a296
+        SHA256: 9ffd439139209f1a084cb30cd791558dc266265405f7c5c7444c5a941ff0c004
+        SHA384: 656817a3d8aa52cdc8fbff1dcb0ef1f07ea93f0c6b82067d7c6c5f68a125dc3b50f88974a66d59ecc5b996ca5e55eaa1
+    Signer:
+    - SerialNumber: 284649f592786c4851c1138e364185ae
+      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
+        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
+        CA
+      Version: 1
+  Imphash: f4c5b0399665885a7dd34f7cdbbc586f
+  LoadsDespiteHVCI: 'FALSE'
+- Authentihash:
+    MD5: 09e04d9a1ba63e4db9e4b55a00d5050d
+    SHA1: 61e1b497a5df0797527d6d465a8f315a82ad35eb
+    SHA256: 739c11fdb8673ab5b78f1a874daf5ba3faddb7910a6d4e0cc49abd8b8537333f
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2009-08-03 01:03:16'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: ''
+  ImportedFunctions:
+  - ZwMapViewOfSection
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - RtlInitUnicodeString
+  - IoDeleteDevice
+  - ZwClose
+  - IofCompleteRequest
+  - ZwUnmapViewOfSection
+  - IoIs32bitProcess
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - IoDeleteSymbolicLink
+  - KeDelayExecutionThread
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: a82c01606dc27d05d9d3bfb6bb807e32
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  PDBPath: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ''
+  RichPEHeaderHash:
+    MD5: deb9c1e252f598099d70d2b33a313da3
+    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+  SHA1: 1951ae94c6ee63fa801208771b5784f021c70c60
+  SHA256: ce231637422709d927fb6fa0c4f2215b9c0e3ebbd951fb2fa97b8e64da479b96
+  Sections:
+    .text:
+      Entropy: 6.1423523697958835
+      Virtual Size: '0xca6'
+    .rdata:
+      Entropy: 4.447540499473679
+      Virtual Size: '0x178'
+    .data:
+      Entropy: 0.0
+      Virtual Size: '0xc'
+    .pdata:
+      Entropy: 3.2844547164673656
+      Virtual Size: '0x84'
+    INIT:
+      Entropy: 4.455848230056508
+      Virtual Size: '0x204'
+  Signature: ''
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
+        G2
+      ValidFrom: '2007-06-15 00:00:00'
+      ValidTo: '2012-06-14 23:59:59'
+      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+      Version: 3
+      TBS:
+        MD5: d6c7684e9aaa508cf268335f83afe040
+        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+      ValidFrom: '2003-12-04 00:00:00'
+      ValidTo: '2013-12-03 23:59:59'
+      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+      Version: 3
+      TBS:
+        MD5: 518d2ea8a21e879c942d504824ac211c
+        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
+        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
+        CA
+      ValidFrom: '2009-05-21 00:00:00'
+      ValidTo: '2019-05-20 23:59:59'
+      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+      Version: 3
+      TBS:
+        MD5: 650704c342850095f3288eaf791147d4
+        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+      ValidFrom: '2006-05-23 17:01:29'
+      ValidTo: '2016-05-23 17:11:29'
+      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 610c120600000000001b
+      Version: 3
+      TBS:
+        MD5: 53c41bc1164e09e0cd1617a5bf913efd
+        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
+        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
+        CN=ASUSTeK Computer Inc.
+      ValidFrom: '2009-08-03 00:00:00'
+      ValidTo: '2012-08-03 23:59:59'
+      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+      Version: 3
+      TBS:
+        MD5: a8e2727ca2cb8705c02aaef015feb372
+        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
+        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
+        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
+    Signer:
+    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
+        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
+        CA
+      Version: 1
+  Imphash: 12befc0a82dcb0585359d335ed47af19
+  LoadsDespiteHVCI: 'FALSE'
+- Authentihash:
+    MD5: 7bb2dcc29ba50372d08fea800c190f09
+    SHA1: e5c090903a20744ba3583a8ea684d035e8cecc34
+    SHA256: 9dcfd796e244d0687cc35eac9538f209f76c6df12de166f19dbc7d2c47fb16b3
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2012-08-22 03:54:47'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: ''
+  ImportedFunctions:
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - RtlInitUnicodeString
+  - ZwClose
+  - IoDeleteDevice
+  - IoDeleteSymbolicLink
+  - ZwMapViewOfSection
+  - MmGetPhysicalAddress
+  - MmAllocateContiguousMemory
+  - ZwUnmapViewOfSection
+  - IoIs32bitProcess
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - IofCompleteRequest
+  - KeDelayExecutionThread
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: 94cdf2cf363be5a8749670bea4db65cd
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  PDBPath: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ''
+  RichPEHeaderHash:
+    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
+    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
+    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
+  SHA1: 96523f72e4283f9816d3da8f2270690dd1dd263e
+  SHA256: 20e52e0d7f579dc6884cc6e80266fddceda69ea5fdd0b095c0874b0d877e48a2
+  Sections:
+    .text:
+      Entropy: 6.1181571322303645
+      Virtual Size: '0xd66'
+    .rdata:
+      Entropy: 4.313686441268313
+      Virtual Size: '0x188'
+    .data:
+      Entropy: 0.0
+      Virtual Size: '0xc'
+    .pdata:
+      Entropy: 3.3006321366120503
+      Virtual Size: '0x84'
+    INIT:
+      Entropy: 4.548019208277369
+      Virtual Size: '0x24a'
+  Signature: ''
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW, L=Taipei
+        City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
+      ValidFrom: '2019-01-08 00:00:00'
+      ValidTo: '2022-01-11 12:00:00'
+      Signature: 084206939546981ffc713f3c3e53c49e5336fc644a0afef36e591fd0aa4ad0ae00b4d3b3939a7a19fbfaa95947c169841788886a96482e731770a4f932c19b90ec34bb3fcaf883ca940c960043e8ff31fefb05791bf1be967b527c147f8b834b0bed7c6ded0877736ffffdc8a9f17f34e7f9cbb64f08cb20c98f56c617a31ec6f02a7aa632d6161ff02a62cc491fc8577442352a03f15a03a10408f9247f5ca176f2c928226a1b3cc9ae2a474ed46e26b38d8b57b740b1e9e1420c9a978d1469ae9710186a2d94558b493617806688c5418c386d09552da2a9757fd75f16640c53331595c49077ad2a7e46662c9ce77f612faa06b8968887d9e27c6679898bdf
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+      IsCertificateAuthority: false
+      SerialNumber: 073501671dc61bf273a6daec906e40a5
+      Version: 3
+      TBS:
+        MD5: 40e2b5ee26c4990c33a5e669c600b8a3
+        SHA1: 30796f70d4552dd84ee58219d9f61df8c22bec18
+        SHA256: 3062c7ba0949c3e882ca9cc23a60b9e4e742c7e2e1d4c3a63b893019189dba13
+        SHA384: e215473c05b611248331b3b259cc483a94c2d830fa63a5b6e08d1e52b06d360ebd30519a73f6ffcf79be880975e94738
+    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+      ValidFrom: '2014-10-22 00:00:00'
+      ValidTo: '2024-10-22 00:00:00'
+      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 03019a023aff58b16bd6d5eae617f066
+      Version: 3
+      TBS:
+        MD5: a752afee44f017e8d74e3f3eb7914ae3
+        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
+      ValidFrom: '2006-11-10 00:00:00'
+      ValidTo: '2021-11-10 00:00:00'
+      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+      Version: 3
+      TBS:
+        MD5: 4e5ad189638cf52ba9cd881d4d44668c
+        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+    Signer:
+    - SerialNumber: 073501671dc61bf273a6daec906e40a5
+      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
+        CA (SHA2)
+      Version: 1
+  Imphash: d7de998e454f947f62d4a6b66490563b
+  LoadsDespiteHVCI: 'FALSE'
+- Authentihash:
+    MD5: 3824dd56459d29ffc5d4bb51d7123778
+    SHA1: 5a7dd0da0aee0bdedc14c1b7831b9ce9178a0346
+    SHA256: 92edd48dfac025d4069eb6491b9730d9d131b77cceaa480af9b3c32bc8c5e3a9
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2012-08-22 03:54:43'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: ''
+  ImportedFunctions:
+  - ZwClose
+  - ZwMapViewOfSection
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - RtlInitUnicodeString
+  - IoDeleteDevice
+  - IoDeleteSymbolicLink
+  - WRITE_REGISTER_ULONG
+  - MmAllocateContiguousMemory
+  - IofCompleteRequest
+  - ZwUnmapViewOfSection
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - KeTickCount
+  - WRITE_REGISTER_USHORT
+  - WRITE_REGISTER_UCHAR
+  - READ_REGISTER_ULONG
+  - READ_REGISTER_USHORT
+  - READ_REGISTER_UCHAR
+  - KeQuerySystemTime
+  - MmGetPhysicalAddress
+  - KeDelayExecutionThread
+  - WRITE_PORT_USHORT
+  - WRITE_PORT_UCHAR
+  - HalTranslateBusAddress
+  - READ_PORT_ULONG
+  - READ_PORT_USHORT
+  - READ_PORT_UCHAR
+  - WRITE_PORT_ULONG
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: 272446de15c63095940a3dad0b426f21
+  MachineType: I386
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  PDBPath: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ''
+  RichPEHeaderHash:
+    MD5: 432a6583ab7bafb3773874586c68db85
+    SHA1: bb0833dab5efdcbfcad58fe4e9a35fc31de53442
+    SHA256: 1dffaf610cdef8285f0794d34bc503106b06dbe14d99da734436265b9461f6c9
+  SHA1: 7eb34cc1fcffb4fdb5cb7e97184dd64a65cb9371
+  SHA256: 52a90fd1546c068b92add52c29fbb8a87d472a57e609146bbcb34862f9dcec15
+  Sections:
+    .text:
+      Entropy: 6.23937613305102
+      Virtual Size: '0x8ad'
+    .rdata:
+      Entropy: 4.36827815837928
+      Virtual Size: '0xe7'
+    .data:
+      Entropy: 1.311278124459133
+      Virtual Size: '0x10'
+    INIT:
+      Entropy: 5.344545644500133
+      Virtual Size: '0x370'
+    .reloc:
+      Entropy: 3.6862767817925604
+      Virtual Size: '0xc6'
+  Signature: ''
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft
+        Windows Hardware Compatibility Publisher
+      ValidFrom: '2014-12-19 19:27:34'
+      ValidTo: '2016-03-19 19:27:34'
+      Signature: 9c8895d0b78e2fb9a8fff5d730270c52de3a7ead8c7e649a21d81298c0a56bed1fb109217ae8b55a5c3a4334ee73203e5d44c03ef843ef2b93621369e7079513d72985c1143d04b5f342dc3a92f554bd1a8a58943c177dda5dd7c3e5280891583cd251dac090051e36faa455e751498657c06ff9f886e6d431b498fce1ea596e21d8bc45c8ad97e2376158c2d18a1f1daaa694fd736ab959c8980358f5f83ccf340fc6594ddeb60587c567e7167ea1129a81f536222046cdde2706e30d6f2fb3b9984bace9f40afe2473a4b4ee4e1fb799259ba41101e08b546d55b55ecd52f10296d5ad0dadeba22cf7c250d5f029457c15f95dee91af4ee7ee0ed6f67ff4fc
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+      IsCertificateAuthority: false
+      SerialNumber: 330000001dc31a761624754f8000000000001d
+      Version: 3
+      TBS:
+        MD5: df2a0bc442ef65cd9973329be21c642f
+        SHA1: d13bcda797c6b986a1a45b7ce9184e87ba0f994c
+        SHA256: 41718d172e45eaa02ec88494587672cf50f96a310aebc5b49a66c0adae99edc5
+        SHA384: db7864a35b468726f3d431e07825ae860ddb0d6250b3bd8906f1b0ff98ce7b4c563c73288b01ec8f1ec5a2a06f31bc40
+    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+        Windows Third Party Component CA 2012
+      ValidFrom: '2012-04-18 23:48:38'
+      ValidTo: '2027-04-18 23:58:38'
+      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+      IsCertificateAuthority: true
+      SerialNumber: 610baac1000000000009
+      Version: 3
+      TBS:
+        MD5: a569061297e8e824767dbc3184a69bea
+        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+    Signer:
+    - SerialNumber: 330000001dc31a761624754f8000000000001d
+      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+        Windows Third Party Component CA 2012
+      Version: 1
+  Imphash: 2699b7ae36fcadd71425ebafd231d0d1
+  LoadsDespiteHVCI: 'FALSE'
+- Authentihash:
+    MD5: 7bb2dcc29ba50372d08fea800c190f09
+    SHA1: e5c090903a20744ba3583a8ea684d035e8cecc34
+    SHA256: 9dcfd796e244d0687cc35eac9538f209f76c6df12de166f19dbc7d2c47fb16b3
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2012-08-22 03:54:47'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: ''
+  ImportedFunctions:
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - RtlInitUnicodeString
+  - ZwClose
+  - IoDeleteDevice
+  - IoDeleteSymbolicLink
+  - ZwMapViewOfSection
+  - MmGetPhysicalAddress
+  - MmAllocateContiguousMemory
+  - ZwUnmapViewOfSection
+  - IoIs32bitProcess
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - IofCompleteRequest
+  - KeDelayExecutionThread
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: f701ddcc7c51919413ddadd351ad2fef
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  PDBPath: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ''
+  RichPEHeaderHash:
+    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
+    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
+    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
+  SHA1: ca47bab2bea62ff58caea4741bcfbd7f3abb6c5f
+  SHA256: 2d36642135166bbb296624dca878925963c7da785e42e940f02d01beb7c477d5
+  Sections:
+    .text:
+      Entropy: 6.1181571322303645
+      Virtual Size: '0xd66'
+    .rdata:
+      Entropy: 4.313686441268313
+      Virtual Size: '0x188'
+    .data:
+      Entropy: 0.0
+      Virtual Size: '0xc'
+    .pdata:
+      Entropy: 3.3006321366120503
+      Virtual Size: '0x84'
+    INIT:
+      Entropy: 4.548019208277369
+      Virtual Size: '0x24a'
+  Signature: ''
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft
+        Windows Hardware Compatibility Publisher
+      ValidFrom: '2014-12-19 19:27:34'
+      ValidTo: '2016-03-19 19:27:34'
+      Signature: 9c8895d0b78e2fb9a8fff5d730270c52de3a7ead8c7e649a21d81298c0a56bed1fb109217ae8b55a5c3a4334ee73203e5d44c03ef843ef2b93621369e7079513d72985c1143d04b5f342dc3a92f554bd1a8a58943c177dda5dd7c3e5280891583cd251dac090051e36faa455e751498657c06ff9f886e6d431b498fce1ea596e21d8bc45c8ad97e2376158c2d18a1f1daaa694fd736ab959c8980358f5f83ccf340fc6594ddeb60587c567e7167ea1129a81f536222046cdde2706e30d6f2fb3b9984bace9f40afe2473a4b4ee4e1fb799259ba41101e08b546d55b55ecd52f10296d5ad0dadeba22cf7c250d5f029457c15f95dee91af4ee7ee0ed6f67ff4fc
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+      IsCertificateAuthority: false
+      SerialNumber: 330000001dc31a761624754f8000000000001d
+      Version: 3
+      TBS:
+        MD5: df2a0bc442ef65cd9973329be21c642f
+        SHA1: d13bcda797c6b986a1a45b7ce9184e87ba0f994c
+        SHA256: 41718d172e45eaa02ec88494587672cf50f96a310aebc5b49a66c0adae99edc5
+        SHA384: db7864a35b468726f3d431e07825ae860ddb0d6250b3bd8906f1b0ff98ce7b4c563c73288b01ec8f1ec5a2a06f31bc40
+    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+        Windows Third Party Component CA 2012
+      ValidFrom: '2012-04-18 23:48:38'
+      ValidTo: '2027-04-18 23:58:38'
+      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+      IsCertificateAuthority: true
+      SerialNumber: 610baac1000000000009
+      Version: 3
+      TBS:
+        MD5: a569061297e8e824767dbc3184a69bea
+        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+    Signer:
+    - SerialNumber: 330000001dc31a761624754f8000000000001d
+      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+        Windows Third Party Component CA 2012
+      Version: 1
+  Imphash: d7de998e454f947f62d4a6b66490563b
+  LoadsDespiteHVCI: 'FALSE'
+- Authentihash:
+    MD5: d593aec08f96fe410f7a6b53e49551a0
+    SHA1: 2ea631bfe3fd765e3a03b3165790faf8fdd8286b
+    SHA256: 906d8412b357379db9512e3f584fcda1f788acc1337e5b4d4eff5e6fa59324a6
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2007-12-17 02:11:49'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: AsIO64.sys
+  ImportedFunctions:
+  - ZwClose
+  - ZwMapViewOfSection
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - RtlInitUnicodeString
+  - IoDeleteDevice
+  - KeDelayExecutionThread
+  - IofCompleteRequest
+  - ZwUnmapViewOfSection
+  - IoIs32bitProcess
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - IoDeleteSymbolicLink
+  - DbgPrint
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: 8065a7659562005127673ac52898675f
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ASUSTeK Computer Inc.
+  RichPEHeaderHash:
+    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+  SHA1: fcde5275ee1913509927ce5f0f85e6681064c9d2
+  SHA256: b48a309ee0960da3caaaaf1e794e8c409993aeb3a2b64809f36b97aac8a1e62a
+  Sections:
+    .text:
+      Entropy: 6.269179908398606
+      Virtual Size: '0x106c'
+    .rdata:
+      Entropy: 4.398778967999751
+      Virtual Size: '0x19c'
+    .data:
+      Entropy: 0.0
+      Virtual Size: '0xc'
+    .pdata:
+      Entropy: 3.2766921576186183
+      Virtual Size: '0x84'
+    INIT:
+      Entropy: 4.419041794725205
+      Virtual Size: '0x218'
+  Signature:
+  - ASUSTeK Computer Inc.
+  - VeriSign Class 3 Code Signing 2004 CA
+  - VeriSign Class 3 Public Primary CA
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
+        G2
+      ValidFrom: '2007-06-15 00:00:00'
+      ValidTo: '2012-06-14 23:59:59'
+      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+      Version: 3
+      TBS:
+        MD5: d6c7684e9aaa508cf268335f83afe040
+        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+      ValidFrom: '2003-12-04 00:00:00'
+      ValidTo: '2013-12-03 23:59:59'
+      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+      Version: 3
+      TBS:
+        MD5: 518d2ea8a21e879c942d504824ac211c
+        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
+        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
+        CA
+      ValidFrom: '2004-07-16 00:00:00'
+      ValidTo: '2014-07-15 23:59:59'
+      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+      Version: 3
+      TBS:
+        MD5: 41011f8d0e7c7a6408334ca387914c61
+        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+      ValidFrom: '2006-05-23 17:01:29'
+      ValidTo: '2016-05-23 17:11:29'
+      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 610c120600000000001b
+      Version: 3
+      TBS:
+        MD5: 53c41bc1164e09e0cd1617a5bf913efd
+        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
+        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
+        CN=ASUSTeK Computer Inc.
