| Category | Started On | Completed On | Duration | Cuckoo Version |
|---|---|---|---|---|
| FILE | 2022-06-14 17:45:33.251470 | 2022-06-14 17:47:48.380713 | 135 seconds | 2.0-dev |
| Machine | Label | Manager | Started On | Shutdown On |
|---|---|---|---|---|
| win7cuckoo2 | win7 Clone 2 | VirtualBox | 2022-06-14 17:45:34 | 2022-06-14 17:47:47 |
File Details
| File name | e00e84a02c1bd5fd43ef5b9a2ff2d740d2a9aeb2.dll |
|---|---|
| File size | 4444624 bytes |
| File type | PE32 executable (console) Intel 80386, for MS Windows |
| CRC32 | 426FAF51 |
| MD5 | 01d6f24b63f1fb033c58693396122439 |
| SHA1 | e00e84a02c1bd5fd43ef5b9a2ff2d740d2a9aeb2 |
| SHA256 | ad46600afd3b7e1b1267b5536b02f1e28441e99ead324c036cd664a208d5a6ec |
| SHA512 | f58a7a0e2bb572ff6f946c3764a7c5bf801e9b9a87340c1e94b877388ab9c21aebdb18945f2f3efd8bc6380010868fc2faa7f8f76f0f3bc48910ab40bfd5d54a |
| Ssdeep | None |
| PEiD | None matched |
| Yara |
|
| VirusTotal | File not found on VirusTotal |
MetaFlows Scores
Metaflows Analysis Results (Signatures=50, Anomalies=0, PEiD=0, Yara=0, VT[1655243297]=0): Snort Events=0, AV Events=0
Total Score=50
Total Score=50
Signatures
console_output details
Command line console output was observed
has_pdb details
This executable has a PDB path
pe_features details
The executable contains unknown PE section names indicative of a packer (could be a false positive)
nolookup_communication details
Communicates with host for which no DNS query was performed
packer_entropy details
The binary likely contains encrypted or compressed data indicative of a packer
Screenshots
Static Analysis
Version Infos
| LegalCopyright: | Copyright \xa9 2022 Musarubra US LLC. All Rights Reserved. |
| InternalName: | mfeepmpk_utility.exe |
| FileVersion: | 10.7.0.3460 |
| CompanyName: | Musarubra US LLC. |
| Comments: | MFEINSTALL |
| ProductName: | McAfee Endpoint |
| BuildNumber: | 3460 |
| RCW_Comments: | MFEINSTALL |
| ProductVersion: | 10.7.0.3460 |
| FileDescription: | McAfee Endpoint mfeepmpk utility |
| OriginalFilename: | mfeepmpk_utility.exe |
| BuildDate: | 05/25/2022 |
| Translation: | 0x0000 0x04b0 |
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0003485a | 0x00034a00 | 6.47245820563 |
| .rdata | 0x00036000 | 0x00013aba | 0x00013c00 | 5.46443769537 |
| .data | 0x0004a000 | 0x0002cbac | 0x0002b200 | 6.99874724918 |
| .didat | 0x00077000 | 0x00000028 | 0x00000200 | 0.409765975135 |
| .tls | 0x00078000 | 0x00000009 | 0x00000200 | 0.0203931352361 |
| .rsrc | 0x00079000 | 0x003ba9e8 | 0x003baa00 | 6.54335826276 |
| .reloc | 0x00434000 | 0x00002f2c | 0x00003000 | 6.58529299695 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| BINARY | 0x00404988 | 0x0000d4e0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| BINARY | 0x00404988 | 0x0000d4e0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| BINARY | 0x00404988 | 0x0000d4e0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| BINARY | 0x00404988 | 0x0000d4e0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| BINARY | 0x00404988 | 0x0000d4e0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| BINARY | 0x00404988 | 0x0000d4e0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| BINARY | 0x00404988 | 0x0000d4e0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| BINARY | 0x00404988 | 0x0000d4e0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| BINARY | 0x00404988 | 0x0000d4e0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| BINARY | 0x00404988 | 0x0000d4e0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| DLL | 0x002e4be0 | 0x00096338 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| DLL | 0x002e4be0 | 0x00096338 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| DLL | 0x002e4be0 | 0x00096338 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| DLL | 0x002e4be0 | 0x00096338 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| RT_ICON | 0x0042a370 | 0x00009049 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced |
| RT_ICON | 0x0042a370 | 0x00009049 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced |
| RT_ICON | 0x0042a370 | 0x00009049 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced |
| RT_ICON | 0x0042a370 | 0x00009049 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced |
| RT_ICON | 0x0042a370 | 0x00009049 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced |
| RT_ICON | 0x0042a370 | 0x00009049 | LANG_ENGLISH | SUBLANG_ENGLISH_US | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced |
| RT_GROUP_ICON | 0x004333c0 | 0x0000005a | LANG_ENGLISH | SUBLANG_ENGLISH_US | MS Windows icon resource - 6 icons, 16x16, 256-colors |