+      ValidFrom: '2007-07-03 00:00:00'
+      ValidTo: '2008-07-26 23:59:59'
+      Signature: 2eca2db768d60f241f8c155b9db4bc91a02d16a3f1ec09059aa3b91a4ee0e44317d1f286d12133f44f4b282141287a8b9a3781b46184f732a599edb622e6057156d99221a130091c9f171f1a5f75125a68270d5c21ac379541136b8bf164a0ee6c9b9f5557754ea940f1c836e6d823528d764aaa41b038d84523e395c0ada5e17fea7912a0d10aa807fc0b89d4d116b92dbfc7028f1a23d5d679ac9a1023952a2cf98940ad5cc16bd9381403751ebd52c892205205d51d72b2a83ddb92547fce93e2b6617a42c7249312344ee0b9184859e8b1dd39bd5e61ab5999cbc8aa8807c8538c1926e49a9bbc29dcdf266a603c85f8df773c9659bcf08ffe2ba0f1cfa5
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
+      Version: 3
+      TBS:
+        MD5: 54f73eaca10fe12ff2e14194e2f019b8
+        SHA1: 471cb77202e7d4941a5bff8ba813f5ed221dc32e
+        SHA256: 9dba2d4765226ca91fb7104e0cbd01308c4e8ed9727ea661eeaa473d7825ee35
+        SHA384: 272d877ad02e5487a0864e4d876a9e06fea5ead9cd149e7a48c4f111cfa8dc2f05f1042f2822b42360896da334e6390d
+    Signer:
+    - SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
+      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
+        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
+        CA
+      Version: 1
+  Imphash: 5662b51943d85b7ca47a99cac81af985
+  LoadsDespiteHVCI: 'FALSE'
 Tags:
 - asio.sys
+- AsIO32.sys
+- AsIO3.sys
+- AsIO3_64.sys
+- AsIO2.sys
\ No newline at end of file
diff --git a/yaml/34fa6ba4-dc7c-4fd6-b947-8a0bb8ebd031.yaml b/yaml/34fa6ba4-dc7c-4fd6-b947-8a0bb8ebd031.yaml
index 6337ff5f..47e31473 100644
--- a/yaml/34fa6ba4-dc7c-4fd6-b947-8a0bb8ebd031.yaml
+++ b/yaml/34fa6ba4-dc7c-4fd6-b947-8a0bb8ebd031.yaml
@@ -14,6 +14,7 @@ Commands:
 Resources:
 - Internal Research
 - https://github.com/namazso/physmem_drivers
+- https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
 Acknowledgement:
   Person: ''
   Handle: ''
@@ -2457,6 +2458,1049 @@ KnownVulnerableSamples:
   CreationTimestamp: '2014-12-03 23:04:12'
   Imphash: 4c0161f638d5acafe23fcee3c5e86f15
   LoadsDespiteHVCI: 'FALSE'
+- Authentihash:
+    MD5: 9e725819820804fbf377917e9e7a3333
+    SHA1: b0ec7d971da8ae84c0ed8f88a5d46b23996e636c
+    SHA256: 038f39558035292f1d794b7cf49f8e751e8633daec31454fe85cccbea83ba3fb
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2009-08-20 04:07:22'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: ''
+  ImportedFunctions:
+  - ZwClose
+  - ZwMapViewOfSection
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - RtlInitUnicodeString
+  - ZwUnmapViewOfSection
+  - MmFreeContiguousMemory
+  - IoFreeMdl
+  - MmMapLockedPages
+  - MmBuildMdlForNonPagedPool
+  - MmUnmapIoSpace
+  - MmGetPhysicalAddress
+  - MmIsAddressValid
+  - MmAllocateContiguousMemory
+  - MmUnmapLockedPages
+  - IoDeleteDevice
+  - IoDeleteSymbolicLink
+  - IofCompleteRequest
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - IoAllocateMdl
+  - MmMapIoSpace
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: f41f65189b796534d8ef6bf9caa06853
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  PDBPath: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ''
+  RichPEHeaderHash:
+    MD5: 9f334698254c92ce933257bc672850e4
+    SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
+    SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
+  SHA1: 4d7d514b13de9bd3e9753bf058958e7f03f36983
+  SHA256: 5e238d351e16d4909ca394f1db0326a60d33c9ac7b4d78aefcf17a6d9cc72be9
+  Sections:
+    .text:
+      Entropy: 5.99821129939302
+      Virtual Size: '0x1176'
+    .rdata:
+      Entropy: 4.414177314559514
+      Virtual Size: '0x264'
+    .data:
+      Entropy: 0.5159719988134768
+      Virtual Size: '0x110'
+    .pdata:
+      Entropy: 3.4895989621236247
+      Virtual Size: '0xb4'
+    INIT:
+      Entropy: 4.891266027306224
+      Virtual Size: '0x36e'
+  Signature: ''
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: C=DE, postalCode=81673, ST=Bayern, L=Mnchen, ??=Tomannweg 6, O=NOVENTI
+        Health SE, CN=NOVENTI Health SE
+      ValidFrom: '2021-03-25 00:00:00'
+      ValidTo: '2024-03-24 23:59:59'
+      Signature: 519d68e4d16da2927761a469f3e722556dc89310e1cc9b215e8992da99d01a265aba54680568e7addbc248e894045a18190d3e05ac35109fbc8518bdf7e68a28e853bff1b2291d84ec03550569a0fa8331c5de89c4c9c47911c902a40cd4772b2086b541a8c57d3a30c05858d717dec7f859c66895ee1bea0b5a9c871a297efed221348320c85aebcda9a210e7f7b3ac88325041ea330fa5ca0cba6ecf07861e3e665c8095df135706b033b38d9567fd9b2c745e3afab8048e7aa41a4b7b0ef7ef39315a98026983b9fa9fe775c15452d18b124890fb9b52db063cbd3dc0d58b3eeb894262c74bd791efe66bf49f071ee4796aa7b3c983b29b05a53c3a0bd507
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+      IsCertificateAuthority: false
+      SerialNumber: 00bae5fa7e148e727ecf4481e69416f9a0
+      Version: 3
+      TBS:
+        MD5: e60d2ebd77b703a3f6628183b0ad1262
+        SHA1: 9e82200e82226ceae142ac8b8cd9580dd585c0c7
+        SHA256: 587d3e589c526256b69c3836ba380c292f11cba42bd7ad847cdb8922d5c0c66a
+        SHA384: 266ef698aa66c7948f7a0f9989e4e086e7821b768ebbe85f439aa3fafccbc5eefbde84ac00ad3a18aeb2777b3a682d42
+    - Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust
+        RSA Certification Authority
+      ValidFrom: '2019-03-12 00:00:00'
+      ValidTo: '2028-12-31 23:59:59'
+      Signature: 188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+      IsCertificateAuthority: true
+      SerialNumber: 3972443af922b751d7d36c10dd313595
+      Version: 3
+      TBS:
+        MD5: 3f5b269ded03667a7bad47c1885062b0
+        SHA1: 0f01247aaf8b46e3617880e0f5f5dfac696ed7a3
+        SHA256: 593e2d49a74023555526aef9b7422b19e5b8b167391b6dee5ed292b1ca23a74c
+        SHA384: 13baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9
+    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+        RSA Code Signing CA
+      ValidFrom: '2018-11-02 00:00:00'
+      ValidTo: '2030-12-31 23:59:59'
+      Signature: 4d6350ed47344a61a4dbde6a2a8c9bf100001e1d627b3ad732c2f6b3e063b3fb6100889a1b6d1007044fbeb8ea897822eb0f46ecf3465e40468912f40b775a9c2a413afcd6f4ebe7f7159533c3a18328b7de2fe494f78533832d4a4048bf9ac24f4ab18f24f4b38137d3b764b0a6236a596852425fff04ebe174657908f5a993de6b71409996ba78f1b9c8e2c30816b1ab635ac815806d745e4a757ea5b8c36cb5cfdf4a79875cc7404d6335f630d3cfb50a0e0b047fa04baebba3a5d08400933e535d34a50035696cbe9f2025100d19fb509061be398f7a8e4df69f0e1efe075112668326194895ce4ac9c17ff33a059bf96fdf887fc0239ed21e437a4531c19c4da9f059b25919e86a8d290402777c4b4bcd70be3ab2555a783ebcbb6f0310257715348af936cc4392e4ba4ff1629328255729fb5119c7a125406a8457c6b29db1bc1c0ada7c677e7d2ee9284c187ec47b3141719a4b29ec0b3d5750d2caddfd9e0551e54478dd01deb175980d5424fdf04ee3e2f883bd72bacb3d3aeef05e1792686dc861f9a6f12a0a0ba5b9f49eee983205859eebf98329d3c62c7dbd3a772e8b3742a06a82ed3b4aaa9410a4e10df817c5b65a79331892e3b575f8a1e98e0a251ee41ef19f5a8723ff9fa4519efb398011cddbb5c4a7a8806fe553d4e0e3a2c2d25b1afa32262d6a57701c3ca4582ea3f35b4b07dc3259f387a71a6d58
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+      IsCertificateAuthority: true
+      SerialNumber: 1da248306f9b2618d082e0967d33d36a
+      Version: 3
+      TBS:
+        MD5: c1eabfb5994258ad955adb7c2df165e6
+        SHA1: fa33b3c00cebc469b269220d9eab26926c9b8ad8
+        SHA256: 70dffac37eb787b2198816982c7d44f541d2e39a7dac069d37b367dc9f354b32
+        SHA384: 20adc5b59cb532e215f01ba09a9c745898c206555613512fea7c295ccfd17ced4fe2c5bc3274ca8a270fc68799b8343c
+    Signer:
+    - SerialNumber: 00bae5fa7e148e727ecf4481e69416f9a0
+      Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+        RSA Code Signing CA
+      Version: 1
+  Imphash: 4c304943af1b07b15a5efa80f17d9b89
+  LoadsDespiteHVCI: 'FALSE'
+- Authentihash:
+    MD5: ea34e232fa33735e7ec30ffecd39e9b7
+    SHA1: 89817cfa2603b582c1e9f7f66db5847ec6661b36
+    SHA256: df4566edea7c02e29d7dc56ff3f7da6c1ef846e1063b2805a5180bb0d6db37e8
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2018-03-06 02:32:52'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: ''
+  ImportedFunctions:
+  - ZwMapViewOfSection
+  - RtlInitUnicodeString
+  - ZwUnmapViewOfSection
+  - ZwClose
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - MmUnmapLockedPages
+  - MmMapLockedPages
+  - MmFreeContiguousMemory
+  - MmBuildMdlForNonPagedPool
+  - IoFreeMdl
+  - MmGetPhysicalAddress
+  - MmMapIoSpace
+  - PsGetVersion
+  - MmIsAddressValid
+  - IoAllocateMdl
+  - MmAllocateContiguousMemory
+  - DbgPrint
+  - IoDeleteSymbolicLink
+  - IoDeleteDevice
+  - IofCompleteRequest
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - KeBugCheckEx
+  - MmMapLockedPagesSpecifyCache
+  - MmUnmapIoSpace
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: 304f7b25251e688516aa452411c0d439
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  PDBPath: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ''
+  RichPEHeaderHash:
+    MD5: c00cf23e0046a177de4bc1e505e3aab8
+    SHA1: 22294b742e5e9a98ee5cde08bfc7b38bed3b8dfc
+    SHA256: b1ad7c2951f77267f3557f4ac3008b34d24538a221eacb44df3de75b0b4e093f
+  SHA1: 3a2e9523fa861714f1acf76009c2b024aa78ad03
+  SHA256: f06fdfe50ebc8d1d2daf5811b66288563f26a09a2ec9c2a21e2a71ff19756062
+  Sections:
+    .text:
+      Entropy: 6.233864044218723
+      Virtual Size: '0x185e'
+    .rdata:
+      Entropy: 4.19939457022358
+      Virtual Size: '0x234'
+    .data:
+      Entropy: 0.5159719988134768
+      Virtual Size: '0x110'
+    .pdata:
+      Entropy: 3.646261220984394
+      Virtual Size: '0xc0'
+    INIT:
+      Entropy: 5.080431277889913
+      Virtual Size: '0x3f2'
+  Signature: ''
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+        EV Root CA
+      ValidFrom: '2011-04-15 19:45:33'
+      ValidTo: '2021-04-15 19:55:33'
+      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 61204db4000000000027
+      Version: 3
+      TBS:
+        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+    - Subject: ??=US, ??=Georgia, ??=Private Organization, serialNumber=J912954, C=US,
+        ST=Georgia, L=Norcross, O=American Megatrends, Inc., CN=American Megatrends,
+        Inc.
+      ValidFrom: '2017-08-30 00:00:00'
+      ValidTo: '2020-09-24 12:00:00'
+      Signature: 5a00ce1b66cc04a3be37c0926957fc54b1f2904c69a3555d90a15e3c7b7133e76583a0fe5c13c21cdddda40e6f0ba958964796abcfbb7fbe4de15a009f80e653556e29cac9d208645b8154f52f6045fa268f6e6b57536f21833f2cc92c5e9a51636cfeaa74f0b8ab80a8649d68c7c46f51a534c0697a426aa37337c7956268f4cdc8d88adbd1aa0cb620abeb7166172e914016c84e00824751b4f7142b54c56b74d578fd97aadda3e8e777ec22c34460a8dc7e0392a9adab018b16699d9ddd7551fd5c5924f3d1ccb9e6ef67ca0ab2107d1abf158add6d42ba18dee5ec35e3445627df4744d71f73ee3a199aaa42993ebaaa7f91f8b6d1b623350744853c1b38
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+      IsCertificateAuthority: false
+      SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
+      Version: 3
+      TBS:
+        MD5: a5de00a04f3cc5cb19818f21f9dfb050
+        SHA1: ca921c1b360b04765d8eec4edb88438ba7a28049
+        SHA256: 4c8b0e0cfde13478b5bc8b7e58a4b5f0971d324c17fa908b79816e5efa86e10c
+        SHA384: bea7d7bb51b76f219104dd211fec73f9951d47e116bdf3095b28bb02a33b675069ef5c283950f523828fd5434150c71a
+    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+      ValidFrom: '2014-10-22 00:00:00'
+      ValidTo: '2024-10-22 00:00:00'
+      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 03019a023aff58b16bd6d5eae617f066
+      Version: 3
+      TBS:
+        MD5: a752afee44f017e8d74e3f3eb7914ae3
+        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
+        CA (SHA2)
+      ValidFrom: '2012-04-18 12:00:00'
+      ValidTo: '2027-04-18 12:00:00'
+      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+      IsCertificateAuthority: true
+      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+      Version: 3
+      TBS:
+        MD5: 83f5de89f641d0fbf60248e10a7b9534
+        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
+      ValidFrom: '2006-11-10 00:00:00'
+      ValidTo: '2021-11-10 00:00:00'
+      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+      Version: 3
+      TBS:
+        MD5: 4e5ad189638cf52ba9cd881d4d44668c
+        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+    Signer:
+    - SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
+      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
+        CA (SHA2)
+      Version: 1
+  Imphash: 363922cc73591e60f2af113182414230
+  LoadsDespiteHVCI: 'FALSE'
+- Authentihash:
+    MD5: 055ae7ceb7439b6f8de45c1143b8d84b
+    SHA1: e91ea7fece914edc7f398a05bec3fcfb765328bb
+    SHA256: 2ee914c20b3e4a321bcd2ea2f0f437cda6da09dc0819cd6f06960c0567f4cb19
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2011-06-13 02:41:57'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: ''
+  ImportedFunctions:
+  - ZwClose
+  - ZwMapViewOfSection
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - RtlInitUnicodeString
+  - ZwUnmapViewOfSection
+  - MmFreeContiguousMemory
+  - IoFreeMdl
+  - MmMapLockedPages
+  - MmBuildMdlForNonPagedPool
+  - MmUnmapIoSpace
+  - MmGetPhysicalAddress
+  - MmIsAddressValid
+  - MmAllocateContiguousMemory
+  - MmUnmapLockedPages
+  - IoDeleteDevice
+  - IoDeleteSymbolicLink
+  - IofCompleteRequest
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - IoAllocateMdl
+  - MmMapIoSpace
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: cb6173824b31a721e5cf332c75bb2473
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  PDBPath: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ''
+  RichPEHeaderHash:
+    MD5: 9f334698254c92ce933257bc672850e4
+    SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
+    SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
+  SHA1: 41f2d0f9863bce8920c207b1ef5d3d32b603edef
+  SHA256: fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330
+  Sections:
+    .text:
+      Entropy: 6.001236000314558
+      Virtual Size: '0x1176'
+    .rdata:
+      Entropy: 4.514613046184404
+      Virtual Size: '0x278'
+    .data:
+      Entropy: 0.5159719988134768
+      Virtual Size: '0x110'
+    .pdata:
+      Entropy: 3.48065651504342
+      Virtual Size: '0xb4'
+    INIT:
+      Entropy: 4.891266027306224
+      Virtual Size: '0x36e'
+  Signature: ''
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
+        G2
+      ValidFrom: '2007-06-15 00:00:00'
+      ValidTo: '2012-06-14 23:59:59'
+      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+      Version: 3
+      TBS:
+        MD5: d6c7684e9aaa508cf268335f83afe040
+        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+      ValidFrom: '2003-12-04 00:00:00'
+      ValidTo: '2013-12-03 23:59:59'
+      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+      Version: 3
+      TBS:
+        MD5: 518d2ea8a21e879c942d504824ac211c
+        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
+        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
+        CA
+      ValidFrom: '2009-05-21 00:00:00'
+      ValidTo: '2019-05-20 23:59:59'
+      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+      Version: 3
+      TBS:
+        MD5: 650704c342850095f3288eaf791147d4
+        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+      ValidFrom: '2006-05-23 17:01:29'
+      ValidTo: '2016-05-23 17:11:29'
+      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 610c120600000000001b
+      Version: 3
+      TBS:
+        MD5: 53c41bc1164e09e0cd1617a5bf913efd
+        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+    - Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
+        ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
+        Megatrends, Inc.