| RT_VERSION | 0x00433420 | 0x0000043c | LANG_ENGLISH | SUBLANG_ENGLISH_US | data |
| RT_MANIFEST | 0x00433860 | 0x00000188 | LANG_ENGLISH | SUBLANG_ENGLISH_US | XML document text |
Imports
Library KERNEL32.dll:
• 0x43605c - Wow64DisableWow64FsRedirection
• 0x436060 - LoadLibraryExW
• 0x436064 - GetProcessTimes
• 0x436068 - FormatMessageA
• 0x43606c - GetCurrentProcessId
• 0x436070 - GetProcAddress
• 0x436074 - GetCurrentDirectoryW
• 0x436078 - CloseHandle
• 0x43607c - FileTimeToSystemTime
• 0x436080 - OutputDebugStringW
• 0x436084 - GetLastError
• 0x436088 - OpenProcess
• 0x43608c - GetModuleHandleA
• 0x436090 - LocalAlloc
• 0x436094 - GetModuleFileNameW
• 0x436098 - SetLastError
• 0x43609c - FreeLibrary
• 0x4360a0 - GetModuleHandleW
• 0x4360a4 - LoadLibraryW
• 0x4360a8 - DeleteFileW
• 0x4360ac - Sleep
• 0x4360b0 - UnmapViewOfFile
• 0x4360b4 - HeapSize
• 0x4360b8 - ReadConsoleW
• 0x4360bc - WriteConsoleW
• 0x4360c0 - SetStdHandle
• 0x4360c4 - SetEnvironmentVariableW
• 0x4360c8 - FreeEnvironmentStringsW
• 0x4360cc - ReadFile
• 0x4360d0 - SizeofResource
• 0x4360d4 - GetCurrentProcess
• 0x4360d8 - OutputDebugStringA
• 0x4360dc - GetTempPathW
• 0x4360e0 - CreateFileW
• 0x4360e4 - MultiByteToWideChar
• 0x4360e8 - LockResource
• 0x4360ec - GlobalAlloc
• 0x4360f0 - GlobalFree
• 0x4360f4 - LoadResource
• 0x4360f8 - FindResourceW
• 0x4360fc - GetWindowsDirectoryW
• 0x436100 - MoveFileExW
• 0x436104 - WideCharToMultiByte
• 0x436108 - CreateFileMappingW
• 0x43610c - MapViewOfFile
• 0x436110 - MoveFileW
• 0x436114 - IsWow64Process
• 0x436118 - DeviceIoControl
• 0x43611c - GetCurrentThreadId
• 0x436120 - GetModuleHandleExW
• 0x436124 - LocalFree
• 0x436128 - WriteProcessMemory
• 0x43612c - VirtualFree
• 0x436130 - VirtualAlloc
• 0x436134 - WaitForSingleObject
• 0x436138 - CreateToolhelp32Snapshot
• 0x43613c - Process32NextW
• 0x436140 - Process32FirstW
• 0x436144 - Module32FirstW
• 0x436148 - VirtualAllocEx
• 0x43614c - CreateRemoteThread
• 0x436150 - Module32NextW
• 0x436154 - VirtualFreeEx
• 0x436158 - RaiseException
• 0x43615c - GetSystemInfo
• 0x436160 - VirtualProtect
• 0x436164 - VirtualQuery
• 0x436168 - LoadLibraryExA
• 0x43616c - GetStringTypeW
• 0x436170 - EnterCriticalSection
• 0x436174 - LeaveCriticalSection
• 0x436178 - DeleteCriticalSection
• 0x43617c - EncodePointer
• 0x436180 - DecodePointer
• 0x436184 - InitializeCriticalSectionAndSpinCount
• 0x436188 - CreateEventW
• 0x43618c - TlsAlloc
• 0x436190 - TlsGetValue
• 0x436194 - TlsSetValue
• 0x436198 - TlsFree
• 0x43619c - GetSystemTimeAsFileTime
• 0x4361a0 - CompareStringW
• 0x4361a4 - LCMapStringW
• 0x4361a8 - GetLocaleInfoW
• 0x4361ac - GetCPInfo
• 0x4361b0 - SetEvent
• 0x4361b4 - ResetEvent
• 0x4361b8 - WaitForSingleObjectEx
• 0x4361bc - UnhandledExceptionFilter
• 0x4361c0 - SetUnhandledExceptionFilter
• 0x4361c4 - TerminateProcess
• 0x4361c8 - IsProcessorFeaturePresent
• 0x4361cc - IsDebuggerPresent
• 0x4361d0 - GetStartupInfoW
• 0x4361d4 - QueryPerformanceCounter
• 0x4361d8 - InitializeSListHead
• 0x4361dc - RtlUnwind
• 0x4361e0 - HeapAlloc
• 0x4361e4 - HeapReAlloc
• 0x4361e8 - HeapFree
• 0x4361ec - ExitProcess
• 0x4361f0 - GetStdHandle
• 0x4361f4 - WriteFile
• 0x4361f8 - GetCommandLineA
• 0x4361fc - GetCommandLineW
• 0x436200 - GetACP
• 0x436204 - GetFileType
• 0x436208 - FlushFileBuffers
• 0x43620c - GetConsoleCP
• 0x436210 - GetConsoleMode
• 0x436214 - IsValidLocale
• 0x436218 - GetUserDefaultLCID
• 0x43621c - EnumSystemLocalesW
• 0x436220 - SetFilePointerEx
• 0x436224 - GetProcessHeap
• 0x436228 - FindClose
• 0x43622c - FindFirstFileExW
• 0x436230 - FindNextFileW
• 0x436234 - IsValidCodePage
• 0x436238 - GetOEMCP
• 0x43623c - GetEnvironmentStringsW
• 0x436240 - SetEndOfFile
Library ADVAPI32.dll:
• 0x436000 - RegQueryValueExW
• 0x436004 - CloseServiceHandle
• 0x436008 - OpenSCManagerW
• 0x43600c - OpenServiceW
• 0x436010 - QueryServiceStatusEx
• 0x436014 - TraceEvent
• 0x436018 - CryptAcquireContextW
• 0x43601c - EqualSid
• 0x436020 - AllocateAndInitializeSid
• 0x436024 - CryptCreateHash
• 0x436028 - CryptHashData
• 0x43602c - CryptDestroyHash
• 0x436030 - OpenProcessToken
• 0x436034 - FreeSid
• 0x436038 - CheckTokenMembership
• 0x43603c - CryptGetHashParam
• 0x436040 - CryptReleaseContext
• 0x436044 - GetTokenInformation
• 0x436048 - RegCloseKey
• 0x43604c - RegSetValueExW
• 0x436050 - RegOpenKeyExW
• 0x436054 - RegGetValueW
Library WINTRUST.dll:
• 0x436258 - WinVerifyTrust
Library PSAPI.DLL:
• 0x436248 - GetModuleFileNameExA
Library RPCRT4.dll:
• 0x436250 - UuidCreate
Strings
!This program cannot be run in DOS mode.
T Rich+
`.rdata
@.data
.didat
@.reloc
~Hh4aG
~Hh4bG
wWh(7D
txhT7D
~Hh0aG
~Mh0bG
t'h4^D
uehXCD
uGh,?D
uMhP?D
uBh\LD
tDh`jG
t3hPkG
t"hxjG
t]hPpC
PVh0oC
jJh8mC
PPhXqC
YYhlsC
9E$WWV
t,WW9}
jA[jZZ+
u&hPUG
QQSVWd
URPQQhP
;t$,v-
UQPXY]Y[
Tt1jhZ;
^$+^8+
t0jXXf
~$+~8+
F2jgYf;
PPPPPPPP
u0jAXf;
u0jAXf;
YYhddC
j"^f91j\^u8
j"^f9q
t/j=[f;
tyPVj@W
_tcPVj@
u#j,Xf;
x7;50_G
x7;50_G
Wj0XPV
PPPPPWS
PP9E u:PPVWP
PVSQSWV
35 `G
350`G
SVWjA_jZ+
uBjAYjZ+
taj*Xf
VWj\^j:
WWWPWS
SSVWh
f9:t!V
}VWj=S
tl9 tX
QQSWj0j@
xi;50_G
xg;50_G
<0|o<9
u^9^\t/
VX9^`tT
;N\u\W
u2Vj@hx
9C`u99C\t4
9C`u5Wj
D8(HXt:f
D8(Ht5F
SVjA[jZ^+
jAZjZ^
PPPPPPPP
mSjA[jZ^+
8jZZf;
blframework.dll
McVariantExport.dll
crypt32.dll
WinVerifyTrust() call failed with result code 0x%08lX
NotComDllGetInterface
AacControl6
AacControl5
AacControl4
AacControl3
AacControl2
AacControl
TraceMessage
TraceMessageVa
0123456789abcdef0x
0123456789ABCDEF0X
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
bad allocation
identifier removed
illegal byte sequence
inappropriate io control operation
interrupted
invalid argument
invalid seek
io error
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no lock available
no message available
no message
no protocol option
no space on device
no stream resources
no such device or address
no such device
no such file or directory
no such process
not a directory
not a socket
not a stream
not connected
not enough memory
not supported
operation canceled
operation in progress
operation not permitted
operation not supported
operation would block
owner dead
permission denied
protocol error
protocol not supported
read only file system
resource deadlock would occur
resource unavailable try again
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many files open
too many links
too many symbolic link levels
value too large
wrong protocol type
address family not supported
address in use
address not available
already connected
argument list too long
argument out of domain
bad address
bad file descriptor
bad message
broken pipe
connection aborted
connection already in progress
connection refused
connection reset
cross device link
destination address required
device or resource busy
directory not empty
executable format error
file exists
file too large
filename too long
function not supported
host unreachable
unknown error
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
InitOnceExecuteOnce
CreateEventExW
CreateSemaphoreW
CreateSemaphoreExW
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
CreateSymbolicLinkW
GetCurrentPackageId
GetTickCount64
GetFileInformationByHandleEx
SetFileInformationByHandle
GetSystemTimePreciseAsFileTime
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
InitializeSRWLock
TryAcquireSRWLockExclusive
SleepConditionVariableSRW
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefghijklmnopqrstuvwxyz
bad exception
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`h````
xpxxxx
`h`hhh
xwpwpp
(null)
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
[aOni*{
~ $s%r
@b;zO]
v2!L.2
CorExitProcess
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
EnumSystemLocalesEx
GetUserDefaultLocaleName
IsValidLocaleName
LCIDToLocaleName
LocaleNameToLCID
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
_hypot
_nextafter
1#QNAN
1#SNAN
]vQ<)8
|)P!?Ua0
Eb2]A=
u?^p?o4
y1~?|"
?x +s7
?5O d%
?|I7Z#
>,'1D=
?g)([|X>=
~U` ?K
:h"?bC
@H#?43
Ax#?uN}*
r7Yr7=
F0$?3=1
H`$?h|
&?~YK|
sU0&?W
<8bunz8
?#%X.y
F||<##
<@En[vP
?5Wg4p
%S#[k =
"B <1=
?Unknown exception
bad cast
bad locale name
generic
iostream
iostream stream error
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
MFEEPMPK_WORKAROUND
d4da057f62061e54be3fbfb00a5ca100
d4bfdc6b92d2efec08dd8ce64981c6bf
17593a7de3dd0d8037b96190412124fc
06e1cc3f2e237203b02fa2053415281a
17593a7de3dd0d8037b96190412124fc
06e1cc3f2e237203b02fa2053415281a
ExploitPreventionSetStatus - About to call SetPropertieStatus
SetPropertieStatus finished on retry %d
SetPropertieStatus - About to callBLSetPropertiesEx
There was a problem with SetPropertieStatus on retry attempt %d. Waiting before retrying.
SetPropertieStatus - About to get BLF Handle
SetPropertieStatus - Call was successful!
SetPropertieStatus - About to call BLReleaseObjectHandle()
SetPropertieStatus - Tearing down
MFEEPMPK_WORKAROUND
d4da057f62061e54be3fbfb00a5ca100
d4bfdc6b92d2efec08dd8ce64981c6bf
17593a7de3dd0d8037b96190412124fc
06e1cc3f2e237203b02fa2053415281a
17593a7de3dd0d8037b96190412124fc
06e1cc3f2e237203b02fa2053415281a
Force uninjection retry attempt %d
There are %d processes that require force uninjection
There was a problem uninjecting pid %d
No processes required force uninjection!
About to force uninject pid %d, process name %s, PCT 0x%I64x %s
Uninjection of pid %d was successful
Driver stopped after %d secs of waiting
Waiting time finished and driver is still running!
2^#{ @%
MFEEPMPK_WORKAROUND
d4da057f62061e54be3fbfb00a5ca100
d4bfdc6b92d2efec08dd8ce64981c6bf
17593a7de3dd0d8037b96190412124fc
06e1cc3f2e237203b02fa2053415281a
17593a7de3dd0d8037b96190412124fc
06e1cc3f2e237203b02fa2053415281a
10.7.0.3460
ENS MFEEPMPK Fixer Utility - Version %s
This tool requires admin rights
Available Options:
Changing the force unload behavior.
Enable verbose mode
Run the mfeepmpk fix logic
Enable check-only mode mode
Override Agent DLLs with latest packaged versions
Skip disabling Exploit Prevention
restore Exploit Prevention state
Display help information
Example Usage
mfeepmk_utility.exe -h
This will show this help message
mfeepmk_utility.exe -r -v
This will run the logic to fix the ENS mfeepmpk driver problem with verbose output
mfeepmk_utility.exe -r -v -f
This will run the logic to fix the ENS mfeepmpk driver problem with forcing the unload of injected DLLs and with verbose output
mfeepmk_utility.exe -c -v
This will perform a check-only operation to determine if a faulty driver is present and if reboot is required
ENS is not installed. Bailing out
mfeepmk_utility.exe -r -log <logfile>
This will run the logic to fix the ENS mfeepmpk driver problem with file log output
Driver is still running!
Driver is was succesfully shutdown
There were %d process where uninjection was forced
Agent DLL replacement was successful
There was a problem with Agent DLL replacement
There were a problem forcing uninjection of processes - %d needed uninjection
10.7.0.3460
About to run ENS mfeepmpk fixer utility - Version %s
About to enable Exploit Prevention
Exploit Prevention Enabled
About to disable Exploit Prevention
Exploit Prevention Disabled
Check only mode requested. No files will be modified.