+      ValidFrom: '2010-05-07 00:00:00'
+      ValidTo: '2012-05-06 23:59:59'
+      Signature: 41aa6f714033d64479b8e3492829a9435eeaaa4d4d82b4a95192c18a07ab08afe25582abe5acaea015492a737f7bdd4591fdb50b670888a4d66dae5fc240fbd68276b8264e9f438df308568bbae1a06544acd767d960475aaf62cbce8e8feea6eafd802954e28ecf016620e7686727c6b75ddfb2818317e1e333641aae42d1cf6ec8f95bcc96a647143801547c6b3857323c08b552602724268d3c35569e83368bfed55c81cee51ac4a16db9f81fff47687ad82c20ef5fb7ea9102a43de699caa0b86c1a07b4a4b6f949c28cec24892a74461a0d3f8659f2abfc58818ba2b44393970d08bde058c694a73e335eab3a17df129668db432e2ea659f1f4774a1bdc
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
+      Version: 3
+      TBS:
+        MD5: 64f5c20bac3ca9a20857800f4df459c1
+        SHA1: a74a6dc7bbed636d0dd81f4c568e8ba9a1b4f63c
+        SHA256: b719be4421509ea4032925e523e7045900feda002cc27f69031630da48e7c132
+        SHA384: 2ba2a3529dfbfaef4d681335a89d21e7a909249870e12e04e3257a7f76d638ffd5d1318b07525e87e61e9819610b6e64
+    Signer:
+    - SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
+      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
+        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
+        CA
+      Version: 1
+  Imphash: 4c304943af1b07b15a5efa80f17d9b89
+  LoadsDespiteHVCI: 'FALSE'
+- Authentihash:
+    MD5: f7b9cfa7e07f5c516f65bbe9f7976634
+    SHA1: 40603c7230d74ff33524a11c0b09f9459e7afe91
+    SHA256: 8b4cbd2bc16071a1868597ec86857dba1140f981e3e943b0857341daffff4e69
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2012-07-23 01:53:08'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: ''
+  ImportedFunctions:
+  - ZwMapViewOfSection
+  - RtlInitUnicodeString
+  - ZwUnmapViewOfSection
+  - ZwClose
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - MmUnmapLockedPages
+  - MmMapLockedPages
+  - MmFreeContiguousMemory
+  - MmBuildMdlForNonPagedPool
+  - MmMapIoSpace
+  - MmGetPhysicalAddress
+  - MmIsAddressValid
+  - IoAllocateMdl
+  - MmAllocateContiguousMemory
+  - IoDeleteSymbolicLink
+  - IoDeleteDevice
+  - IofCompleteRequest
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - KeBugCheckEx
+  - IoFreeMdl
+  - MmUnmapIoSpace
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: 73fc2954829a49fc8eb178b000d10120
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  PDBPath: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ''
+  RichPEHeaderHash:
+    MD5: 4514064220e4df532f9e1c494dcf525b
+    SHA1: 2c8246e50cf577a458ea6c41dbdbce96b1cd935c
+    SHA256: cf1a7659682ded15bdb0f509de52b3e4aaa2bffb9e19b98208b8615bd9138433
+  SHA1: 4040f6974119ff2486f9a0cbd749ce240cbee2aa
+  SHA256: 26ba58c9af9c8a7aebf222f491f786daa0626be44d34f170fea3623d92828e63
+  Sections:
+    .text:
+      Entropy: 6.111427747435866
+      Virtual Size: '0x111e'
+    .rdata:
+      Entropy: 4.155346525091322
+      Virtual Size: '0x1fc'
+    .data:
+      Entropy: 0.5159719988134768
+      Virtual Size: '0x110'
+    .pdata:
+      Entropy: 3.5513818130711634
+      Virtual Size: '0xa8'
+    INIT:
+      Entropy: 5.084386508092528
+      Virtual Size: '0x39e'
+  Signature: ''
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
+        , G3
+      ValidFrom: '2012-05-01 00:00:00'
+      ValidTo: '2012-12-31 23:59:59'
+      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+      Version: 3
+      TBS:
+        MD5: e6d820afb23af20a65cf0b03247ea05e
+        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+      ValidFrom: '2003-12-04 00:00:00'
+      ValidTo: '2013-12-03 23:59:59'
+      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+      Version: 3
+      TBS:
+        MD5: 518d2ea8a21e879c942d504824ac211c
+        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+    - Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
+        ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
+        Megatrends, Inc.
+      ValidFrom: '2012-06-26 00:00:00'
+      ValidTo: '2015-06-26 23:59:59'
+      Signature: 5460beb703f166c9e6162d718f8e007272cb4311c796179a1d9f961bf90afd5019666505230d293cec6536bdeb283d167d4aa10d10e1693a9203ac123052e9a85dd70e698e1d4d27609892c789a423afb9f4db6063873df482e41c4533931ba6e85bf70f6ba1ffeed4dbb4a9d8d64698eca2b119fdb150d1d371cf7bf66f91ee76c743a8da01a13748dcd300def65d094ea4c9298d897e7c2e35c1445445b8570fd3cf14e966c35206d738b2074cc4e1a09e467e4d817a4bb8ba5c4ae69e30682ce55df79f9bc796dc0fc60fba1b5ecca4c3b963e7b666cd1b7eddc0dd4f0f1ec95e1c77aeb4081e4d0e44ff28c243945a6e6e14eaf39b76856e93b0f4843384
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 5ba2905d11f5cfbbc53ab21bfd39defe
+      Version: 3
+      TBS:
+        MD5: 5fa5fe411cf2f824dba6ce8c34a7c1a2
+        SHA1: 3c83886e28508f0cf5222ae6e8ffdb874144d42d
+        SHA256: 9a70952ea856e2791bbdfad165dea69c7e57236053401fca97c67f95799efc41
+        SHA384: 485bdb94bb6c9f8bcaea54c102f710d6f5b6b85a77431bed08697ad7c2386db4fc34e8860369fd6ecaa5fc37b8577ecc
+    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
+        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
+        Authority , G5
+      ValidFrom: '2011-02-22 19:25:17'
+      ValidTo: '2021-02-22 19:35:17'
+      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 611993e400000000001c
+      Version: 3
+      TBS:
+        MD5: 78a717e082dcc1cda3458d917e677d14
+        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
+        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
+        CA
+      ValidFrom: '2010-02-08 00:00:00'
+      ValidTo: '2020-02-07 23:59:59'
+      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+      Version: 3
+      TBS:
+        MD5: b30c31a572b0409383ed3fbe17e56e81
+        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+    Signer:
+    - SerialNumber: 5ba2905d11f5cfbbc53ab21bfd39defe
+      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
+        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
+        CA
+      Version: 1
+  Imphash: 9943d029b8ce940ac6c9a8ab0737bf35
+  LoadsDespiteHVCI: 'FALSE'
+- Authentihash:
+    MD5: 8d9eae0e8d075f0ddfaac56869fb4b12
+    SHA1: a6d2266a4e27c71666ce5964570e87a8b0227e91
+    SHA256: 9022cdd52aa3420757d5c16fe61a4fd4d538fe74981ddf3f29de00eb7a3be849
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2011-07-15 00:02:29'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: ''
+  ImportedFunctions:
+  - ZwClose
+  - ZwMapViewOfSection
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - RtlInitUnicodeString
+  - ZwUnmapViewOfSection
+  - MmFreeContiguousMemory
+  - IoFreeMdl
+  - MmMapLockedPages
+  - MmBuildMdlForNonPagedPool
+  - MmUnmapIoSpace
+  - MmGetPhysicalAddress
+  - MmIsAddressValid
+  - MmAllocateContiguousMemory
+  - MmUnmapLockedPages
+  - IoDeleteDevice
+  - IoDeleteSymbolicLink
+  - IofCompleteRequest
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - IoAllocateMdl
+  - MmMapIoSpace
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: 28463a6a70f9a686a45934f6559b9b17
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  PDBPath: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ''
+  RichPEHeaderHash:
+    MD5: 1f44b746a7f3063e2a8fdd3d0d19b55e
+    SHA1: 93c45eb6cc3a19b2a3c714b15e9eaa6460232124
+    SHA256: 07ede27cc723134153668c011d01210e82f50b6d45471edbc77aba4a5c9c5413
+  SHA1: 27661f6a951a7fa031644bdf014e864c4ee6ec76
+  SHA256: 990165725debccea7ca15aa4ed7a0e3a2a25b4a72cb309a27c899bd0e4b5148f
+  Sections:
+    .text:
+      Entropy: 6.012130762301222
+      Virtual Size: '0x1226'
+    .rdata:
+      Entropy: 4.446456569232528
+      Virtual Size: '0x244'
+    .data:
+      Entropy: 0.5159719988134768
+      Virtual Size: '0x110'
+    .pdata:
+      Entropy: 3.504567295189878
+      Virtual Size: '0x9c'
+    INIT:
+      Entropy: 4.891266027306224
+      Virtual Size: '0x36e'
+  Signature: ''
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
+        G2
+      ValidFrom: '2007-06-15 00:00:00'
+      ValidTo: '2012-06-14 23:59:59'
+      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+      Version: 3
+      TBS:
+        MD5: d6c7684e9aaa508cf268335f83afe040
+        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+      ValidFrom: '2003-12-04 00:00:00'
+      ValidTo: '2013-12-03 23:59:59'
+      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+      Version: 3
+      TBS:
+        MD5: 518d2ea8a21e879c942d504824ac211c
+        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
+        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
+        CA
+      ValidFrom: '2009-05-21 00:00:00'
+      ValidTo: '2019-05-20 23:59:59'
+      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+      Version: 3
+      TBS:
+        MD5: 650704c342850095f3288eaf791147d4
+        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+      ValidFrom: '2006-05-23 17:01:29'
+      ValidTo: '2016-05-23 17:11:29'
+      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 610c120600000000001b
+      Version: 3
+      TBS:
+        MD5: 53c41bc1164e09e0cd1617a5bf913efd
+        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+    - Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
+        ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
+        Megatrends, Inc.
+      ValidFrom: '2010-05-07 00:00:00'
+      ValidTo: '2012-05-06 23:59:59'
+      Signature: 41aa6f714033d64479b8e3492829a9435eeaaa4d4d82b4a95192c18a07ab08afe25582abe5acaea015492a737f7bdd4591fdb50b670888a4d66dae5fc240fbd68276b8264e9f438df308568bbae1a06544acd767d960475aaf62cbce8e8feea6eafd802954e28ecf016620e7686727c6b75ddfb2818317e1e333641aae42d1cf6ec8f95bcc96a647143801547c6b3857323c08b552602724268d3c35569e83368bfed55c81cee51ac4a16db9f81fff47687ad82c20ef5fb7ea9102a43de699caa0b86c1a07b4a4b6f949c28cec24892a74461a0d3f8659f2abfc58818ba2b44393970d08bde058c694a73e335eab3a17df129668db432e2ea659f1f4774a1bdc
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
+      Version: 3
+      TBS:
+        MD5: 64f5c20bac3ca9a20857800f4df459c1
+        SHA1: a74a6dc7bbed636d0dd81f4c568e8ba9a1b4f63c
+        SHA256: b719be4421509ea4032925e523e7045900feda002cc27f69031630da48e7c132
+        SHA384: 2ba2a3529dfbfaef4d681335a89d21e7a909249870e12e04e3257a7f76d638ffd5d1318b07525e87e61e9819610b6e64
+    Signer:
+    - SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
+      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
+        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
+        CA
+      Version: 1
+  Imphash: 4c304943af1b07b15a5efa80f17d9b89
+  LoadsDespiteHVCI: 'FALSE'
+- Authentihash:
+    MD5: 87f85bfe34bc87a88c131a034dc171ba
+    SHA1: 169d8790ec6c0415b111411faf36c9e2626c3e98
+    SHA256: 7ccc32e11372896cc01d7780e1176ed6fedd17f846001bc3bf78699e4448105f
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2008-05-23 01:59:34'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: ''
+  ImportedFunctions:
+  - ZwClose
+  - ZwMapViewOfSection
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - RtlInitUnicodeString
+  - ZwUnmapViewOfSection
+  - MmFreeContiguousMemory
+  - IoFreeMdl
+  - MmMapLockedPages
+  - MmBuildMdlForNonPagedPool
+  - MmUnmapIoSpace
+  - MmGetPhysicalAddress
+  - MmIsAddressValid
+  - MmAllocateContiguousMemory
+  - MmUnmapLockedPages
+  - IoDeleteDevice
+  - IoDeleteSymbolicLink
+  - IofCompleteRequest
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - IoAllocateMdl
+  - MmMapIoSpace
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: b15a6de1b4a01c73a16f158c2b6b979f
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  PDBPath: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ''
+  RichPEHeaderHash:
+    MD5: 9f334698254c92ce933257bc672850e4
+    SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
+    SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
+  SHA1: a0e95166bb6f80ef56cd645717d93174e47b750a
+  SHA256: 7c942801884999057aabdc01707570371afdb077979ee2f318c05276123b78e7
+  Sections:
+    .text:
+      Entropy: 6.003768789888146
+      Virtual Size: '0x1186'
+    .rdata:
+      Entropy: 4.392959551890208
+      Virtual Size: '0x29c'
+    .data:
+      Entropy: 0.5159719988134768
+      Virtual Size: '0x110'
+    .pdata:
+      Entropy: 3.5078933972637767
+      Virtual Size: '0xd8'
+    INIT:
+      Entropy: 4.8944037123884145
+      Virtual Size: '0x36e'
+  Signature: ''
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
+        G2
+      ValidFrom: '2007-06-15 00:00:00'
+      ValidTo: '2012-06-14 23:59:59'
+      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+      Version: 3
+      TBS:
+        MD5: d6c7684e9aaa508cf268335f83afe040
+        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+      ValidFrom: '2003-12-04 00:00:00'
+      ValidTo: '2013-12-03 23:59:59'
+      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+      Version: 3
+      TBS:
+        MD5: 518d2ea8a21e879c942d504824ac211c
+        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
+        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
+        CA
+      ValidFrom: '2004-07-16 00:00:00'
+      ValidTo: '2014-07-15 23:59:59'
+      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+      Version: 3
+      TBS:
+        MD5: 41011f8d0e7c7a6408334ca387914c61
+        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+      ValidFrom: '2006-05-23 17:01:29'
+      ValidTo: '2016-05-23 17:11:29'
+      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 610c120600000000001b
+      Version: 3
+      TBS:
+        MD5: 53c41bc1164e09e0cd1617a5bf913efd
+        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+    - Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
+        ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
+        Megatrends, Inc.