There was a problem checking for driver existence
Agent DLLs override mode requested. Agent DLL files will be modified.
Checking for faulty driver existence
Faulty driver was not found. All is good.
ENS force unload is required
DLLs were succesfully unloaded.
There was a problem unloading DLLs on best effort.
Old version of faulty driver was found.
Force unload was requested
DLLs were succesfully unloaded.
There was a problem unloading DLLs on best effort.
Old driver file is flagged as DELETE_PENDING
Reboot is required
Reboot is not required
Faulty driver was found. Now attempting replacement
Faulty driver was found. The tool will check if reboot is needed.
About to enable ENS workaround. This will take some time.
ENS workaround is enabled
Faulty driver found running!
Reboot is required
Faulty driver found not running
Reboot is not required
About to perform replacement
Force unload was requested
Old driver still running!
Reboot is required
File replacement was a success!
Reboot is not required
Reboot is required
Files couldn't be replaced, so they were renamed and flagged as DELETE_PENDING
ENS driver was not down or files have been replaced already
Reboot is required
There was a problem enabling the workaround!
About to disable ENS workaround. This will take some time.
Disabled ENS workaround
There was a problem disabling ENS workaround
Reboot is required
ENS is not installed! Proceeding to check if reboot is required
Faulty driver found running!
Faulty driver found not running
Reboot is not required
ENS is not installed! Proceeding to replace the instance of the faulty driver
Force unload was requested
DLLs were succesfully unloaded.
There was a problem unloading DLLs on best effort.
Old driver still running!
Reboot is required
File replacement was a success!
Files couldn't be replaced, so they were renamed and flagged as DELETE_PENDING
Reboot is required
There was a problem checking files to replace
Some files couldn't be replaced
Reboot is required
There was a problem executing the tool
MFEEPMPK_WORKAROUND
d4da057f62061e54be3fbfb00a5ca100
d4bfdc6b92d2efec08dd8ce64981c6bf
17593a7de3dd0d8037b96190412124fc
06e1cc3f2e237203b02fa2053415281a
17593a7de3dd0d8037b96190412124fc
06e1cc3f2e237203b02fa2053415281a
0123456789abcdef
0123456789abcdef
MFEEPMPK_WORKAROUND
d4da057f62061e54be3fbfb00a5ca100
d4bfdc6b92d2efec08dd8ce64981c6bf
17593a7de3dd0d8037b96190412124fc
06e1cc3f2e237203b02fa2053415281a
17593a7de3dd0d8037b96190412124fc
06e1cc3f2e237203b02fa2053415281a
NtWow64QueryInformationProcess64
ntdll.dll
NtWow64ReadVirtualMemory64
ntdll.dll
VirtualFreeEx failed with error %d
invalid string position
string too long
crypt32.dll
WinVerifyTrust() call failed with result code 0x%08lX
NotComDllGetInterface
AacControl6
AacControl5
AacControl4
AacControl3
AacControl2
AacControl
<unknown 0x%x>
%04u-%02u-%02u %02u:%02u:%02u.%07u
vector<T> too long
RSDS+
D:\BUILD_1233122\BUILD\ENS_ResultsDir\Release32\mfeepmpk_utility.pdb
.text$di
.text$mn
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCC
.CRT$XCL
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.cfguard
.rdata
.rdata$T
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.didat$2
.didat$3
.didat$4
.didat$6
.didat$7
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.didat$5
.tls$ZZZ
.rsrc$01
.rsrc$02
BLFrameworkInit
BLGetObjectHandle
BLReleaseObjectHandle
BLFrameworkCleanUp
BLSetPropertiesEx
?Delete@McVariantHelper@@YAXPAUMcVariant@@@Z
?NewBool@McVariantHelper@@YAPAUMcvBool@1@PB_W_N@Z
?BuildNewMcVariant@McvBase@McVariantHelper@@QBEPAUMcVariant@@P6APAXI@Z@Z
UnmapViewOfFile
DeleteFileW
LoadLibraryW
GetModuleHandleW
FreeLibrary
SetLastError
GetModuleFileNameW
LocalAlloc
GetModuleHandleA
OpenProcess
GetLastError
OutputDebugStringW
FileTimeToSystemTime
CloseHandle
GetCurrentDirectoryW
GetProcAddress
GetCurrentProcessId
FormatMessageA
GetProcessTimes
LoadLibraryExW
Wow64DisableWow64FsRedirection
KERNEL32.dll
RegQueryValueExW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
GetTokenInformation
CryptReleaseContext
CryptGetHashParam
CheckTokenMembership
FreeSid
OpenProcessToken
CryptDestroyHash
CryptHashData
CryptCreateHash
AllocateAndInitializeSid
EqualSid
CryptAcquireContextW
TraceEvent
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
ADVAPI32.dll
WinVerifyTrust
WINTRUST.dll
GetModuleFileNameExA
PSAPI.DLL
UuidCreate
RPCRT4.dll
ReadFile
SizeofResource
GetCurrentProcess
OutputDebugStringA
GetTempPathW
CreateFileW
MultiByteToWideChar
LockResource
GlobalAlloc
GlobalFree
LoadResource
FindResourceW
GetWindowsDirectoryW
MoveFileExW
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
MoveFileW
IsWow64Process
DeviceIoControl
GetCurrentThreadId
GetModuleHandleExW
LocalFree
WriteProcessMemory
VirtualFree
VirtualAlloc
WaitForSingleObject
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
Module32FirstW
VirtualAllocEx
CreateRemoteThread
Module32NextW
VirtualFreeEx
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
GetProcessHeap
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
WriteConsoleW
ReadConsoleW
HeapSize
SetEndOfFile
Copyright (c) by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
%V0^%V0^%V0^~>3_/V0^~>5_
V0^~>4_7V0^$;5_8V0^$;4_*V0^$;3_4V0^~>1_&V0^%V1^tV0^
;9_$V0^
;2_$V0^
/$efYP
bA,ebA
X$Hao%
+'unY7
+'}nY7
fOUv$Z
&MRM)j
A~3MW~
+'unY7
+'}nY7
fOUv$Z
&MRM)j
NfGN i
YbSao^
&MRM)jJAfnP
ABffABnY
~fbAH&-
5/$y$\S
]nqzCl
~fbAh3
d'nfgS
nVb~`P%
fbABnY
~nlbQfGNR/
A~3Mq~
A~3MX~
fGNR-#
-$ufbI
Y/Zn;Y~
~nez[l#Y~
B`o%fn
-U1`f%
n|RYfeA
&MRM)j
fJAX,{
B8~bA,e
rf@Nw&
}8~bA,e&
ZbA&~LY
YftQv?o
&bA&MRM)j
ZbA&~LY
~fdAj9
aB%c$NA
QB)jbA
fbyB)j
fbyB)j
fbyB)j
fbyB)j
fbyB)j
M)jbAd_2
fbyB)j
fbyB)j
fbiB)j
`f%f_nR
`f%f_nR
fbyB)j
fbiB)j
fbyB)j
fbyB)j
fbyB)j
feYj3-^i
fbyB)j
fDY~'N
fDY~'N
-,.nhz
nd^7,%
_yC w
fb9B)j
fbyB)j
$NNv5%
fq~#^0
.?AV_Locimp@locale@std@@
.?AVbad_alloc@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
.?AVfailure@ios_base@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AVruntime_error@std@@
.?AV?$codecvt@DDU_Mbstatet@@@std@@
.?AVios_base@std@@
.?AVerror_category@std@@
.?AV?$ctype@D@std@@
.?AVsystem_error@std@@
.?AVcodecvt_base@std@@
.?AV_Facet_base@std@@
.?AV_Generic_error_category@std@@
.?AU_Crt_new_delete@std@@
.?AV?$_Iosb@H@std@@
.?AV?$basic_ofstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV_Iostream_error_category@std@@
.?AVbad_cast@std@@
.?AUctype_base@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AVfacet@locale@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV_System_error@std@@
.?AVENSManager@@
.?AVexception@std@@
.?AV?$basic_ifstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
!This program cannot be run in DOS mode.
h.rdata
H.data
H.bldvar
B.reloc
hMFE1W
PhMFE1SSW
Ch;FXt
Fh9~lv
t0IIt'IIt
Ht`HtKHt
\t8W@P
QSSSSh
j\h01B
t"j\[f;
HHt.Ht
9~HuLh
YYSSSS
t$WWWW
~$9~ t
t$jJjIjHjGjFjEj
jDjCjBjAj@j*j
97u)j
t+Ht(Ht%Ht
HtsHt>Ht
Ht6Ht(Ht
*t j&^j
f;2tGOtB
f;2t7Ot2
4At@Sf
u+f9] t%
!wEt=Ht4Ht+HHt!
"t>HHt4
Ht4Ht'Ht
HtPHtAHt#;u
Ht<Ht/Ht
Ht\HtMHt.;u
w@t7Ht-Ht#HHt
w@t7Ht-Ht#HHt
QQSVW3
DPPWh<
SVWj<_W
Ht7Ht*Ht
HtWHtHHt(;u
GGFF;}
Jt6Jt JJt
Jt5Jt"JJt
t0f;;t<
It'Iu,
URPQQh
hmfemP
hmfemP
hmfemP
hmfemh
hmfemh
hMFE1QP
hMFE0PQ
hMFE0P
VhMFEKhX
t`hMFEKhX
hMFEKW
hMFEKV
PVh4 B
hmfePV
hmfePV
w%WhL'B
Controlling process monitor thread finishes with error code 0x%x
Controlling process monitor thread finishes normally
Controlling process died
Monitoring controlling process 0x%x
Failed to create monitor thread: 0x%x
.\ExecutableInfo.cpp
Win32Path().Len()
(ei.flags & Es::Path) && ei.path.len == e->ei.path.len
d:\build_854529\build\hostips\windows\source\hiparmor\hipshieldkernel\ExecutableSectionValues.h
refCnt>0
!esvRefCnt
exeTableHead
MfeHipsk::InjectionResultNofification injection state cannot be modified at this point
ERROR: MfeHipsk::InjectionResultNofification there was a problem getting the processinfo of current process
ERROR: MfeHipsk::InjectionResultNofification there was a problem updating injection state 0x%x on monitored pid 0x%x
MfeHipsk::InjectionResultNofification monitored pid 0x%x injection state updated to 0x%x
.\mfehipsk_content.cpp
n == 33
Failed to apply shield DB: 0x%x
Applied shield DB size 0x%x
Failed to set policies: 0x%x
Set Policies succeeded.
Instance has been stubbed out.
ERROR: Unexpected HamQ code 0x%x
d:\build_854529\build\hostips\windows\source\hiparmor\hipshieldkernel\ExecutableInfo.h
Pipe connect from pid 0x%x returns 0x%x,0x%x
Unable to exchange process state bits
Unable to query current process info for exchange
Got %d byte query
ContentDriverQuery received function %d
Executable Specifications Table contains %u entries
Applied executable table: %u entries, 0x%x + 0x%x bytes
Failed to apply executable table: 0x%x
GetMessages invalid parameter(s)
ConfigureInjection incorrect data size 0x%x.
StubOutInstance invalid parameter
SetPolicies incorrect data size 0x%x.
Illegal control attempt by pid 0x%x.
SetConfig incorrect data size 0x%x.
Control attempt by pid 0x%x rejected, code 0x%x.