+      ValidFrom: '2006-09-30 00:00:00'
+      ValidTo: '2009-11-16 23:59:59'
+      Signature: 7cb6b8f10c441fc01d130c6ae39a287be5cb175f02ae6c214f0034c77f262006f866180e4db8619079a50fef4fde71927b061ef79f3d0e1be1bba040afd81f202bb10892ce7a0549506158a1d15067dd7a82488cc4bd2c3f408ee928c85117ee0d080d9dc24b571b5d75e3ef1e87d3d6b755ab6f9c07ff92e3b2d515ab1219424bf288aed36595d534d91b905b80378c02bd470dd0fb8150888cd0ac3c98cd62becd7c274469167be833f226b05b822d875efa40863faa10e358edd17e3f4d1ee7d62590d1d3e26e9c953be9e1d9a309990e0bb9c06cdfaa89f7b021aaa8d933440d432eab2e7676bda57841b3e7a8933da8b1e047e9cde29ea89b62b4eb48b8
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
+      Version: 3
+      TBS:
+        MD5: 960327b70b290ec28fa2e85cbb7a41fa
+        SHA1: a2ac59e0c82196d6661212232bd3bcf0588e40ea
+        SHA256: 8bb26b4dc7c105fd9cdd0604cedbf3647a700dc4ddadcad839d8e27312253e73
+        SHA384: 7cfe0dfecc1d1abfa204d28c446f706736b73a35cb37e4c2a40c7f3b68eef14ebfb665a6f23e3c0413cd8caf5979607e
+    Signer:
+    - SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
+      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
+        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
+        CA
+      Version: 1
+  Imphash: 4c304943af1b07b15a5efa80f17d9b89
+  LoadsDespiteHVCI: 'FALSE'
+- Authentihash:
+    MD5: f7b9cfa7e07f5c516f65bbe9f7976634
+    SHA1: 40603c7230d74ff33524a11c0b09f9459e7afe91
+    SHA256: 8b4cbd2bc16071a1868597ec86857dba1140f981e3e943b0857341daffff4e69
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2012-07-23 01:53:08'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: ''
+  ImportedFunctions:
+  - ZwMapViewOfSection
+  - RtlInitUnicodeString
+  - ZwUnmapViewOfSection
+  - ZwClose
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - MmUnmapLockedPages
+  - MmMapLockedPages
+  - MmFreeContiguousMemory
+  - MmBuildMdlForNonPagedPool
+  - MmMapIoSpace
+  - MmGetPhysicalAddress
+  - MmIsAddressValid
+  - IoAllocateMdl
+  - MmAllocateContiguousMemory
+  - IoDeleteSymbolicLink
+  - IoDeleteDevice
+  - IofCompleteRequest
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - KeBugCheckEx
+  - IoFreeMdl
+  - MmUnmapIoSpace
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: 6b53c79248a6699da703c4c3ff9d4a7e
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  PDBPath: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ''
+  RichPEHeaderHash:
+    MD5: 4514064220e4df532f9e1c494dcf525b
+    SHA1: 2c8246e50cf577a458ea6c41dbdbce96b1cd935c
+    SHA256: cf1a7659682ded15bdb0f509de52b3e4aaa2bffb9e19b98208b8615bd9138433
+  SHA1: 61ec6cb5de378948ef036ff627c87c32f7308bad
+  SHA256: 3972159a58fd04da06f648c3828648cf394d3eb6af89538166cae8e6184c3eb6
+  Sections:
+    .text:
+      Entropy: 6.111427747435866
+      Virtual Size: '0x111e'
+    .rdata:
+      Entropy: 4.155346525091322
+      Virtual Size: '0x1fc'
+    .data:
+      Entropy: 0.5159719988134768
+      Virtual Size: '0x110'
+    .pdata:
+      Entropy: 3.5513818130711634
+      Virtual Size: '0xa8'
+    INIT:
+      Entropy: 5.084386508092528
+      Virtual Size: '0x39e'
+  Signature: ''
+  Signatures: {}
+  Imphash: 9943d029b8ce940ac6c9a8ab0737bf35
+  LoadsDespiteHVCI: 'FALSE'
+- Authentihash:
+    MD5: 9e725819820804fbf377917e9e7a3333
+    SHA1: b0ec7d971da8ae84c0ed8f88a5d46b23996e636c
+    SHA256: 038f39558035292f1d794b7cf49f8e751e8633daec31454fe85cccbea83ba3fb
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2009-08-20 04:07:22'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: ''
+  ImportedFunctions:
+  - ZwClose
+  - ZwMapViewOfSection
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - RtlInitUnicodeString
+  - ZwUnmapViewOfSection
+  - MmFreeContiguousMemory
+  - IoFreeMdl
+  - MmMapLockedPages
+  - MmBuildMdlForNonPagedPool
+  - MmUnmapIoSpace
+  - MmGetPhysicalAddress
+  - MmIsAddressValid
+  - MmAllocateContiguousMemory
+  - MmUnmapLockedPages
+  - IoDeleteDevice
+  - IoDeleteSymbolicLink
+  - IofCompleteRequest
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - IoAllocateMdl
+  - MmMapIoSpace
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: 5f463e27d90035be365077d1d1ebb3d7
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  PDBPath: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ''
+  RichPEHeaderHash:
+    MD5: 9f334698254c92ce933257bc672850e4
+    SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
+    SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
+  SHA1: 7019169a8348050774aa49a0e31c3670ee867277
+  SHA256: 3482f671cb1b6414e43ab2c9bccc94c1fba67ceac6e9831249f18f31ad68880c
+  Sections:
+    .text:
+      Entropy: 5.99821129939302
+      Virtual Size: '0x1176'
+    .rdata:
+      Entropy: 4.414177314559514
+      Virtual Size: '0x264'
+    .data:
+      Entropy: 0.5159719988134768
+      Virtual Size: '0x110'
+    .pdata:
+      Entropy: 3.4895989621236247
+      Virtual Size: '0xb4'
+    INIT:
+      Entropy: 4.891266027306224
+      Virtual Size: '0x36e'
+  Signature: ''
+  Signatures: {}
+  Imphash: 4c304943af1b07b15a5efa80f17d9b89
+  LoadsDespiteHVCI: 'FALSE'
 Tags:
 - amifldrv64.sys
 - amifldrv.sys
diff --git a/yaml/3c5c8c6e-b14e-40d5-b231-c0be0f9b3932.yaml b/yaml/3c5c8c6e-b14e-40d5-b231-c0be0f9b3932.yaml
deleted file mode 100644
index 98a45787..00000000
--- a/yaml/3c5c8c6e-b14e-40d5-b231-c0be0f9b3932.yaml
+++ /dev/null
@@ -1,171 +0,0 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
-Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create AsUpIO64.sys binPath=C:\windows\temp\AsUpIO64.sys type=kernel
-    && sc.exe start AsUpIO64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection: []
-Id: 3c5c8c6e-b14e-40d5-b231-c0be0f9b3932
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 1e97ead4c5049f8fefe2b72edd5fa90e
-    SHA1: 2a95f882dd9bafcc57f144a2708a7ec67dd7844c
-    SHA256: 7f75d91844b0c162eeb24d14bcf63b7f230e111daa7b0a26eaa489eeb22d9057
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2010-08-02 20:47:59'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: AsUpIO64.sys
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 1392b92179b07b672720763d9b1028a5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 058831031bc182e09fd9501e62a8c8ce
-    SHA1: 23c55978de25c037af392054d26cc72818ee3a60
-    SHA256: 7890a60d1090102ce6bb8cacac02b827a9edbbdf8ec13c022a9170b0ee036c43
-  SHA1: 8b6aa5b2bff44766ef7afbe095966a71bc4183fa
-  SHA256: b4d47ea790920a4531e3df5a4b4b0721b7fea6b49a35679f0652f1e590422602
-  Sections:
-    .text:
-      Entropy: 6.128485959548185
-      Virtual Size: '0x10fc'
-    .rdata:
-      Entropy: 4.469326855336564
-      Virtual Size: '0x1a0'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.3216749799000778
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 4.5288929688981066
-      Virtual Size: '0x24a'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2009-08-03 00:00:00'
-      ValidTo: '2012-08-03 23:59:59'
-      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Version: 3
-      TBS:
-        MD5: a8e2727ca2cb8705c02aaef015feb372
-        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
-        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
-        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
-    Signer:
-    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: b4b90c1b054ebe273bff4b2fd6927990
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- ' https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md'
-- https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- AsUpIO64.sys
-Verified: 'TRUE'
diff --git a/yaml/50cfaec9-55f8-49df-aa3e-b9ec3f4f4ff3.yaml b/yaml/50cfaec9-55f8-49df-aa3e-b9ec3f4f4ff3.yaml
deleted file mode 100644
index ec42690c..00000000
--- a/yaml/50cfaec9-55f8-49df-aa3e-b9ec3f4f4ff3.yaml
+++ /dev/null
@@ -1,258 +0,0 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
-Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create mhyprot.sys binPath=C:\windows\temp\mhyprot.sys type=kernel
-    && sc.exe start mhyprot.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection: []
-Id: 50cfaec9-55f8-49df-aa3e-b9ec3f4f4ff3
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: ff295de93e6b6dcc3938d50901a7240d
-    SHA1: 484c72dd4fd91083b249f3ccc733a3c8335e583f
-    SHA256: 0c7809ac1fa074408518ddc0ac118912c9cd43ed9c89213bc4d59043016b040c
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-08-16 21:38:03'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: mhyprot.sys
-  ImportedFunctions:
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - ZwQueryVirtualMemory
-  - MmProbeAndLockPages
-  - PsLookupProcessByProcessId
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoGetCurrentProcess
-  - MmCopyVirtualMemory
-  - KeClearEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPages
-  - ObReferenceObjectByHandle
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ExEventObjectType
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - _snprintf
-  - vsprintf_s
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - DbgPrint
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - MmBuildMdlForNonPagedPool
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 4b817d0e7714b9d43db43ae4a22a161e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 0466e90bf0e83b776ca8716e01d35a8a2e5f96d3
-  SHA256: 509628b6d16d2428031311d7bd2add8d5f5160e9ecc0cd909f1e82bbbb3234d6
-  Sections:
-    .text:
-      Entropy: 6.183070832014416
-      Virtual Size: '0x6ed0'
-    .rdata:
-      Entropy: 4.768973580594352
-      Virtual Size: '0x159c'
-    .data:
-      Entropy: 0.807954115503613
-      Virtual Size: '0x15f8'
-    .pdata:
-      Entropy: 7.83996638727823
-      Virtual Size: '0x684'
-    PAGE:
-      Entropy: 5.929327209049661
-      Virtual Size: '0xb7a'
-    INIT:
-      Entropy: 5.3523212488458185
-      Virtual Size: '0xe54'
-    .upx0:
-      Entropy: 7.037246397744446
-      Virtual Size: '0x124190'
-    .reloc:
-      Entropy: 3.9077681077271933
-      Virtual Size: '0xcc'
-    .rsrc:
-      Entropy: 2.9056718289000636
-      Virtual Size: '0x22c'
-  Signature:
-  - miHoYo Co.,Ltd.
-  - DigiCert Assured ID Code Signing CA-1
-  - DigiCert
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
-      ValidFrom: '2019-04-08 00:00:00'
-      ValidTo: '2022-04-08 12:00:00'
-      Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Version: 3
-      TBS:
-        MD5: 3e83a7572d1c522dd9072ba6399029d7
-        SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
-        SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
-        SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  Imphash: a74f61fdcea718cb9579907b2caf54ab
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- ' https://github.com/jbaines-r7/dellicious'
-- ' https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/'
-- https://github.com/elastic/protections-artifacts/blob/932baf346cc8a743f1963ad3d4565b42ed17bebe/yara/rules/Windows_VulnDriver_Mhyprot.yar
-- https://github.com/jbaines-r7/dellicious and https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
-Tags:
-- mhyprot.sys
-Verified: 'TRUE'
diff --git a/yaml/79692987-1dd0-41a0-a560-9a0441922e5a.yaml b/yaml/79692987-1dd0-41a0-a560-9a0441922e5a.yaml
deleted file mode 100644
index 7f81a277..00000000
--- a/yaml/79692987-1dd0-41a0-a560-9a0441922e5a.yaml
+++ /dev/null
@@ -1,170 +0,0 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
-Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create AsIO64.sys binPath=C:\windows\temp\AsIO64.sys type=kernel
-    && sc.exe start AsIO64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection: []
-Id: 79692987-1dd0-41a0-a560-9a0441922e5a
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: d593aec08f96fe410f7a6b53e49551a0
-    SHA1: 2ea631bfe3fd765e3a03b3165790faf8fdd8286b
-    SHA256: 906d8412b357379db9512e3f584fcda1f788acc1337e5b4d4eff5e6fa59324a6
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2007-12-17 02:11:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: AsIO64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeDelayExecutionThread
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - DbgPrint
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 8065a7659562005127673ac52898675f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ASUSTeK Computer Inc.
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  SHA1: fcde5275ee1913509927ce5f0f85e6681064c9d2
-  SHA256: b48a309ee0960da3caaaaf1e794e8c409993aeb3a2b64809f36b97aac8a1e62a
-  Sections:
-    .text:
-      Entropy: 6.269179908398606
-      Virtual Size: '0x106c'
-    .rdata:
-      Entropy: 4.398778967999751
-      Virtual Size: '0x19c'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.2766921576186183
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.419041794725205
-      Virtual Size: '0x218'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2007-07-03 00:00:00'
-      ValidTo: '2008-07-26 23:59:59'
-      Signature: 2eca2db768d60f241f8c155b9db4bc91a02d16a3f1ec09059aa3b91a4ee0e44317d1f286d12133f44f4b282141287a8b9a3781b46184f732a599edb622e6057156d99221a130091c9f171f1a5f75125a68270d5c21ac379541136b8bf164a0ee6c9b9f5557754ea940f1c836e6d823528d764aaa41b038d84523e395c0ada5e17fea7912a0d10aa807fc0b89d4d116b92dbfc7028f1a23d5d679ac9a1023952a2cf98940ad5cc16bd9381403751ebd52c892205205d51d72b2a83ddb92547fce93e2b6617a42c7249312344ee0b9184859e8b1dd39bd5e61ab5999cbc8aa8807c8538c1926e49a9bbc29dcdf266a603c85f8df773c9659bcf08ffe2ba0f1cfa5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
-      Version: 3
-      TBS:
-        MD5: 54f73eaca10fe12ff2e14194e2f019b8
-        SHA1: 471cb77202e7d4941a5bff8ba813f5ed221dc32e
-        SHA256: 9dba2d4765226ca91fb7104e0cbd01308c4e8ed9727ea661eeaa473d7825ee35
-        SHA384: 272d877ad02e5487a0864e4d876a9e06fea5ead9cd149e7a48c4f111cfa8dc2f05f1042f2822b42360896da334e6390d
-    Signer:
-    - SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 5662b51943d85b7ca47a99cac81af985
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- ' https://github.com/namazso/physmem_drivers'
-- https://github.com/namazso/physmem_drivers
-Tags:
-- AsIO64.sys
-Verified: 'TRUE'
diff --git a/yaml/8b9d1a29-f5f4-4ce6-8fe2-5709123f7b86.yaml b/yaml/8b9d1a29-f5f4-4ce6-8fe2-5709123f7b86.yaml
deleted file mode 100644
index 0ed0bc04..00000000
--- a/yaml/8b9d1a29-f5f4-4ce6-8fe2-5709123f7b86.yaml
+++ /dev/null
@@ -1,128 +0,0 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
-Author: Michael Haag
-CVE:
-- ''
-Category: vulnerable drivers
-Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 8b9d1a29-f5f4-4ce6-8fe2-5709123f7b86
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 7bb2dcc29ba50372d08fea800c190f09
-    SHA1: e5c090903a20744ba3583a8ea684d035e8cecc34
-    SHA256: 9dcfd796e244d0687cc35eac9538f209f76c6df12de166f19dbc7d2c47fb16b3
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-08-22 03:54:47'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwClose
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: f701ddcc7c51919413ddadd351ad2fef
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
-    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
-    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
-  SHA1: ca47bab2bea62ff58caea4741bcfbd7f3abb6c5f
-  SHA256: 2d36642135166bbb296624dca878925963c7da785e42e940f02d01beb7c477d5
-  Sections:
-    .text:
-      Entropy: 6.1181571322303645
-      Virtual Size: '0xd66'
-    .rdata:
-      Entropy: 4.313686441268313
-      Virtual Size: '0x188'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.3006321366120503
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.548019208277369
-      Virtual Size: '0x24a'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2014-12-19 19:27:34'
-      ValidTo: '2016-03-19 19:27:34'
-      Signature: 9c8895d0b78e2fb9a8fff5d730270c52de3a7ead8c7e649a21d81298c0a56bed1fb109217ae8b55a5c3a4334ee73203e5d44c03ef843ef2b93621369e7079513d72985c1143d04b5f342dc3a92f554bd1a8a58943c177dda5dd7c3e5280891583cd251dac090051e36faa455e751498657c06ff9f886e6d431b498fce1ea596e21d8bc45c8ad97e2376158c2d18a1f1daaa694fd736ab959c8980358f5f83ccf340fc6594ddeb60587c567e7167ea1129a81f536222046cdde2706e30d6f2fb3b9984bace9f40afe2473a4b4ee4e1fb799259ba41101e08b546d55b55ecd52f10296d5ad0dadeba22cf7c250d5f029457c15f95dee91af4ee7ee0ed6f67ff4fc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000001dc31a761624754f8000000000001d
-      Version: 3
-      TBS:
-        MD5: df2a0bc442ef65cd9973329be21c642f
-        SHA1: d13bcda797c6b986a1a45b7ce9184e87ba0f994c
-        SHA256: 41718d172e45eaa02ec88494587672cf50f96a310aebc5b49a66c0adae99edc5
-        SHA384: db7864a35b468726f3d431e07825ae860ddb0d6250b3bd8906f1b0ff98ce7b4c563c73288b01ec8f1ec5a2a06f31bc40
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 330000001dc31a761624754f8000000000001d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: d7de998e454f947f62d4a6b66490563b
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- asio64.sys
-Verified: 'TRUE'
diff --git a/yaml/8d97bb7f-e009-4dc7-ab9d-fde293e679dc.yaml b/yaml/8d97bb7f-e009-4dc7-ab9d-fde293e679dc.yaml
index 3f7b405e..36056151 100644
--- a/yaml/8d97bb7f-e009-4dc7-ab9d-fde293e679dc.yaml
+++ b/yaml/8d97bb7f-e009-4dc7-ab9d-fde293e679dc.yaml
@@ -1,5 +1,5 @@
 Id: 8d97bb7f-e009-4dc7-ab9d-fde293e679dc
-Author: Nasreddine Bencherchali
+Author: Michael Haag, Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
@@ -13,6 +13,8 @@ Commands:
   OperatingSystem: Windows 10
 Resources:
 - Internal Research
+- https://github.com/namazso/physmem_drivers
+- https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.m
 Acknowledgement:
   Person: ''
   Handle: ''
@@ -323,5 +325,302 @@ KnownVulnerableSamples:
   CreationTimestamp: '2019-06-13 00:15:00'
   Imphash: 51780bba04121d6be13f69de08721445
   LoadsDespiteHVCI: 'TRUE'
+- Authentihash:
+    MD5: 3e6db96f242c0c3115075add7d7847a0
+    SHA1: c5da546e0af6119f033a5d4ed79e7f5d90c004ff
+    SHA256: 70870e20f563899e4f05be2d0049cb495552b409ca7f4729a335bcbfffc3f47c
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2011-10-20 01:35:13'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: AsUpIO.sys
+  ImportedFunctions:
+  - ZwClose
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - RtlInitUnicodeString
+  - IoDeleteDevice
+  - IoDeleteSymbolicLink
+  - ZwMapViewOfSection
+  - MmGetPhysicalAddress
+  - MmAllocateContiguousMemory
+  - ZwUnmapViewOfSection
+  - IoIs32bitProcess
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - IofCompleteRequest
+  - KeDelayExecutionThread
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: 6d4159694e1754f262e326b52a3b305a
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ASUSTeK Computer Inc.
+  RichPEHeaderHash:
+    MD5: 058831031bc182e09fd9501e62a8c8ce
+    SHA1: 23c55978de25c037af392054d26cc72818ee3a60
+    SHA256: 7890a60d1090102ce6bb8cacac02b827a9edbbdf8ec13c022a9170b0ee036c43
+  SHA1: d5fd9fe10405c4f90235e583526164cd0902ed86
+  SHA256: b9a4e40a5d80fedd1037eaed958f9f9efed41eb01ada73d51b5dcd86e27e0cbf
+  Sections:
+    .text:
+      Entropy: 6.059938493523471
+      Virtual Size: '0xe9c'
+    .rdata:
+      Entropy: 4.411239902936905
+      Virtual Size: '0x198'
+    .data:
+      Entropy: 0.0
+      Virtual Size: '0xc'
+    .pdata:
+      Entropy: 3.3572264762803816
+      Virtual Size: '0x90'
+    INIT:
+      Entropy: 4.554674727952949
+      Virtual Size: '0x24a'
+  Signature:
+  - ASUSTeK Computer Inc.
+  - VeriSign Class 3 Code Signing 2009-2 CA
+  - VeriSign Class 3 Public Primary CA
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
+        G2
+      ValidFrom: '2007-06-15 00:00:00'
+      ValidTo: '2012-06-14 23:59:59'
+      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+      Version: 3
+      TBS:
+        MD5: d6c7684e9aaa508cf268335f83afe040
+        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+      ValidFrom: '2003-12-04 00:00:00'
+      ValidTo: '2013-12-03 23:59:59'
+      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+      Version: 3
+      TBS:
+        MD5: 518d2ea8a21e879c942d504824ac211c
+        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
+        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
+        CA
+      ValidFrom: '2009-05-21 00:00:00'
+      ValidTo: '2019-05-20 23:59:59'
+      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+      Version: 3
+      TBS:
+        MD5: 650704c342850095f3288eaf791147d4
+        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+      ValidFrom: '2006-05-23 17:01:29'
+      ValidTo: '2016-05-23 17:11:29'
+      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 610c120600000000001b
+      Version: 3
+      TBS:
+        MD5: 53c41bc1164e09e0cd1617a5bf913efd
+        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
+        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
+        CN=ASUSTeK Computer Inc.