KeGetCurrentIrql() <= APC_LEVEL
.\mfehipsk_filefilter.cpp
valuePtr == (Byte*)(&valueStorage + 1)
sectionPtr == (Byte*)(§ionStorage + 1)
ProcessIsStarted: pid 0x%x, flagx 0x%x, parent pid 0x%x
process
.\mfehipsk_procfilter.cpp
Access bits 0x%x (mask 0x%x) stripped from OpenProcess(%S)
Unexpected error checking opened process with program engine: %d
Unable to filter open process access: Rules database not ready
Unexpected failure to identify target process info
Unexpected failure to identify actor executable path
Unexpected failure to identify actor process executable instance
Unexpected error checking new process with program engine: %d
Unable to get image name for process being created
Unexpected failure to find ProcessInfo for 0x%x
NotifyProcessStart: pid 0x%x, parent pid 0x%x
NotifyProcessStop: pid 0x%x
.\mfehipsk_regfilter.cpp
\REGISTRY\MACHINE\SYSTEM\ControlSet\Services\
\Start
\REGISTRY\MACHINE\SYSTEM\ControlSet\Services\
\REGISTRY\MACHINE\SYSTEM\ControlSet\Hardware Profiles\
\System\CurrentControlSet\Enum\ROOT\LEGACY_
invalid
disabled
manual
automatic
system
\REGISTRY\MACHINE\SYSTEM\ControlSet\Services\
d:\build_854529\build\hostips\windows\source\hiparmor\hipshieldkernel\../HipShieldCommon/RegUtil.cpp
commonPrefixLen && oldPrefixLen
commonPrefix || valuePart
EventsDBPtr == (Byte*)(&EventsDBStorage + 1)
User mode returns error code 0x%x for sid lookup
.\mfehipsk_sid.cpp
User mode not listening for sid lookup
Out of resources to maintain sid map, code 0x%x
User mode failed to determine name for sid
Out of resources to maintain sid map
.\mfehipsk.cpp
references
me == v && memBuf == (Byte*)(me+1)
(MfeSai::Eid)p == InvalidEid
me == v+n && memBuf == (Byte*)(me+1)
eid != InvalidEid
dbContext
!dbContext
Eid %u
Db: %s
DriverUnload
!references
references == 1
MfeHipsk::ReleaseAndDestroy
!exeTableDb && !exeTableDbRef
(memBuf - storage) <= sizeof(Section)
(memBuf - storage) <= sizeof(Value)
old != newValues
Failed to load avfk driver
Failed to get name cache service
avfkHandle == INVALID_HANDLE_VALUE
Loading avfk driver for name cache service
Existing avfk driver instance is providing name cache service
value && !value->next && GetValueType(value) == VAL_TYPE_UNICODE && value->size > 2
Failed to create MfeHipsk initialization thread: 0x%x
Driver entry returning %x
Bad load arguments
Bad version info
clientContext->Init returned %x
DriverEntry
d:\build_854529\build\hostips\windows\source\hiparmor\hipshieldkernel\../InjectionK/ProcessMonitoring.cpp
Unexpected failure querying pid 0x%x bits
%s Eid %u
Descend
NoSync
Exclude
Include
Injection lists:
exeTableDb
Potential ProcessInfo management issue for pid 0x%x
processEntry
bucket
state != Startup
Process 0x%x is not currently registered
d:\build_854529\build\hostips\windows\source\sai\private\SaiEidVector.h
NumSparse() < SaiEidVectorSparseThreshold
d:\build_854529\build\hostips\windows\source\hiparmor\hipshieldkernel\../../Sai/Match/SaiUnPatch.cpp
d:\build_854529\build\hostips\windows\source\hiparmor\hipshieldkernel\../../Sai/Match/SaiMatchTrie.cpp
subStrLen
Unexpected failure to allocate message space
Unexpected resource failure copying string: 0x%x
d:\build_854529\build\hostips\windows\source\hiparmor\hipshieldkernel\../../Sai/Match/SaiLookupHelper.cpp
currentTrace
stillHasWildCards
shortenedVersion.Len() >= 3
Unexpected low resource state
Unexpected 0x%x bit module
Unexpected null module path
Unexpected failure querying module information
Pid 0x%x is network facing
Process monitoring configured (%s) 0x%x/0x%x/0x%x/0x%x
async only
with sync
Unable to identify 0x%x for ips enforcement
Unable to identify unregistered 0x%x for ips enforcement
Unable to identify a process for ips enforcement
No services manager process was registered
Process stopped during startup notifications: 0x%x
servicesPid == (HANDLE)-1
Unexpected failure to find a process entry
UM module load report failure: 0x%x
NoticeLoadImage - ProcessEntry::SyncInjectionActive is set: 0x%x
NoticeLoadImage - wantSyncInjected true. Setting SyncInjectionActive flag: 0x%x
Unexpected missing process entry during image load: 0x%x
InjectionK
Unexpected empty syscore path for process: 0x%x
Inserted new process entry: 0x%x
Unexpected failure to insert a process entry: 0x%x
Unexpected failure to create a new process entry: 0x%x
Unable to add pid 0x%x for tracking
Parent process 0x%x is not registered
.\HipArmorKernelLog.cpp
sendSize <= bufSize
, local_file
, query
, raw_url
raw_data
Agent truncated details - too much data to display.
- too much data to display.
Agent was unable to send advanced details
Agent was unable to send advanced details for sections:
TruncateStringValues: Packed query size:%d.
SC_Block:PackupViolationInDb:PackAndPatchEventsDB() failed.
SC_Block:PackupViolationInDb:SC_Malloc() failed.
SC_Block:PackupViolationInDb:GetEventsDBTotalSize() 2 failed.
SC_Block:PackupViolationInDb:GetEventsDBTotalSize() failed.
SC_Block:PackupViolationInDb:CreateEventsDB() failed.
D:\BUILD_854529\BUILD\HostIps\Windows\Source\HipArmor\Db/Match/sc_block.c
D:\BUILD_854529\BUILD\HostIps\Windows\Source\HipArmor\Db/Match/trie.c
isNodeAttributeSet(me, TRIE_NODE_ATTRIB_IS_ID_MAP)
SC_Block: PackupViolationInDb() failed.
SC_Block: AddNewStringValToSec() failed.
SC_Block: AddNewSectionToEvent(SCDB_SECTION_USER_GROUPS) failed.
SC_Block: CreateEventsDB() failed.
%s event matching sig %d
Reaction to event matching sig %d has been downgraded to log due to unknown application path
Unexpected failure removing internal detail from violation
SC_Block:Found auto gen rule
SC_Block: SC_GetGlobalData(policies_head) failed.
GetValueType(val) == VAL_TYPE_EXEC_ID
CreateClassTree: CreateTrieNode() failed.