+      ValidFrom: '2009-08-03 00:00:00'
+      ValidTo: '2012-08-03 23:59:59'
+      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+      Version: 3
+      TBS:
+        MD5: a8e2727ca2cb8705c02aaef015feb372
+        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
+        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
+        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
+    Signer:
+    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
+        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
+        CA
+      Version: 1
+  Imphash: 9d5a58052468c8e07ff3d5bd730e5d00
+  LoadsDespiteHVCI: 'TRUE'
+- Authentihash:
+    MD5: 1e97ead4c5049f8fefe2b72edd5fa90e
+    SHA1: 2a95f882dd9bafcc57f144a2708a7ec67dd7844c
+    SHA256: 7f75d91844b0c162eeb24d14bcf63b7f230e111daa7b0a26eaa489eeb22d9057
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2010-08-02 20:47:59'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: AsUpIO64.sys
+  ImportedFunctions:
+  - ZwMapViewOfSection
+  - ObReferenceObjectByHandle
+  - ZwOpenSection
+  - RtlInitUnicodeString
+  - IoDeleteDevice
+  - IoDeleteSymbolicLink
+  - ZwClose
+  - MmGetPhysicalAddress
+  - MmAllocateContiguousMemory
+  - ZwUnmapViewOfSection
+  - IoIs32bitProcess
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - IofCompleteRequest
+  - KeDelayExecutionThread
+  - HalTranslateBusAddress
+  Imports:
+  - ntoskrnl.exe
+  - HAL.dll
+  InternalName: ''
+  MD5: 1392b92179b07b672720763d9b1028a5
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ''
+  RichPEHeaderHash:
+    MD5: 058831031bc182e09fd9501e62a8c8ce
+    SHA1: 23c55978de25c037af392054d26cc72818ee3a60
+    SHA256: 7890a60d1090102ce6bb8cacac02b827a9edbbdf8ec13c022a9170b0ee036c43
+  SHA1: 8b6aa5b2bff44766ef7afbe095966a71bc4183fa
+  SHA256: b4d47ea790920a4531e3df5a4b4b0721b7fea6b49a35679f0652f1e590422602
+  Sections:
+    .text:
+      Entropy: 6.128485959548185
+      Virtual Size: '0x10fc'
+    .rdata:
+      Entropy: 4.469326855336564
+      Virtual Size: '0x1a0'
+    .data:
+      Entropy: 0.0
+      Virtual Size: '0xc'
+    .pdata:
+      Entropy: 3.3216749799000778
+      Virtual Size: '0x90'
+    INIT:
+      Entropy: 4.5288929688981066
+      Virtual Size: '0x24a'
+  Signature:
+  - ASUSTeK Computer Inc.
+  - VeriSign Class 3 Code Signing 2009-2 CA
+  - VeriSign Class 3 Public Primary CA
+  Signatures:
+  - CertificatesInfo: ''
+    SignerInfo: ''
+    Certificates:
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
+        G2
+      ValidFrom: '2007-06-15 00:00:00'
+      ValidTo: '2012-06-14 23:59:59'
+      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+      Version: 3
+      TBS:
+        MD5: d6c7684e9aaa508cf268335f83afe040
+        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+      ValidFrom: '2003-12-04 00:00:00'
+      ValidTo: '2013-12-03 23:59:59'
+      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+      Version: 3
+      TBS:
+        MD5: 518d2ea8a21e879c942d504824ac211c
+        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
+        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
+        CA
+      ValidFrom: '2009-05-21 00:00:00'
+      ValidTo: '2019-05-20 23:59:59'
+      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+      Version: 3
+      TBS:
+        MD5: 650704c342850095f3288eaf791147d4
+        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+      ValidFrom: '2006-05-23 17:01:29'
+      ValidTo: '2016-05-23 17:11:29'
+      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: true
+      SerialNumber: 610c120600000000001b
+      Version: 3
+      TBS:
+        MD5: 53c41bc1164e09e0cd1617a5bf913efd
+        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
+        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
+        CN=ASUSTeK Computer Inc.
+      ValidFrom: '2009-08-03 00:00:00'
+      ValidTo: '2012-08-03 23:59:59'
+      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      IsCertificateAuthority: false
+      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+      Version: 3
+      TBS:
+        MD5: a8e2727ca2cb8705c02aaef015feb372
+        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
+        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
+        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
+    Signer:
+    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
+        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
+        CA
+      Version: 1
+  Imphash: b4b90c1b054ebe273bff4b2fd6927990
+  LoadsDespiteHVCI: 'FALSE'
 Tags:
 - AsUpIO.sys
+- AsUpIO64.sys
\ No newline at end of file
diff --git a/yaml/97ed6c7b-be4c-4f60-9157-c788a555ca9f.yml b/yaml/97ed6c7b-be4c-4f60-9157-c788a555ca9f.yml
deleted file mode 100644
index acaa7caf..00000000
--- a/yaml/97ed6c7b-be4c-4f60-9157-c788a555ca9f.yml
+++ /dev/null
@@ -1,183 +0,0 @@
-Id: 97ed6c7b-be4c-4f60-9157-c788a555ca9f
-Author: Takahiro Haruyama
-Created: '2023-10-12'
-MitreID: T1542
-Category: vulnerable driver
-Verified: 'TRUE'
-Commands:
-  Command: sc.exe create iscflashx64.sys binPath=C:\windows\temp\iscflashx64.sys type=kernel
-    && sc.exe start iscflashx64.sys
-  Description: CVE-2021-33834
-  Usecase: firmware erasing/modification
-  Privileges: kernel
-  OperatingSystem: Windows 11
-Resources:
-- ''
-Acknowledgement:
-  Person: ''
-  Handle: ''
-Detection: []
-KnownVulnerableSamples:
-- Filename: ''
-  MD5: 1f8a9619ab644728ce4cf86f3ad879ea
-  SHA1: 46be4e6cd8117ac13531bff30edcf564f39bcc52
-  SHA256: ce0a4430d090ba2f1b46abeaae0cb5fd176ac39a236888fa363bf6f9fd6036d9
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Insyde Software
-  Description: iscflashx64.sys
-  Product: Insyde Flash Utility 64 bit Driver
-  ProductVersion: 5, 2, 1, 1
-  FileVersion: 5, 2, 1, 1
-  MachineType: AMD64
-  OriginalFilename: iscflashx64.sys
-  Imphash: 31a3c2c72c9a565dc4ba75ef26677569
-  Authentihash:
-    MD5: 89fd5d30f33a1c6c052f9561fae3c6c8
-    SHA1: cc6e7cf720925c3c3206b5089eac0521fac338d0
-    SHA256: 68105d0f74ab436d36a741095d9ac08b8316e926727d59f3fe874395b291615c
-  RichPEHeaderHash:
-    MD5: 3a58b995b412f2da523684e6020016e2
-    SHA1: 0a47041d91ef860f1ae51288847e2d5dfba241a6
-    SHA256: 820ffc66f9ac7817ebf2df3102df2a1d202e3e54ff38dedd766fd1b5b8717be6
-  Sections:
-    .text:
-      Entropy: 6.03892428401328
-      Virtual Size: '0x21c6'
-    init:
-      Entropy: 6.098854011144051
-      Virtual Size: '0x9f9'
-    page:
-      Entropy: 6.22401160507768
-      Virtual Size: '0x80e7'
-    .rdata:
-      Entropy: 4.952595204182577
-      Virtual Size: '0x970'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x399c'
-    .pdata:
-      Entropy: 4.396910354129109
-      Virtual Size: '0x570'
-    INIT:
-      Entropy: 5.122839794345092
-      Virtual Size: '0x362'
-    .rsrc:
-      Entropy: 3.350240716548938
-      Virtual Size: '0x3c0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-01-04 23:43:38'
-  InternalName: InsydeFlash
-  Copyright: Copyright (c) 2015 Insyde Software Corp. All Rights Reserved.
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - _vsnprintf
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmFreeContiguousMemorySpecifyCache
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - ExFreePoolWithTag
-  - RtlCompareMemory
-  - ExAllocatePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmMapLockedPagesSpecifyCache
-  - RtlQueryRegistryValues
-  - ZwCreateFile
-  - ZwClose
-  - ZwWriteFile
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Insyde Software Corp., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=Insyde Software Corp.
-      ValidFrom: '2012-12-28 00:00:00'
-      ValidTo: '2016-01-27 23:59:59'
-      Signature: 19cf4cfe8a901a2d50614d496664fcdaaa80098ec50cec3e3f56a3d08a399d96d13046789c8281a1a9bf1054c79351f73e091664da593dcd39ec4ad7077513b01270666042cb743d4cd2387b61067384d5ed20ee0773e7e61fc1a8a750c3882c6e64ad0f8819b91c19c50708510467ee34ac845fb0a68259e90c7dbef65dcc4b75c72fde8d954ef37d53bba6f00a40e1c85deeb81531772b07232f8e8fe791eac42ab152b5e970c008f14bdec7a7e1ac114bae73ae1ba4f3a525a169f37de670a9447f65653426abb77c6a8b7f91c2d5428a63059129ba94818d3f6cceac0e0790ddb23d56f598e0a9083fc8b92a3b100c0dc1729290ba44fb1538ac4cedf926
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
-      Version: 3
-      TBS:
-        MD5: 768c1a47836a7536fbc50e7be60e65ff
-        SHA1: 569a77bd8a095070b13b75bc81cd0422f746daa3
-        SHA256: d5289c20d1f89ac5000b691627764379d369c68ab7d53425baa8e83f09b5b369
-        SHA384: 92eb214d60e1c7342eb7b4863dd634d364d80494b4090301e872fba4d2efbec2a799d49f0ac9590f8c61e0fb3b905af3
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-Tags:
-- iscflashx64.sys
diff --git a/yaml/999a11ae-ec2b-4863-baa4-1384ec2b7339.yaml b/yaml/999a11ae-ec2b-4863-baa4-1384ec2b7339.yaml
deleted file mode 100644
index b5c74507..00000000
--- a/yaml/999a11ae-ec2b-4863-baa4-1384ec2b7339.yaml
+++ /dev/null
@@ -1,219 +0,0 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
-Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create NalDrv.sys binPath=C:\windows\temp\NalDrv.sys type=kernel
-    && sc.exe start NalDrv.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 999a11ae-ec2b-4863-baa4-1384ec2b7339
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 1789a16d20ca2b55f491ad71848166a2
-    SHA1: 2cbfe4ad0e1231ff3e19c19ca9311d952ce170b7
-    SHA256: 785e87bc23a1353fe0726554fd009aca69c320a98445a604a64e23ab45108087
-  Company: 'Intel Corporation '
-  Copyright: Copyright (C) 2002-2013 Intel Corporation All Rights Reserved.
-  CreationTimestamp: '2013-11-14 08:22:43'
-  Date: ''
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  ExportedFunctions: ''
-  FileVersion: '1.03.0.7 built by: WinDDK'
-  Filename: NalDrv.sys
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetPhysicalAddress
-  - DbgPrint
-  - strncpy
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - RtlInitUnicodeString
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: iQVW64.SYS
-  MD5: 1898ceda3247213c084f43637ef163b3
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: iQVW64.SYS
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.03.0.7
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4521e9ed78c16f8d1e49a1981dfb32eb
-    SHA1: 557230bdf881a5a09523f4b063c81e10594ee183
-    SHA256: 4d270337cbd39f54b308a8b11869c2d85075acb846ce369f90aeceb8dd87782f
-  SHA1: d04e5db5b6c848a29732bfd52029001f23c3da75
-  SHA256: 4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b
-  Sections:
-    .text:
-      Entropy: 6.312074870341971
-      Virtual Size: '0x4615'
-    .rdata:
-      Entropy: 4.765757053328623
-      Virtual Size: '0x7c0'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x5c9ec0'
-    .pdata:
-      Entropy: 4.307215755522235
-      Virtual Size: '0x408'
-    INIT:
-      Entropy: 5.835829282045137
-      Virtual Size: '0x7a8'
-    .rsrc:
-      Entropy: 3.423830950438437
-      Virtual Size: '0x3f8'
-  Signature:
-  - Intel Corporation
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=LAN Access Division, CN=Intel Corporation
-      ValidFrom: '2012-05-17 00:00:00'
-      ValidTo: '2015-05-30 23:59:59'
-      Signature: 285fe626bdcc91182509755ed38bee901a395d2f11b14eb7857cb9b3624afadee423a07cca07804cd51a299716b3bd127c84e6d827dd786b29964aee3b6dd0193d366813ff62ab31f61e2c37bda7a2cd4c19a877cd410dcd066acefa7013e47436b8b4270238dbf631a4907c380f2397eda3a013d8d3d006a15b581edf946d7cc16896d2af8e79981802555b12bb1b177f7e9a85c0c92b8af3d423ecbd858a1aa0d8face738f4f4934b2a0f9654db4cc1e388afad699371e83992bd317de8ae0dce9df2f6de60191af4462eca8a2ba30e8b203b68bff09f4753cfbedbf41a64f1e0cc999f90c83dc3062dd62dd46773f8e93d1051f19a29a97377c1d0bee7f39
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2776ab5cf2d09872f1ad05fbc3f21a87
-      Version: 3
-      TBS:
-        MD5: fa13cce803fbe5b5256430f9bfee76de
-        SHA1: ce566e0c55909bbf2bb0d43280ee78b4ba3d582f
-        SHA256: 7959ee2235998f36a9cdbd9b5ef7759e5846e0eecd7e868c5f042360a25482aa
-        SHA384: 82fcff4effee6971cfc9d0d684d13479eac42b53f23590e0df172e2804ff94abc1fbf0e2b6af0cf05b099fc97cf26789
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2776ab5cf2d09872f1ad05fbc3f21a87
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 55db306bc2be3ff71a6b91fd9db051b8
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- ' https://gist.github.com/k4nfr3/af970e7facb09195e56f2112e1c9549c'
-- https://gist.github.com/k4nfr3/af970e7facb09195e56f2112e1c9549c
-Tags:
-- NalDrv.sys
-Verified: 'TRUE'
diff --git a/yaml/a33de377-d2c2-4c71-98ca-cd0be8d284f9.yaml b/yaml/a33de377-d2c2-4c71-98ca-cd0be8d284f9.yaml
deleted file mode 100644
index 94d3d5fa..00000000
--- a/yaml/a33de377-d2c2-4c71-98ca-cd0be8d284f9.yaml
+++ /dev/null
@@ -1,198 +0,0 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
-Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create BS_I2cIo.sys binPath=C:\windows\temp\BS_I2cIo.sys type=kernel
-    && sc.exe start BS_I2cIo.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: a33de377-d2c2-4c71-98ca-cd0be8d284f9
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: bcc1ae726001fdbabb8159e3b333f3fd
-    SHA1: 7885fb33d8800fa3c036252af70e0a8391ab367d
-    SHA256: 85ac17aec836d5125db7407d2dc3af8e5b01241fea781b2fd55aae796b3912b4
-  Company: BIOSTAR Group
-  Copyright: Copyright (c) 2002-2006 BIOSTAR Group
-  CreationTimestamp: '2008-06-16 00:45:18'
-  Date: ''
-  Description: I/O Interface driver file
-  ExportedFunctions: ''
-  FileVersion: 1, 1, 0, 0
-  Filename: BS_I2cIo.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - IoStartNextPacket
-  - IoReleaseCancelSpinLock
-  - IoAcquireCancelSpinLock
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - KeRemoveEntryDeviceQueue
-  - IofCompleteRequest
-  - IoStartPacket
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - HalSetBusDataByOffset
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: I/O driver
-  MD5: 83601bbe5563d92c1fdb4e960d84dc77
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: BS_I2cIo.sys
-  Product: BIOSTAR I/O driver fle
-  ProductVersion: 1, 1, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 195c2f6f9da1c18b845a8235fb390cd2
-    SHA1: 0c7f02af8aa0a5340fcd1c53a328c6373fef5c03
-    SHA256: e844831f6e05858085e47445dd5d7ea20e3d88f8220209b4098e76f0581f4bf1
-  SHA1: dc55217b6043d819eadebd423ff07704ee103231
-  SHA256: 55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a
-  Sections:
-    .text:
-      Entropy: 5.977257057316772
-      Virtual Size: '0x9d0'
-    .rdata:
-      Entropy: 4.457181754135786
-      Virtual Size: '0x1c8'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.26210477374917
-      Virtual Size: '0x9c'
-    PAGE:
-      Entropy: 4.61606579250549
-      Virtual Size: '0xaa'
-    INIT:
-      Entropy: 5.409774533805617
-      Virtual Size: '0x4c8'
-    .rsrc:
-      Entropy: 3.2773872054400512
-      Virtual Size: '0x408'
-  Signature:
-  - BIOSTAR MICROTECH INT'L CORP
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L CORP,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=BMA;BMG, CN=BIOSTAR
-        MICROTECH INT'L CORP
-      ValidFrom: '2007-10-16 00:00:00'
-      ValidTo: '2010-10-20 23:59:59'
-      Signature: bd6d9abbee60d79e542436d85a6a1ee7cf79e08e0947e5c74d227cdf7e710069e4a5ea9faf821e4e8a98fc8619b24ec41be8cd2d54b65778405c0b1a159184f671bacc976999c08a1df6013408976dbc9ba5dc5001e7da5ca2eef4109b4f57b700d897913a855e00ccf5a96de2b8fa9878e8353e0b7a7753d01cb7b9b47504a9f28629acc9643e4c35f2133362bbfb5adc633501cac7d6553cf553c52998f600043e4030fcc5740ad575b0820f4a0088e77c78e1b5e64b48c2553c362e3a771c2ebe604f28c42db392098e120af5fe67fe7d8b241213f418800a43ecd1759d1c68e54e20cd6ba2cc2ccbb4b189a9a9920b146e8855239a91dd3e01cd640dbadc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4d3675c15944120a97b4ae294ec73245
-      Version: 3
-      TBS:
-        MD5: cbfbaff87f669eacfde92e03144f8153
-        SHA1: d987a82fe339ac9a7cb97d23cd96c11956297c80
-        SHA256: a2317d4c2d54ed475cd9ee6aa1efd246cdbe958ac75890266d97cd031e9506ba
-        SHA384: 4b276b6003eae035fe7da57555f1875f04df1bc81ebc82eb66cbdd9f70edc981060f0445a7759b7d027b3414b36fceb3
-    Signer:
-    - SerialNumber: 4d3675c15944120a97b4ae294ec73245
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 07a513d1599c93bd34f01323b1ef7430
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- ' https://github.com/elastic/protections-artifacts/search?q=VulnDriver'
-- https://github.com/elastic/protections-artifacts/blob/932baf346cc8a743f1963ad3d4565b42ed17bebe/yara/rules/Windows_VulnDriver_Biostar.yar#L30
-- https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- BS_I2cIo.sys
-Verified: 'TRUE'
diff --git a/yaml/a5eb98bf-2133-46e8-848f-a299ea0ddefa.yaml b/yaml/a5eb98bf-2133-46e8-848f-a299ea0ddefa.yaml
deleted file mode 100644
index 5b368b61..00000000
--- a/yaml/a5eb98bf-2133-46e8-848f-a299ea0ddefa.yaml
+++ /dev/null
@@ -1,1068 +0,0 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
-Author: Michael Haag
-CVE:
-- ''
-Category: vulnerable drivers
-Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: a5eb98bf-2133-46e8-848f-a299ea0ddefa
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 9e725819820804fbf377917e9e7a3333
-    SHA1: b0ec7d971da8ae84c0ed8f88a5d46b23996e636c
-    SHA256: 038f39558035292f1d794b7cf49f8e751e8633daec31454fe85cccbea83ba3fb
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-08-20 04:07:22'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: f41f65189b796534d8ef6bf9caa06853
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9f334698254c92ce933257bc672850e4
-    SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
-    SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
-  SHA1: 4d7d514b13de9bd3e9753bf058958e7f03f36983
-  SHA256: 5e238d351e16d4909ca394f1db0326a60d33c9ac7b4d78aefcf17a6d9cc72be9
-  Sections:
-    .text:
-      Entropy: 5.99821129939302
-      Virtual Size: '0x1176'
-    .rdata:
-      Entropy: 4.414177314559514
-      Virtual Size: '0x264'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.4895989621236247
-      Virtual Size: '0xb4'
-    INIT:
-      Entropy: 4.891266027306224
-      Virtual Size: '0x36e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=DE, postalCode=81673, ST=Bayern, L=Mnchen, ??=Tomannweg 6, O=NOVENTI
-        Health SE, CN=NOVENTI Health SE
-      ValidFrom: '2021-03-25 00:00:00'
-      ValidTo: '2024-03-24 23:59:59'
-      Signature: 519d68e4d16da2927761a469f3e722556dc89310e1cc9b215e8992da99d01a265aba54680568e7addbc248e894045a18190d3e05ac35109fbc8518bdf7e68a28e853bff1b2291d84ec03550569a0fa8331c5de89c4c9c47911c902a40cd4772b2086b541a8c57d3a30c05858d717dec7f859c66895ee1bea0b5a9c871a297efed221348320c85aebcda9a210e7f7b3ac88325041ea330fa5ca0cba6ecf07861e3e665c8095df135706b033b38d9567fd9b2c745e3afab8048e7aa41a4b7b0ef7ef39315a98026983b9fa9fe775c15452d18b124890fb9b52db063cbd3dc0d58b3eeb894262c74bd791efe66bf49f071ee4796aa7b3c983b29b05a53c3a0bd507
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 00bae5fa7e148e727ecf4481e69416f9a0
-      Version: 3
-      TBS:
-        MD5: e60d2ebd77b703a3f6628183b0ad1262
-        SHA1: 9e82200e82226ceae142ac8b8cd9580dd585c0c7
-        SHA256: 587d3e589c526256b69c3836ba380c292f11cba42bd7ad847cdb8922d5c0c66a
-        SHA384: 266ef698aa66c7948f7a0f9989e4e086e7821b768ebbe85f439aa3fafccbc5eefbde84ac00ad3a18aeb2777b3a682d42
-    - Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust
-        RSA Certification Authority
-      ValidFrom: '2019-03-12 00:00:00'
-      ValidTo: '2028-12-31 23:59:59'
-      Signature: 188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 3972443af922b751d7d36c10dd313595
-      Version: 3
-      TBS:
-        MD5: 3f5b269ded03667a7bad47c1885062b0
-        SHA1: 0f01247aaf8b46e3617880e0f5f5dfac696ed7a3
-        SHA256: 593e2d49a74023555526aef9b7422b19e5b8b167391b6dee5ed292b1ca23a74c
-        SHA384: 13baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Code Signing CA
-      ValidFrom: '2018-11-02 00:00:00'
-      ValidTo: '2030-12-31 23:59:59'
-      Signature: 4d6350ed47344a61a4dbde6a2a8c9bf100001e1d627b3ad732c2f6b3e063b3fb6100889a1b6d1007044fbeb8ea897822eb0f46ecf3465e40468912f40b775a9c2a413afcd6f4ebe7f7159533c3a18328b7de2fe494f78533832d4a4048bf9ac24f4ab18f24f4b38137d3b764b0a6236a596852425fff04ebe174657908f5a993de6b71409996ba78f1b9c8e2c30816b1ab635ac815806d745e4a757ea5b8c36cb5cfdf4a79875cc7404d6335f630d3cfb50a0e0b047fa04baebba3a5d08400933e535d34a50035696cbe9f2025100d19fb509061be398f7a8e4df69f0e1efe075112668326194895ce4ac9c17ff33a059bf96fdf887fc0239ed21e437a4531c19c4da9f059b25919e86a8d290402777c4b4bcd70be3ab2555a783ebcbb6f0310257715348af936cc4392e4ba4ff1629328255729fb5119c7a125406a8457c6b29db1bc1c0ada7c677e7d2ee9284c187ec47b3141719a4b29ec0b3d5750d2caddfd9e0551e54478dd01deb175980d5424fdf04ee3e2f883bd72bacb3d3aeef05e1792686dc861f9a6f12a0a0ba5b9f49eee983205859eebf98329d3c62c7dbd3a772e8b3742a06a82ed3b4aaa9410a4e10df817c5b65a79331892e3b575f8a1e98e0a251ee41ef19f5a8723ff9fa4519efb398011cddbb5c4a7a8806fe553d4e0e3a2c2d25b1afa32262d6a57701c3ca4582ea3f35b4b07dc3259f387a71a6d58
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 1da248306f9b2618d082e0967d33d36a
-      Version: 3
-      TBS:
-        MD5: c1eabfb5994258ad955adb7c2df165e6
-        SHA1: fa33b3c00cebc469b269220d9eab26926c9b8ad8
-        SHA256: 70dffac37eb787b2198816982c7d44f541d2e39a7dac069d37b367dc9f354b32
-        SHA384: 20adc5b59cb532e215f01ba09a9c745898c206555613512fea7c295ccfd17ced4fe2c5bc3274ca8a270fc68799b8343c
-    Signer:
-    - SerialNumber: 00bae5fa7e148e727ecf4481e69416f9a0
-      Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Code Signing CA
-      Version: 1
-  Imphash: 4c304943af1b07b15a5efa80f17d9b89
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ea34e232fa33735e7ec30ffecd39e9b7
-    SHA1: 89817cfa2603b582c1e9f7f66db5847ec6661b36
-    SHA256: df4566edea7c02e29d7dc56ff3f7da6c1ef846e1063b2805a5180bb0d6db37e8
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-03-06 02:32:52'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmFreeContiguousMemory
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - PsGetVersion
-  - MmIsAddressValid
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - DbgPrint
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapIoSpace
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 304f7b25251e688516aa452411c0d439
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c00cf23e0046a177de4bc1e505e3aab8
-    SHA1: 22294b742e5e9a98ee5cde08bfc7b38bed3b8dfc
-    SHA256: b1ad7c2951f77267f3557f4ac3008b34d24538a221eacb44df3de75b0b4e093f
-  SHA1: 3a2e9523fa861714f1acf76009c2b024aa78ad03
-  SHA256: f06fdfe50ebc8d1d2daf5811b66288563f26a09a2ec9c2a21e2a71ff19756062
-  Sections:
-    .text:
-      Entropy: 6.233864044218723
-      Virtual Size: '0x185e'
-    .rdata:
-      Entropy: 4.19939457022358
-      Virtual Size: '0x234'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.646261220984394
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.080431277889913
-      Virtual Size: '0x3f2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=US, ??=Georgia, ??=Private Organization, serialNumber=J912954, C=US,
-        ST=Georgia, L=Norcross, O=American Megatrends, Inc., CN=American Megatrends,
-        Inc.
-      ValidFrom: '2017-08-30 00:00:00'
-      ValidTo: '2020-09-24 12:00:00'
-      Signature: 5a00ce1b66cc04a3be37c0926957fc54b1f2904c69a3555d90a15e3c7b7133e76583a0fe5c13c21cdddda40e6f0ba958964796abcfbb7fbe4de15a009f80e653556e29cac9d208645b8154f52f6045fa268f6e6b57536f21833f2cc92c5e9a51636cfeaa74f0b8ab80a8649d68c7c46f51a534c0697a426aa37337c7956268f4cdc8d88adbd1aa0cb620abeb7166172e914016c84e00824751b4f7142b54c56b74d578fd97aadda3e8e777ec22c34460a8dc7e0392a9adab018b16699d9ddd7551fd5c5924f3d1ccb9e6ef67ca0ab2107d1abf158add6d42ba18dee5ec35e3445627df4744d71f73ee3a199aaa42993ebaaa7f91f8b6d1b623350744853c1b38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
-      Version: 3
-      TBS:
-        MD5: a5de00a04f3cc5cb19818f21f9dfb050
-        SHA1: ca921c1b360b04765d8eec4edb88438ba7a28049
-        SHA256: 4c8b0e0cfde13478b5bc8b7e58a4b5f0971d324c17fa908b79816e5efa86e10c
-        SHA384: bea7d7bb51b76f219104dd211fec73f9951d47e116bdf3095b28bb02a33b675069ef5c283950f523828fd5434150c71a
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  Imphash: 363922cc73591e60f2af113182414230
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 055ae7ceb7439b6f8de45c1143b8d84b
-    SHA1: e91ea7fece914edc7f398a05bec3fcfb765328bb
-    SHA256: 2ee914c20b3e4a321bcd2ea2f0f437cda6da09dc0819cd6f06960c0567f4cb19
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-06-13 02:41:57'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: cb6173824b31a721e5cf332c75bb2473
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9f334698254c92ce933257bc672850e4
-    SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
-    SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
-  SHA1: 41f2d0f9863bce8920c207b1ef5d3d32b603edef
-  SHA256: fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330
-  Sections:
-    .text:
-      Entropy: 6.001236000314558
-      Virtual Size: '0x1176'
-    .rdata:
-      Entropy: 4.514613046184404
-      Virtual Size: '0x278'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.48065651504342
-      Virtual Size: '0xb4'
-    INIT:
-      Entropy: 4.891266027306224
-      Virtual Size: '0x36e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
-        Megatrends, Inc.
-      ValidFrom: '2010-05-07 00:00:00'
-      ValidTo: '2012-05-06 23:59:59'
-      Signature: 41aa6f714033d64479b8e3492829a9435eeaaa4d4d82b4a95192c18a07ab08afe25582abe5acaea015492a737f7bdd4591fdb50b670888a4d66dae5fc240fbd68276b8264e9f438df308568bbae1a06544acd767d960475aaf62cbce8e8feea6eafd802954e28ecf016620e7686727c6b75ddfb2818317e1e333641aae42d1cf6ec8f95bcc96a647143801547c6b3857323c08b552602724268d3c35569e83368bfed55c81cee51ac4a16db9f81fff47687ad82c20ef5fb7ea9102a43de699caa0b86c1a07b4a4b6f949c28cec24892a74461a0d3f8659f2abfc58818ba2b44393970d08bde058c694a73e335eab3a17df129668db432e2ea659f1f4774a1bdc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
-      Version: 3
-      TBS:
-        MD5: 64f5c20bac3ca9a20857800f4df459c1
-        SHA1: a74a6dc7bbed636d0dd81f4c568e8ba9a1b4f63c
-        SHA256: b719be4421509ea4032925e523e7045900feda002cc27f69031630da48e7c132
-        SHA384: 2ba2a3529dfbfaef4d681335a89d21e7a909249870e12e04e3257a7f76d638ffd5d1318b07525e87e61e9819610b6e64
-    Signer:
-    - SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 4c304943af1b07b15a5efa80f17d9b89
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: f7b9cfa7e07f5c516f65bbe9f7976634
-    SHA1: 40603c7230d74ff33524a11c0b09f9459e7afe91
-    SHA256: 8b4cbd2bc16071a1868597ec86857dba1140f981e3e943b0857341daffff4e69
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-07-23 01:53:08'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmFreeContiguousMemory
-  - MmBuildMdlForNonPagedPool
-  - MmMapIoSpace
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - IoFreeMdl
-  - MmUnmapIoSpace
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 73fc2954829a49fc8eb178b000d10120
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4514064220e4df532f9e1c494dcf525b
-    SHA1: 2c8246e50cf577a458ea6c41dbdbce96b1cd935c
-    SHA256: cf1a7659682ded15bdb0f509de52b3e4aaa2bffb9e19b98208b8615bd9138433
-  SHA1: 4040f6974119ff2486f9a0cbd749ce240cbee2aa
-  SHA256: 26ba58c9af9c8a7aebf222f491f786daa0626be44d34f170fea3623d92828e63
-  Sections:
-    .text:
-      Entropy: 6.111427747435866
-      Virtual Size: '0x111e'
-    .rdata:
-      Entropy: 4.155346525091322
-      Virtual Size: '0x1fc'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.5513818130711634
-      Virtual Size: '0xa8'
-    INIT:
-      Entropy: 5.084386508092528
-      Virtual Size: '0x39e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
-        Megatrends, Inc.
-      ValidFrom: '2012-06-26 00:00:00'
-      ValidTo: '2015-06-26 23:59:59'
-      Signature: 5460beb703f166c9e6162d718f8e007272cb4311c796179a1d9f961bf90afd5019666505230d293cec6536bdeb283d167d4aa10d10e1693a9203ac123052e9a85dd70e698e1d4d27609892c789a423afb9f4db6063873df482e41c4533931ba6e85bf70f6ba1ffeed4dbb4a9d8d64698eca2b119fdb150d1d371cf7bf66f91ee76c743a8da01a13748dcd300def65d094ea4c9298d897e7c2e35c1445445b8570fd3cf14e966c35206d738b2074cc4e1a09e467e4d817a4bb8ba5c4ae69e30682ce55df79f9bc796dc0fc60fba1b5ecca4c3b963e7b666cd1b7eddc0dd4f0f1ec95e1c77aeb4081e4d0e44ff28c243945a6e6e14eaf39b76856e93b0f4843384
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5ba2905d11f5cfbbc53ab21bfd39defe
-      Version: 3
-      TBS:
-        MD5: 5fa5fe411cf2f824dba6ce8c34a7c1a2
-        SHA1: 3c83886e28508f0cf5222ae6e8ffdb874144d42d
-        SHA256: 9a70952ea856e2791bbdfad165dea69c7e57236053401fca97c67f95799efc41
-        SHA384: 485bdb94bb6c9f8bcaea54c102f710d6f5b6b85a77431bed08697ad7c2386db4fc34e8860369fd6ecaa5fc37b8577ecc
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 5ba2905d11f5cfbbc53ab21bfd39defe
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 9943d029b8ce940ac6c9a8ab0737bf35
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8d9eae0e8d075f0ddfaac56869fb4b12
-    SHA1: a6d2266a4e27c71666ce5964570e87a8b0227e91
-    SHA256: 9022cdd52aa3420757d5c16fe61a4fd4d538fe74981ddf3f29de00eb7a3be849
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-07-15 00:02:29'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 28463a6a70f9a686a45934f6559b9b17
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1f44b746a7f3063e2a8fdd3d0d19b55e
-    SHA1: 93c45eb6cc3a19b2a3c714b15e9eaa6460232124
-    SHA256: 07ede27cc723134153668c011d01210e82f50b6d45471edbc77aba4a5c9c5413
-  SHA1: 27661f6a951a7fa031644bdf014e864c4ee6ec76
-  SHA256: 990165725debccea7ca15aa4ed7a0e3a2a25b4a72cb309a27c899bd0e4b5148f
-  Sections:
-    .text:
-      Entropy: 6.012130762301222
-      Virtual Size: '0x1226'
-    .rdata:
-      Entropy: 4.446456569232528
-      Virtual Size: '0x244'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.504567295189878
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.891266027306224
-      Virtual Size: '0x36e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
-        Megatrends, Inc.
-      ValidFrom: '2010-05-07 00:00:00'
-      ValidTo: '2012-05-06 23:59:59'
-      Signature: 41aa6f714033d64479b8e3492829a9435eeaaa4d4d82b4a95192c18a07ab08afe25582abe5acaea015492a737f7bdd4591fdb50b670888a4d66dae5fc240fbd68276b8264e9f438df308568bbae1a06544acd767d960475aaf62cbce8e8feea6eafd802954e28ecf016620e7686727c6b75ddfb2818317e1e333641aae42d1cf6ec8f95bcc96a647143801547c6b3857323c08b552602724268d3c35569e83368bfed55c81cee51ac4a16db9f81fff47687ad82c20ef5fb7ea9102a43de699caa0b86c1a07b4a4b6f949c28cec24892a74461a0d3f8659f2abfc58818ba2b44393970d08bde058c694a73e335eab3a17df129668db432e2ea659f1f4774a1bdc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
-      Version: 3
-      TBS:
-        MD5: 64f5c20bac3ca9a20857800f4df459c1
-        SHA1: a74a6dc7bbed636d0dd81f4c568e8ba9a1b4f63c
-        SHA256: b719be4421509ea4032925e523e7045900feda002cc27f69031630da48e7c132
-        SHA384: 2ba2a3529dfbfaef4d681335a89d21e7a909249870e12e04e3257a7f76d638ffd5d1318b07525e87e61e9819610b6e64
-    Signer:
-    - SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 4c304943af1b07b15a5efa80f17d9b89
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 87f85bfe34bc87a88c131a034dc171ba
-    SHA1: 169d8790ec6c0415b111411faf36c9e2626c3e98
-    SHA256: 7ccc32e11372896cc01d7780e1176ed6fedd17f846001bc3bf78699e4448105f
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2008-05-23 01:59:34'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: b15a6de1b4a01c73a16f158c2b6b979f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9f334698254c92ce933257bc672850e4
-    SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
-    SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
-  SHA1: a0e95166bb6f80ef56cd645717d93174e47b750a
-  SHA256: 7c942801884999057aabdc01707570371afdb077979ee2f318c05276123b78e7
-  Sections:
-    .text:
-      Entropy: 6.003768789888146
-      Virtual Size: '0x1186'
-    .rdata:
-      Entropy: 4.392959551890208
-      Virtual Size: '0x29c'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.5078933972637767
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.8944037123884145
-      Virtual Size: '0x36e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
-        Megatrends, Inc.