CreateClassTree: isReqTrie(%ld, %ld) failed
CreateClassTree: GetNextRelevantSecForClass(%ld) failed
linkCandChainsInSuperTree failed
AddRulesDbToSuperTree failed
CreateSuperTree failed
BuildSuperTree: AddNewConstStringValTOSec(g_incAddSec, allChars) failed
BuildSuperTree: CreateRuleSection(g_incAllSec) failed
Tamper
Illegal_API_Use
Program
Illegal Use
Buffer_Overflow
Services
Registry
Exceptions
*SG_Global*
*SG_Internal*
Parent Executable Fingerprint
Parent Executable Description
Parent Executable Subject Org Name
Parent Executable Is Trusted SDN
Parent Executable SDN
Parent Executable Path
Executable Fingerprint
Executable Description
Subject Organization Name
Is Trusted Subject Distinguished Name
Subject Distinguished Name
treaction
Disable Globals
ex_Group_SID
Take ownership
Warning Note
violations
module stack
dependencies
user groups
token handle
global logon id
session id
process id
unique rule ids
wrkstn name
domain user name
domain name
user name
Executable
application
illegal_api_use:invalid_call
illegal_api_use:bad_parameter
Vulnerability Name
Detailed Event Info
sql:request
transport
sql_user_password
authentication_mode
sql_line_comment
sp_param_char_len_ten
sp_param_char_len_nine
sp_param_char_len_eight
sp_param_char_len_seven
sp_param_char_len_six
sp_param_char_len_five
sp_param_char_len_four
sp_param_char_len_three
sp_param_char_len_two
sp_param_char_len_one
sp_param_orig_len_ten
sp_param_orig_len_nine
sp_param_orig_len_eight
sp_param_orig_len_seven
sp_param_orig_len_six
sp_param_orig_len_five
sp_param_orig_len_four
sp_param_orig_len_three
sp_param_orig_len_two
sp_param_orig_len_one
sp_param_ten
sp_param_nine
sp_param_eight
sp_param_seven
sp_param_six
sp_param_five
sp_param_four
sp_param_three
sp_param_two
sp_param_one
client_agent
server_name
db_user_name
sql_original_query
sql_query
sp_name
isapi:response
isapi:request
isapi:rawdata
isapi:reqquery
isapi:requrl
content len
server
source
raw url
local file
method
Web Server Type
raw data
files:permissions
files:hardlink
files:writeop
files:attribute
files:rename
files:delete
files:execute
files:write
files:read
files:create
drive type
dest file
hook:set_windows_hook
Handler Description
Handler Fingerprint
Handler Organization Name
Handler Is Trusted Distinguished Name
Handler Distinguished Name
Handler Path
Handler Module
image:load_for_execute
Image Description
Image Fingerprint
Image Organization Name
Image Is Trusted Distinguished Name
Image Distinguished Name
Image Path
program:open_with_any
program:open_with_create_thread
program:open_with_wait
program:open_with_modify
program:open_with_terminate
program:run
Target Fingerprint
Target Description
Target Organization Name
Is Trusted Target Distinguished Name
Target Distinguished Name
Target Executable
illegal:api
bo:dep_viol
bo:dep_write
bo:dep_heap
bo:dep_stack
bo:privilege_escalation
bo:no_module
bo:different_stack
bo:call_return_to_api
bo:call_different_target
bo:call_not_found
bo:call_return_unreadable
bo:invalid_call
bo:writeable_memory
bo:heap
bo:stack
DLL Name
Caller Description
Caller Fingerprint
Caller Organization Name
Caller Is Trusted Distinguished Name
Caller Distinguished Name
Caller Path
Caller Module
target_bytes
API Name
services:delete
services:create
services:logon
services:profile_disable
services:profile_enable
services:startup
services:continue
services:pause
services:stop
services:start
group names
hw profile
new startup
old startup
params
display names
services
registry:open_existing_key
registry:load
registry:replace
registry:restore
registry:monitor
registry:enumerate
registry:permissions
registry:modify
registry:delete
registry:rename
registry:read
registry:create
new data type
old data type
new data
old data
dest keys
values
Exclude_more
Include_more
attributes
directives
Exclude
Include
Exception
UNKNOWN
policiesHead
shieldDbHead
UNICODE-MIN_VAL
INT-MIN_VAL
HEXBIN-MIN_VAL
BIN-MIN_VAL
EXEC_ID
ERROR!!! NO SUCH TYPE
STRING-MIN_VAL
STRING
UNICODE
HEXBIN
MIN_VALUE
CASE_SENSITIVE
DATA_OWNER
OWN_MYSELF
DATA_STAR
CREATED_IN_KERNEL_MODE
ERROR!!! NO SUCH ATTRIBUTE
(TC) isValidRelativePtr: %s - unexpected offset value (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
(TC) isValidRelativePtr: %s - invalid ptr offset (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
(TC) isValidRelativePtr: %s - invalid offset (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
UnpatchValue: me->data.bin
UnpatchValue: me->next
(TC) UnpatchValue: me->size (%ld) invalid data size
(TC) UnpatchValue: me->attributes invalid attr or val
FreeValue: tried to free INT value!
%sattributes %s= %s = %s
%snext = 0x%p
%ssize = %ld
%sexData = %ld
%sdata = "%s"
%sdata = "%S"
%sdata = "0x%p"
%sdata = %ld
%stype = %s
%s--- Value ---
NOVAL_REV
NOVAL_REM
NOVAL_ALL
IS_CREATED_IN_KERNEL_MODE
NO SUCH ATTRIBUTE!
IS_OWN_MYSELF
DONT_DISPLAY
DONT_COMPARE
DONT_ALLOW_EX
INCLUDE
EXCLUDE
UnpatchSection: me->next
UnpatchSection: me->values
(TC) UnpatchSection: me->type invalid
(TC) UnpatchSection: me->attributes invalid attr or val
%svalues = 0x%p
%snext = 0x%p
%stype = %ld
%sname = %s
%s--- Section ---
EXCEPTION_CREATED_FROM_RULE
AUDIT_MODE_SUPPORTED
NOT_AUDITABLE
NO_LOG
EXCEPTION_MATCHES_ALL_RULE_IDS
EXCEPTION
INACTIVE
NO_TRUSTED_APPS
(TC) UnpatchEvent: me->type invalid
(TC) UnpatchEvent: me->sigId invalid
UnpatchEvent (me->secLookupTable[i].v)
UnpatchEvent: me->next
UnpatchEvent: me->sections
(TC) UnpatchEvent: me->attributes invalid attribute
(TC) UnpatchEvent: me->directives invalid directive value
%sdirectives = %s
%ssections = 0x%p
%ssecLookupTable[%3ld] = 0x%p
%sreaction = %ld
%suniqueId = %ld (0x%lx)
%ssigId = %ld (0x%lx)
%sengine name = %s
%sengineType = %ld
%s--- %s ---
UnpatchEventsDB: me->events
(TC) UnpatchEventsDB: me->attributes invalid attr
(TC) UnpackEventsDBCkSm: invalid size
(TC) UnpackEventsDBCkSm: invalid values:%u %u
FindAndAddRulesToSection: AddNewInstValueToSection() failed. (#1)
FindAndAddRulesToSection: UniqueIdFromRule() failed. (#1)
FindAndAddRulesToSection: SetEventDirective() failed. (#1)
LinkRulesToException: FindAndAddRulesToSection() failed.(#2)
LinkRulesToException: RemoveSectionFromInst() failed.