-      ValidFrom: '2006-09-30 00:00:00'
-      ValidTo: '2009-11-16 23:59:59'
-      Signature: 7cb6b8f10c441fc01d130c6ae39a287be5cb175f02ae6c214f0034c77f262006f866180e4db8619079a50fef4fde71927b061ef79f3d0e1be1bba040afd81f202bb10892ce7a0549506158a1d15067dd7a82488cc4bd2c3f408ee928c85117ee0d080d9dc24b571b5d75e3ef1e87d3d6b755ab6f9c07ff92e3b2d515ab1219424bf288aed36595d534d91b905b80378c02bd470dd0fb8150888cd0ac3c98cd62becd7c274469167be833f226b05b822d875efa40863faa10e358edd17e3f4d1ee7d62590d1d3e26e9c953be9e1d9a309990e0bb9c06cdfaa89f7b021aaa8d933440d432eab2e7676bda57841b3e7a8933da8b1e047e9cde29ea89b62b4eb48b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
-      Version: 3
-      TBS:
-        MD5: 960327b70b290ec28fa2e85cbb7a41fa
-        SHA1: a2ac59e0c82196d6661212232bd3bcf0588e40ea
-        SHA256: 8bb26b4dc7c105fd9cdd0604cedbf3647a700dc4ddadcad839d8e27312253e73
-        SHA384: 7cfe0dfecc1d1abfa204d28c446f706736b73a35cb37e4c2a40c7f3b68eef14ebfb665a6f23e3c0413cd8caf5979607e
-    Signer:
-    - SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 4c304943af1b07b15a5efa80f17d9b89
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: f7b9cfa7e07f5c516f65bbe9f7976634
-    SHA1: 40603c7230d74ff33524a11c0b09f9459e7afe91
-    SHA256: 8b4cbd2bc16071a1868597ec86857dba1140f981e3e943b0857341daffff4e69
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-07-23 01:53:08'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmFreeContiguousMemory
-  - MmBuildMdlForNonPagedPool
-  - MmMapIoSpace
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - IoFreeMdl
-  - MmUnmapIoSpace
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 6b53c79248a6699da703c4c3ff9d4a7e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4514064220e4df532f9e1c494dcf525b
-    SHA1: 2c8246e50cf577a458ea6c41dbdbce96b1cd935c
-    SHA256: cf1a7659682ded15bdb0f509de52b3e4aaa2bffb9e19b98208b8615bd9138433
-  SHA1: 61ec6cb5de378948ef036ff627c87c32f7308bad
-  SHA256: 3972159a58fd04da06f648c3828648cf394d3eb6af89538166cae8e6184c3eb6
-  Sections:
-    .text:
-      Entropy: 6.111427747435866
-      Virtual Size: '0x111e'
-    .rdata:
-      Entropy: 4.155346525091322
-      Virtual Size: '0x1fc'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.5513818130711634
-      Virtual Size: '0xa8'
-    INIT:
-      Entropy: 5.084386508092528
-      Virtual Size: '0x39e'
-  Signature: ''
-  Signatures: {}
-  Imphash: 9943d029b8ce940ac6c9a8ab0737bf35
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9e725819820804fbf377917e9e7a3333
-    SHA1: b0ec7d971da8ae84c0ed8f88a5d46b23996e636c
-    SHA256: 038f39558035292f1d794b7cf49f8e751e8633daec31454fe85cccbea83ba3fb
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-08-20 04:07:22'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 5f463e27d90035be365077d1d1ebb3d7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9f334698254c92ce933257bc672850e4
-    SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
-    SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
-  SHA1: 7019169a8348050774aa49a0e31c3670ee867277
-  SHA256: 3482f671cb1b6414e43ab2c9bccc94c1fba67ceac6e9831249f18f31ad68880c
-  Sections:
-    .text:
-      Entropy: 5.99821129939302
-      Virtual Size: '0x1176'
-    .rdata:
-      Entropy: 4.414177314559514
-      Virtual Size: '0x264'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.4895989621236247
-      Virtual Size: '0xb4'
-    INIT:
-      Entropy: 4.891266027306224
-      Virtual Size: '0x36e'
-  Signature: ''
-  Signatures: {}
-  Imphash: 4c304943af1b07b15a5efa80f17d9b89
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- amifldrv64.sys
-Verified: 'TRUE'
diff --git a/yaml/a7775cbe-624b-4b04-b74f-969f77c2ac02.yaml b/yaml/a7775cbe-624b-4b04-b74f-969f77c2ac02.yaml
deleted file mode 100644
index 0b56c635..00000000
--- a/yaml/a7775cbe-624b-4b04-b74f-969f77c2ac02.yaml
+++ /dev/null
@@ -1,263 +0,0 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
-Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create viragt64.sys binPath=C:\windows\temp\viragt64.sys type=kernel
-    && sc.exe start viragt64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: a7775cbe-624b-4b04-b74f-969f77c2ac02
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 68a2f77cfa5aec4556b4276852be637f
-    SHA1: 0188096c79f0cdde9233e52d4117c0f53e667e3d
-    SHA256: 54e969dc477af9a3e5b53dc4edaebc41a7b73c87ecca13dc1fbb8dfc86c0fd78
-  Company: TG Soft S.a.s.
-  Copyright: Copyright (C) TG Soft S.a.s. 2011, 2016 - www.tgsoft.it
-  CreationTimestamp: '2016-09-07 02:36:15'
-  Date: ''
-  Description: VirIT Agent System
-  ExportedFunctions: ''
-  FileVersion: 1, 0, 0, 11
-  Filename: viragt64.sys
-  ImportedFunctions:
-  - mbstowcs
-  - ExAllocatePoolWithTag
-  - KeSetTargetProcessorDpc
-  - ZwCreateKey
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - RtlAnsiStringToUnicodeString
-  - ZwReadFile
-  - strstr
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - RtlInitAnsiString
-  - ZwSetValueKey
-  - _strupr
-  - KeInitializeDpc
-  - ZwQuerySystemInformation
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - ZwSetInformationFile
-  - KeReleaseMutex
-  - KeDelayExecutionThread
-  - ZwCreateFile
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - ExSystemTimeToLocalTime
-  - ZwQueryValueKey
-  - PsTerminateSystemThread
-  - KeInsertQueueDpc
-  - ZwEnumerateValueKey
-  - ZwClose
-  - sprintf
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlTimeToTimeFields
-  - MmProbeAndLockPages
-  - ZwOpenProcess
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - ZwTerminateProcess
-  - KeNumberProcessors
-  - ZwQueryInformationFile
-  - MmIsNonPagedSystemAddressValid
-  - ZwWriteFile
-  - ZwDeleteKey
-  - RtlFormatCurrentUserKeyPath
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - ZwOpenKey
-  - ObOpenObjectByName
-  - swprintf
-  - RtlUnicodeStringToAnsiString
-  - ZwOpenDirectoryObject
-  - IoFileObjectType
-  - IoDriverObjectType
-  - ZwQueryDirectoryObject
-  - wcstombs
-  - KeQueryActiveProcessors
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - ExQueueWorkItem
-  - __C_specific_handler
-  - __chkstk
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: viragt.sys
-  MD5: 43830326cd5fae66f5508e27cbec39a0
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: viragt64.sys
-  Product: VirIT Agent System
-  ProductVersion: 1, 0, 0, 11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a93c261e407f22e8e9e11096ef7669a4
-    SHA1: 579ea1a06578ca54a9b86ccfa3c06b3be01831bf
-    SHA256: b566c96b0a5ca93fe5cdd066966b85657108a1cc6eadb0b683932c781d3a3510
-  SHA1: 05c0c49e8bcf11b883d41441ce87a2ee7a3aba1d
-  SHA256: 58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495
-  Sections:
-    .text:
-      Entropy: 6.38698919148908
-      Virtual Size: '0xd05a'
-    .rdata:
-      Entropy: 4.97390475614417
-      Virtual Size: '0xc58'
-    .data:
-      Entropy: 0.9258397206248276
-      Virtual Size: '0x3960'
-    .pdata:
-      Entropy: 4.385772691209427
-      Virtual Size: '0x36c'
-    INIT:
-      Entropy: 5.1732274398336635
-      Virtual Size: '0x842'
-    .rsrc:
-      Entropy: 3.313751980383981
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 2.2971855943665056
-      Virtual Size: '0x14c'
-  Signature:
-  - TG Soft S.a.s. Di Tonello Gianfranco e C.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco e
-        C., CN=TG Soft S.a.s. Di Tonello Gianfranco e C.
-      ValidFrom: '2016-01-20 00:00:00'
-      ValidTo: '2019-03-11 23:59:59'
-      Signature: 629f1e9a0f9ce5d38b9d6a8dd11af5b17d415d1891039677a3bc1ead43fdf569a403413d461fcfd48f76688244a7a7115e5408682f43319e9526d6dce0fd8ec4a0599331dc94ed2bb68aca4d58e63472587d17cea864ff3cf9ce209f122d904dfafb0db7cab4648b5b903922150f153a527764236b0222d9c1d51ff9631b87fba8b7b079b2ec5839af1be2c721dcebfa5dba429157f785d3a4929c785422ea5d2dacdc68dd1b3ca98c81aba0d7e232fefa7065e861fe51480983ed865dad87663c3a8c505c047ac1b6983917657497403bd7d0df0c71860aa2bec36b1954b1d2dc987e20e71c193f1e59a627c8d6a345b8f7e9b21f0841636672190217727209
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7380a219373c43f82746ddf3ed55eaea
-      Version: 3
-      TBS:
-        MD5: 7ce1cf724ff7a2f7a8a062ec56732b01
-        SHA1: 744e935b56e4974671931f3cbf233d10e95f63bc
-        SHA256: f091c42ab9e8f450b435dfb1e09109137a0b578737cd49d1f5a1259b5ed44d8c
-        SHA384: d7b3f6cd2bb4fa23da07031f240e9e7195f211d2a96f3d6aa24c9eb67781ec0418b45024538a7235d0e336b2d47fbc07
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 7380a219373c43f82746ddf3ed55eaea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 85fd19df117fbc21efbcb1d587063e12
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- ' https://github.com/elastic/protections-artifacts/search?q=VulnDriver'
-- https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- viragt64.sys
-Verified: 'TRUE'
diff --git a/yaml/ad21819d-3080-4fe2-89b1-74385031fb4d.yaml b/yaml/ad21819d-3080-4fe2-89b1-74385031fb4d.yaml
deleted file mode 100644
index 1670b554..00000000
--- a/yaml/ad21819d-3080-4fe2-89b1-74385031fb4d.yaml
+++ /dev/null
@@ -1,223 +0,0 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
-Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create ATSZIO64.sys binPath=C:\windows\temp\ATSZIO64.sys type=kernel
-    && sc.exe start ATSZIO64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: ad21819d-3080-4fe2-89b1-74385031fb4d
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 69a92cb6ac87c99f10b24eefa13f0b10
-    SHA1: b66bf2b1b07f8f2bab1418131ae66b0a55265f73
-    SHA256: 0ff8bcc7f938ec71ee33fbe089d38e40a8190603558d4765c47b1b09e1dd764a
-  Company: ASUSTek Computer Inc.
-  Copyright: Copyright (C) 2012
-  CreationTimestamp: '2014-09-18 06:04:29'
-  Date: ''
-  Description: ATSZIO Driver
-  ExportedFunctions: ''
-  FileVersion: 0.2.1.7
-  Filename: ATSZIO64.sys
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoCreateSynchronizationEvent
-  - KeSetEvent
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - DbgPrint
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ATSZIO.sys
-  MD5: b12d1630fd50b2a21fd91e45d522ba3a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ATSZIO.sys
-  Product: ATSZIO Driver
-  ProductVersion: 0.2.1.7
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5633aed816ac7f25c13e7f4286ee4097
-    SHA1: 65f5dfbb3adcd40e7bdac184b5f599df9317377a
-    SHA256: 63b956b0064047af48cfdc479899aa30c5f0c2944c96e6ad03e3c26171d83147
-  SHA1: 490109fa6739f114651f4199196c5121d1c6bdf2
-  SHA256: 01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece
-  Sections:
-    .text:
-      Entropy: 5.55616133376499
-      Virtual Size: '0x5d4'
-    .rdata:
-      Entropy: 3.9257359466643256
-      Virtual Size: '0x2ec'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.305451172213043
-      Virtual Size: '0x60'
-    PAGE:
-      Entropy: 6.205978336553792
-      Virtual Size: '0xcfe'
-    INIT:
-      Entropy: 5.6051981124019505
-      Virtual Size: '0x5dc'
-    .rsrc:
-      Entropy: 3.2691875406923323
-      Virtual Size: '0x330'
-    .reloc:
-      Entropy: 1.584962500721156
-      Virtual Size: '0xc'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2012-07-31 00:00:00'
-      ValidTo: '2015-08-03 23:59:59'
-      Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Version: 3
-      TBS:
-        MD5: 72cafb0a175f0481177fa2c9803283c7
-        SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
-        SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
-        SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: b19743993dc7f1d48b2a86fe9b9c91e3
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- ' https://github.com/elastic/protections-artifacts/search?q=VulnDriver'
-- https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- ATSZIO64.sys
-Verified: 'TRUE'
diff --git a/yaml/bd7e78db-6fd0-4694-ac38-dbf5480b60b9.yaml b/yaml/bd7e78db-6fd0-4694-ac38-dbf5480b60b9.yaml
deleted file mode 100644
index 3022d733..00000000
--- a/yaml/bd7e78db-6fd0-4694-ac38-dbf5480b60b9.yaml
+++ /dev/null
@@ -1,1485 +0,0 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
-Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create AsIO.sys binPath=C:\windows\temp\AsIO.sys type=kernel &&
-    sc.exe start AsIO.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection: []
-Id: bd7e78db-6fd0-4694-ac38-dbf5480b60b9
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 9fd03554246c6c74c232919c680d7be8
-    SHA1: b25550309c902a21b03367ae27694c5a29b891b5
-    SHA256: c3e3719ca592ba65a67f594ec1a08d0d7ad724b088be77d48cb33627c56f4614
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2010-06-27 23:19:38'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: AsIO.sys
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 1dc94a6a82697c62a04e461d7a94d0b0
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ASUSTeK Computer Inc.
-  RichPEHeaderHash:
-    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
-    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
-    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
-  SHA1: b97a8d506be2e7eaa4385f70c009b22adbd071ba
-  SHA256: 2da330a2088409efc351118445a824f11edbe51cf3d653b298053785097fe40e
-  Sections:
-    .text:
-      Entropy: 6.108859458208728
-      Virtual Size: '0xd86'
-    .rdata:
-      Entropy: 4.337980114178664
-      Virtual Size: '0x188'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.2608964358708645
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.571215641554434
-      Virtual Size: '0x24a'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2009-08-03 00:00:00'
-      ValidTo: '2012-08-03 23:59:59'
-      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Version: 3
-      TBS:
-        MD5: a8e2727ca2cb8705c02aaef015feb372
-        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
-        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
-        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
-    Signer:
-    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: b4b90c1b054ebe273bff4b2fd6927990
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7bb2dcc29ba50372d08fea800c190f09
-    SHA1: e5c090903a20744ba3583a8ea684d035e8cecc34
-    SHA256: 9dcfd796e244d0687cc35eac9538f209f76c6df12de166f19dbc7d2c47fb16b3
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-08-22 03:54:47'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: AsIO.sys
-  ImportedFunctions:
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwClose
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 798de15f187c1f013095bbbeb6fb6197
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ASUSTeK Computer Inc.
-  RichPEHeaderHash:
-    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
-    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
-    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
-  SHA1: 92f251358b3fe86fd5e7aa9b17330afa0d64a705
-  SHA256: 436ccab6f62fa2d29827916e054ade7acae485b3de1d3e5c6c62d3debf1480e7
-  Sections:
-    .text:
-      Entropy: 6.1181571322303645
-      Virtual Size: '0xd66'
-    .rdata:
-      Entropy: 4.313686441268313
-      Virtual Size: '0x188'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.3006321366120503
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.548019208277369
-      Virtual Size: '0x24a'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2012-07-31 00:00:00'
-      ValidTo: '2015-08-03 23:59:59'
-      Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Version: 3
-      TBS:
-        MD5: 72cafb0a175f0481177fa2c9803283c7
-        SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
-        SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
-        SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: d7de998e454f947f62d4a6b66490563b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 1e97ead4c5049f8fefe2b72edd5fa90e
-    SHA1: 2a95f882dd9bafcc57f144a2708a7ec67dd7844c
-    SHA256: 7f75d91844b0c162eeb24d14bcf63b7f230e111daa7b0a26eaa489eeb22d9057
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2010-08-02 20:47:59'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: AsIO.sys
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 1392b92179b07b672720763d9b1028a5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ASUSTeK Computer Inc.
-  RichPEHeaderHash:
-    MD5: 058831031bc182e09fd9501e62a8c8ce
-    SHA1: 23c55978de25c037af392054d26cc72818ee3a60
-    SHA256: 7890a60d1090102ce6bb8cacac02b827a9edbbdf8ec13c022a9170b0ee036c43
-  SHA1: 8b6aa5b2bff44766ef7afbe095966a71bc4183fa
-  SHA256: b4d47ea790920a4531e3df5a4b4b0721b7fea6b49a35679f0652f1e590422602
-  Sections:
-    .text:
-      Entropy: 6.128485959548185
-      Virtual Size: '0x10fc'
-    .rdata:
-      Entropy: 4.469326855336564
-      Virtual Size: '0x1a0'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.3216749799000778
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 4.5288929688981066
-      Virtual Size: '0x24a'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2009-08-03 00:00:00'
-      ValidTo: '2012-08-03 23:59:59'
-      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Version: 3
-      TBS:
-        MD5: a8e2727ca2cb8705c02aaef015feb372
-        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
-        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
-        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
-    Signer:
-    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: b4b90c1b054ebe273bff4b2fd6927990
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9e7fb1f3c75f1f5e6769813c545643fc
-    SHA1: 86f07797273b7f0e0805d2add8c1a0be116eb88c
-    SHA256: 191689c53195dbe828f406b206cb167dcd4671ecdab32b80e01c885f706a6baf
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2010-08-23 19:53:02'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: AsIO.sys
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: fef9dd9ea587f8886ade43c1befbdafe
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ASUSTeK Computer Inc.
-  RichPEHeaderHash:
-    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
-    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
-    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
-  SHA1: af6e1f2cfb230907476e8b2d676129b6d6657124
-  SHA256: dde6f28b3f7f2abbee59d4864435108791631e9cb4cdfb1f178e5aa9859956d8
-  Sections:
-    .text:
-      Entropy: 6.107404762164129
-      Virtual Size: '0xd86'
-    .rdata:
-      Entropy: 4.358520944651229
-      Virtual Size: '0x188'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.2608964358708645
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.571215641554434
-      Virtual Size: '0x24a'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2009-08-03 00:00:00'
-      ValidTo: '2012-08-03 23:59:59'
-      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Version: 3
-      TBS:
-        MD5: a8e2727ca2cb8705c02aaef015feb372
-        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
-        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
-        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
-    Signer:
-    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: b4b90c1b054ebe273bff4b2fd6927990
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 9f79edf758e219929902ec7564e0f435
-    SHA1: c92148d0666f2235500805975be79738b84e48c2
-    SHA256: 19c74ea0e0baf04820e5642bd2fa224158801ed966be1041539e3c55bd65c471
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-04-06 01:21:08'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ZwClose
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 517d484bdbad4637188ec7a908335b86
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: 2207cdee7deaba1492ae2349392864f19eb4dfaf
-  SHA256: db73b0fa032be22405fa0b52fbfe3b30e56ac4787e620e4854c32668ae43bc33
-  Sections:
-    .text:
-      Entropy: 6.140846081676954
-      Virtual Size: '0xca6'
-    .rdata:
-      Entropy: 4.362536233544753
-      Virtual Size: '0x170'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.245354266022441
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.455848230056508
-      Virtual Size: '0x204'
-  Signature: ''
-  Signatures: {}
-  Imphash: 12befc0a82dcb0585359d335ed47af19
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7bb2dcc29ba50372d08fea800c190f09
-    SHA1: e5c090903a20744ba3583a8ea684d035e8cecc34
-    SHA256: 9dcfd796e244d0687cc35eac9538f209f76c6df12de166f19dbc7d2c47fb16b3
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-08-22 03:54:47'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwClose
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: b2e4e588ce7b993cc31c18a0721d904d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
-    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
-    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
-  SHA1: a714a2a045fa8f46d0165b78fe3eecf129c1de3a
-  SHA256: 707b4b5f5c4585156d8a4d8c39cf26729f5ad05d7f77b17f48e670e808e3e6a0
-  Sections:
-    .text:
-      Entropy: 6.1181571322303645
-      Virtual Size: '0xd66'
-    .rdata:
-      Entropy: 4.313686441268313
-      Virtual Size: '0x188'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.3006321366120503
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.548019208277369
-      Virtual Size: '0x24a'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2014-12-19 19:27:34'
-      ValidTo: '2016-03-19 19:27:34'
-      Signature: 9c8895d0b78e2fb9a8fff5d730270c52de3a7ead8c7e649a21d81298c0a56bed1fb109217ae8b55a5c3a4334ee73203e5d44c03ef843ef2b93621369e7079513d72985c1143d04b5f342dc3a92f554bd1a8a58943c177dda5dd7c3e5280891583cd251dac090051e36faa455e751498657c06ff9f886e6d431b498fce1ea596e21d8bc45c8ad97e2376158c2d18a1f1daaa694fd736ab959c8980358f5f83ccf340fc6594ddeb60587c567e7167ea1129a81f536222046cdde2706e30d6f2fb3b9984bace9f40afe2473a4b4ee4e1fb799259ba41101e08b546d55b55ecd52f10296d5ad0dadeba22cf7c250d5f029457c15f95dee91af4ee7ee0ed6f67ff4fc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000001dc31a761624754f8000000000001d
-      Version: 3
-      TBS:
-        MD5: df2a0bc442ef65cd9973329be21c642f
-        SHA1: d13bcda797c6b986a1a45b7ce9184e87ba0f994c
-        SHA256: 41718d172e45eaa02ec88494587672cf50f96a310aebc5b49a66c0adae99edc5
-        SHA384: db7864a35b468726f3d431e07825ae860ddb0d6250b3bd8906f1b0ff98ce7b4c563c73288b01ec8f1ec5a2a06f31bc40
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 330000001dc31a761624754f8000000000001d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: d7de998e454f947f62d4a6b66490563b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 5b13f61ef5173aaea45b31d934fa2b37
-    SHA1: 55ab7e27412eca433d76513edc7e6e03bcdd7eda
-    SHA256: c1b41d6b91448e2409bb2f4fbf4aeb952adf373d0decc9d052277b89ba401407
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-08-03 01:02:32'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - READ_REGISTER_UCHAR
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - WRITE_REGISTER_USHORT
-  - KeQuerySystemTime
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - KeDelayExecutionThread
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - WRITE_REGISTER_ULONG
-  - IoDeleteDevice
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - HalTranslateBusAddress
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 9d8cb58b9a9e177ddd599791a58a654d
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1dca2593c812b9d1ad59cd6c601d9984
-    SHA1: ed8d9ab054b6e3b43e55dff40654162d6abc6657
-    SHA256: 332168c7827fb42ec1ee5e08f64bb7273db098da638241b85585b8daf24ba5fb
-  SHA1: e4e40032376279e29487afc18527804dce792883
-  SHA256: b3e645e8817696fa5d5e2255f9328f3b6a2e5fce91737f4d654ff155dc9851e5
-  Sections:
-    .text:
-      Entropy: 6.1960789663995905
-      Virtual Size: '0x872'
-    .rdata:
-      Entropy: 2.808152433711106
-      Virtual Size: '0xc4'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.208673110075946
-      Virtual Size: '0x2f0'
-    .reloc:
-      Entropy: 3.9280891177162527
-      Virtual Size: '0x92'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2009-08-03 00:00:00'
-      ValidTo: '2012-08-03 23:59:59'
-      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Version: 3
-      TBS:
-        MD5: a8e2727ca2cb8705c02aaef015feb372
-        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
-        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
-        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
-    Signer:
-    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: b0e74761cced2dde5173ae05ec562085
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4fcf3854e63dee328f9deefa6ce069cb
-    SHA1: d569d4bab86e70efbcdfdac9d822139d6f477b7c
-    SHA256: 80599708ce61ec5d6dcfc5977208a2a0be2252820a88d9ba260d8cdf5dc7fbe4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-12-21 01:55:21'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - READ_REGISTER_UCHAR
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeQuerySystemTime
-  - KeDelayExecutionThread
-  - IofCompleteRequest
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - DbgPrint
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - WRITE_REGISTER_USHORT
-  - IoDeleteDevice
-  - WRITE_REGISTER_ULONG
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - HalTranslateBusAddress
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - READ_PORT_USHORT
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 663f2fb92608073824ee3106886120f3
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b39d8b5610182849a95fa415c9786274
-    SHA1: 47e24c8d5f1687b4811c2267b1519e4f53576005
-    SHA256: bde1051ba0a00c5223e7850f91b66678c6236ab82415e73114502cd4e9e2bef8
-  SHA1: 470633a3a1e1b1f13c3f6c5192ce881efd206d7c
-  SHA256: 41765151df57125286b398cc107ff8007972f4653527f876d133dac1548865d6
-  Sections:
-    .text:
-      Entropy: 6.41894248761542
-      Virtual Size: '0xcac'
-    .rdata:
-      Entropy: 2.710450233592338
-      Virtual Size: '0xd4'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.25231831216104
-      Virtual Size: '0x300'
-    .reloc:
-      Entropy: 4.575666038623564
-      Virtual Size: '0xcc'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2006-06-27 00:00:00'
-      ValidTo: '2007-07-16 23:59:59'
-      Signature: 3e9083070ad85eabc973807c097269557b889eba86f794582fdc292452dcb7f8bcc45cd4743a1f6fb1b4a2186c7be5c62cea2cfa8d7a8cf6b343ddd3da952369aeea7cdbb7fb2d0c172e9bd3f834d838e598760aa04f073962665cce0382d2f549978ec5b9b3d039eddfb4c4b3403f5a7ba908e6523bd44e39705deee334eb3d4dba63ac71da30b5a6a3c9bde15f52b39732144d7e59acae08622c5f78f0097899265af6be9d1f1b868e500fca79fe967ddd6d777597d52c201210d4903c6929e59ca804518364ab1f75925a99b70591290cab0f4c079392a985797cc99b1fc87cf7237ec4ce715abd07f108e320e42c327d305be93dde94161251414fc46516
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 284649f592786c4851c1138e364185ae
-      Version: 3
-      TBS:
-        MD5: 2fc1a78b4874ed1ac403284a5d4084fb
-        SHA1: 9ae9b025b3a9ebfacdf55104f3fc1c143457a296
-        SHA256: 9ffd439139209f1a084cb30cd791558dc266265405f7c5c7444c5a941ff0c004
-        SHA384: 656817a3d8aa52cdc8fbff1dcb0ef1f07ea93f0c6b82067d7c6c5f68a125dc3b50f88974a66d59ecc5b996ca5e55eaa1
-    Signer:
-    - SerialNumber: 284649f592786c4851c1138e364185ae
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: f4c5b0399665885a7dd34f7cdbbc586f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 09e04d9a1ba63e4db9e4b55a00d5050d
-    SHA1: 61e1b497a5df0797527d6d465a8f315a82ad35eb
-    SHA256: 739c11fdb8673ab5b78f1a874daf5ba3faddb7910a6d4e0cc49abd8b8537333f
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-08-03 01:03:16'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ZwClose
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: a82c01606dc27d05d9d3bfb6bb807e32
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: 1951ae94c6ee63fa801208771b5784f021c70c60
-  SHA256: ce231637422709d927fb6fa0c4f2215b9c0e3ebbd951fb2fa97b8e64da479b96
-  Sections:
-    .text:
-      Entropy: 6.1423523697958835
-      Virtual Size: '0xca6'
-    .rdata:
-      Entropy: 4.447540499473679
-      Virtual Size: '0x178'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.2844547164673656
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.455848230056508
-      Virtual Size: '0x204'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2009-08-03 00:00:00'
-      ValidTo: '2012-08-03 23:59:59'
-      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Version: 3
-      TBS:
-        MD5: a8e2727ca2cb8705c02aaef015feb372
-        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
-        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
-        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
-    Signer:
-    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 12befc0a82dcb0585359d335ed47af19
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7bb2dcc29ba50372d08fea800c190f09
-    SHA1: e5c090903a20744ba3583a8ea684d035e8cecc34
-    SHA256: 9dcfd796e244d0687cc35eac9538f209f76c6df12de166f19dbc7d2c47fb16b3
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-08-22 03:54:47'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwClose
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 94cdf2cf363be5a8749670bea4db65cd
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
-    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
-    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
-  SHA1: 96523f72e4283f9816d3da8f2270690dd1dd263e
-  SHA256: 20e52e0d7f579dc6884cc6e80266fddceda69ea5fdd0b095c0874b0d877e48a2
-  Sections:
-    .text:
-      Entropy: 6.1181571322303645
-      Virtual Size: '0xd66'
-    .rdata:
-      Entropy: 4.313686441268313
-      Virtual Size: '0x188'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.3006321366120503
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.548019208277369
-      Virtual Size: '0x24a'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW, L=Taipei
-        City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
-      ValidFrom: '2019-01-08 00:00:00'
-      ValidTo: '2022-01-11 12:00:00'
-      Signature: 084206939546981ffc713f3c3e53c49e5336fc644a0afef36e591fd0aa4ad0ae00b4d3b3939a7a19fbfaa95947c169841788886a96482e731770a4f932c19b90ec34bb3fcaf883ca940c960043e8ff31fefb05791bf1be967b527c147f8b834b0bed7c6ded0877736ffffdc8a9f17f34e7f9cbb64f08cb20c98f56c617a31ec6f02a7aa632d6161ff02a62cc491fc8577442352a03f15a03a10408f9247f5ca176f2c928226a1b3cc9ae2a474ed46e26b38d8b57b740b1e9e1420c9a978d1469ae9710186a2d94558b493617806688c5418c386d09552da2a9757fd75f16640c53331595c49077ad2a7e46662c9ce77f612faa06b8968887d9e27c6679898bdf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 073501671dc61bf273a6daec906e40a5
-      Version: 3
-      TBS:
-        MD5: 40e2b5ee26c4990c33a5e669c600b8a3
-        SHA1: 30796f70d4552dd84ee58219d9f61df8c22bec18
-        SHA256: 3062c7ba0949c3e882ca9cc23a60b9e4e742c7e2e1d4c3a63b893019189dba13
-        SHA384: e215473c05b611248331b3b259cc483a94c2d830fa63a5b6e08d1e52b06d360ebd30519a73f6ffcf79be880975e94738
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 073501671dc61bf273a6daec906e40a5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  Imphash: d7de998e454f947f62d4a6b66490563b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3824dd56459d29ffc5d4bb51d7123778
-    SHA1: 5a7dd0da0aee0bdedc14c1b7831b9ce9178a0346
-    SHA256: 92edd48dfac025d4069eb6491b9730d9d131b77cceaa480af9b3c32bc8c5e3a9
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-08-22 03:54:43'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - WRITE_REGISTER_ULONG
-  - MmAllocateContiguousMemory
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - WRITE_REGISTER_USHORT
-  - WRITE_REGISTER_UCHAR
-  - READ_REGISTER_ULONG
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_UCHAR
-  - KeQuerySystemTime
-  - MmGetPhysicalAddress
-  - KeDelayExecutionThread
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - HalTranslateBusAddress
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 272446de15c63095940a3dad0b426f21
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 432a6583ab7bafb3773874586c68db85
-    SHA1: bb0833dab5efdcbfcad58fe4e9a35fc31de53442
-    SHA256: 1dffaf610cdef8285f0794d34bc503106b06dbe14d99da734436265b9461f6c9
-  SHA1: 7eb34cc1fcffb4fdb5cb7e97184dd64a65cb9371
-  SHA256: 52a90fd1546c068b92add52c29fbb8a87d472a57e609146bbcb34862f9dcec15
-  Sections:
-    .text:
-      Entropy: 6.23937613305102
-      Virtual Size: '0x8ad'
-    .rdata:
-      Entropy: 4.36827815837928
-      Virtual Size: '0xe7'
-    .data:
-      Entropy: 1.311278124459133
-      Virtual Size: '0x10'
-    INIT:
-      Entropy: 5.344545644500133
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 3.6862767817925604
-      Virtual Size: '0xc6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2014-12-19 19:27:34'
-      ValidTo: '2016-03-19 19:27:34'
-      Signature: 9c8895d0b78e2fb9a8fff5d730270c52de3a7ead8c7e649a21d81298c0a56bed1fb109217ae8b55a5c3a4334ee73203e5d44c03ef843ef2b93621369e7079513d72985c1143d04b5f342dc3a92f554bd1a8a58943c177dda5dd7c3e5280891583cd251dac090051e36faa455e751498657c06ff9f886e6d431b498fce1ea596e21d8bc45c8ad97e2376158c2d18a1f1daaa694fd736ab959c8980358f5f83ccf340fc6594ddeb60587c567e7167ea1129a81f536222046cdde2706e30d6f2fb3b9984bace9f40afe2473a4b4ee4e1fb799259ba41101e08b546d55b55ecd52f10296d5ad0dadeba22cf7c250d5f029457c15f95dee91af4ee7ee0ed6f67ff4fc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000001dc31a761624754f8000000000001d
-      Version: 3
-      TBS:
-        MD5: df2a0bc442ef65cd9973329be21c642f
-        SHA1: d13bcda797c6b986a1a45b7ce9184e87ba0f994c
-        SHA256: 41718d172e45eaa02ec88494587672cf50f96a310aebc5b49a66c0adae99edc5
-        SHA384: db7864a35b468726f3d431e07825ae860ddb0d6250b3bd8906f1b0ff98ce7b4c563c73288b01ec8f1ec5a2a06f31bc40
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 330000001dc31a761624754f8000000000001d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: 2699b7ae36fcadd71425ebafd231d0d1
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- ' https://github.com/namazso/physmem_drivers'
-- https://github.com/namazso/physmem_drivers
-Tags:
-- AsIO.sys
-Verified: 'TRUE'
diff --git a/yaml/bf01915d-045f-442c-a74e-25c56182123f.yaml b/yaml/bf01915d-045f-442c-a74e-25c56182123f.yaml
index ccb5aa94..d6ede42a 100644
--- a/yaml/bf01915d-045f-442c-a74e-25c56182123f.yaml
+++ b/yaml/bf01915d-045f-442c-a74e-25c56182123f.yaml
@@ -185,8 +185,9 @@ KnownVulnerableSamples:
   LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
 Resources:
-- ' https://github.com/elastic/protections-artifacts/search?q=VulnDriver'
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
+- https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
 Tags:
 - BSMI.sys
+- BSMIXP64.sys
 Verified: 'TRUE'
diff --git a/yaml/c3cca618-5a7f-4a51-8785-cb328fbfb0df.yaml b/yaml/c3cca618-5a7f-4a51-8785-cb328fbfb0df.yaml
index eba211ca..a5efc4fa 100644
--- a/yaml/c3cca618-5a7f-4a51-8785-cb328fbfb0df.yaml
+++ b/yaml/c3cca618-5a7f-4a51-8785-cb328fbfb0df.yaml
@@ -261,4 +261,5 @@ Resources:
 - https://github.com/jbaines-r7/dellicious and https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
 Tags:
 - viraglt64.sys
+- viragt64.sys
 Verified: 'TRUE'
diff --git a/yaml/d1624a73-55e0-43f6-8d2d-f4f791ef1bff.yaml b/yaml/d1624a73-55e0-43f6-8d2d-f4f791ef1bff.yaml
index fbbc6654..faa7861a 100644
--- a/yaml/d1624a73-55e0-43f6-8d2d-f4f791ef1bff.yaml
+++ b/yaml/d1624a73-55e0-43f6-8d2d-f4f791ef1bff.yaml
@@ -1138,8 +1138,11 @@ KnownVulnerableSamples:
   LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
 Resources:
-- ' https://github.com/namazso/physmem_drivers'
 - https://github.com/namazso/physmem_drivers
+- https://github.com/jbaines-r7/dellicious
+- https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
+- https://github.com/elastic/protections-artifacts/blob/932baf346cc8a743f1963ad3d4565b42ed17bebe/yara/rules/Windows_VulnDriver_Mhyprot.yar
 Tags:
 - Mhyprot2.sys
+- mhyprot.sys
 Verified: 'TRUE'
diff --git a/yaml/de4dd27a-1f7e-4271-98a4-55395ab6aabf.yaml b/yaml/de4dd27a-1f7e-4271-98a4-55395ab6aabf.yaml
index f3d765b2..d902e0c5 100644
--- a/yaml/de4dd27a-1f7e-4271-98a4-55395ab6aabf.yaml
+++ b/yaml/de4dd27a-1f7e-4271-98a4-55395ab6aabf.yaml
@@ -194,4 +194,5 @@ Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
 Tags:
 - BS_I2c64.sys
+- BS_I2cIo.sys
 Verified: 'TRUE'