LinkRulesToException: FindAndAddRulesToSection() failed.(#1)
LinkRulesToException: SetSectionAttribute(SEC_ATTRIB_DONT_COMPARE) failed.
LinkRulesToException: AddNewSectionToEvent(SCDB_SECTION_RULES) failed.
LinkRulesToException: SetEventAttribute(EVENT_ATTRIB_EXCEPTION_MATCHES_ALL_RULE_IDS) failed.
LinkRulesToException: GetSectionFromEvent(SCDB_SECTION_ID) failed.
SC_Malloc:Can't allocate memory,size %d
D:\BUILD_854529\BUILD\HostIps\Windows\Source\HipArmor\Db/Common/sc_malloc.c
D:\BUILD_854529\BUILD\HostIps\Windows\Source\HipArmor\Db/Match/IdMap.cpp
Failed to create IdMap: 0x%x
Failed to create IdMap: no memory
Failed to access IdMap: 0x%x
Failed to lookup IdMap: 0x%x
firstAvailable
D:\BUILD_854529\BUILD\HostSharedSource\HssUtils/Mk/MkMap.cpp
("Illegal insert of item that already exists in map", 0)
("Illegal remove of item that does not exist in map",0)
ASSERT:
.\assertives.cpp
Runtime static initializer failure.
[o ,System
0123456789abcdef0x
0123456789ABCDEF0X
D:\BUILD_854529\BUILD\HostIps\Windows\Source\HipArmor\release\mfeepmpk.pdb
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
PsTerminateSystemThread
KeWaitForMultipleObjects
ZwClose
PsCreateSystemThread
ExInitializeResourceLite
ExDeleteResourceLite
ExAcquireResourceSharedLite
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleaseResourceLite
KeGetCurrentThread
ExAcquireResourceExclusiveLite
KeClearEvent
memcpy
MmHighestUserAddress
IoGetCurrentProcess
PsDereferencePrimaryToken
PsReferencePrimaryToken
ProbeForWrite
ProbeForRead
PsGetProcessId
ObfDereferenceObject
PsLookupProcessByProcessId
RtlCompareMemory
ZwQueryValueKey
RtlInitUnicodeString
ObOpenObjectByPointer
ZwOpenKey
ZwEnumerateValueKey
towupper
wcsncmp
_wcsnicmp
wcschr
SeReleaseSubjectContext
SeUnlockSubjectContext
SeLockSubjectContext
SeCaptureSubjectContext
RtlValidSid
memset
ExFreePool
RtlLengthSid
ObReferenceObjectByHandle
RtlGetVersion
MmIsAddressValid
MmSystemRangeStart
_purecall
KeQuerySystemTime
PsGetCurrentThreadId
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQueryInformationProcess
ZwOpenProcess
strncat
strncpy
RtlUpcaseUnicodeChar
RtlUpperChar
wcsncpy
wcscspn
ntoskrnl.exe
KeGetCurrentIrql
KeQueryPerformanceCounter
HAL.dll
KeBugCheckEx
RtlUnwind
KeNumberProcessors
DbgPrint
DbgBreakPoint
strrchr
IoCreateSymbolicLink
IoDeleteSymbolicLink
memmove
ZwDeviceIoControlFile
ZwOpenFile
ZwSetValueKey
MmGetSystemRoutineAddress
ZwWaitForSingleObject
_stricmp
PsGetCurrentProcessId
KfAcquireSpinLock
KfReleaseSpinLock
2M2b2k2
2>3D3_3f3t3
4.5Z5d5l5
5 6)6:6n6x6
3!3H3M3R3]3i3p354j4t4
5@6J6R6e6o6w6
;:<J<i<w<
?"?&?*?.?2?6?:?>?B?F?J?N?R?]?
0'000<0M0l0v0
0f1p1x1
2Z2b3l3
344H4R4Z4
4H5R5Z5
7#7O7{7
8G8]8s8
292N2d2m2w2
3 3[3]4g4o4
8V8d8@9x9
:Q:Y:z:
X0$1r1|1
7)7?7W7
8&8M8t8
9!929s9
<&=P=0>
1 2?2F2W2f2m2
3h4r4z4
4G5[5e5m5z5
9Z:`:p:v:
0*141Y1y1
2<2T2Y2E3
82888B8J8
9(979U9j9
= =,=K=V=
>">9>z>
081?1L1S1Z1l1
5 5K5U5i5p5
=+=C=\=p=~=
!080U0z0
0I1O1T1
2'51595
8 8H8l8v8
9-9:9J9W9d9q9
9.:7:g:u:
<O<Y<d<t<z<
:Q;[;c;~;
;Z<_<s<
10;0B0o0y0
3?4D4I4N4
7"7I7O7
8E8O8m8w8
8$9.999
<0<=<\<j<
080o071A1I1_1i1q1
2!3b3l3t3
3^4f4o4
?A?X?o?
>0E0L0S0Z0a0h0o0}0
151L1f1
1G2N2U2\2c2j2q2x2
616C6J6
081!2c2
8p:y:~:
(010}0
1 1'1.1
>,>R>o>
0$0J0P0
0;1L1O2U2[2a2g2m2s2
;&<B<_<o<~=
>!?(?/?6?=?D?c?j?q?x?
)0T0m0
6?9a9j9
:&:,:Q:v:
3(373=3
4#474m4x4
9C9J9R9
0l2r2x2~2
6A6H6Z6c6u6~6
7"7B7I7S7X7b7m7
8'8,868;8E8J8T8Y8c8h8r8w8
9$9*9/959;9A9F9L9W9e9r9
:0:6:O:U:i:o:
;A;];f;o;w;
<!<&<0<5<?<D<N<S<]<b<l<q<{<
= =%=/=4=>=I=`=j=u=
> >%>/>D>I>N>X>]>h>n>v>
?"?'?1?6?A?G?N?T?b?g?q?v?
0%0*04090D0I0
1#1-121<1A1K1P1Z1_1k1p1~1
262;2M2d2s2~2
4(4H4T4j4
5 5(535H5Q5W5v5
7C8L8V8m8u8
:4:\:f:~:
<A<M<^<c<
1!2E2N2W2^2g2m2s2}2
<8=A=T=
?$?6?=?
1 1$1(1,1014181<1@1X1\1`1d1
1 2$2(2,202p2t2x2|2
3T3X3\3`3d3
;%;=;D;
< ?&?8???
1 1$1(1,1014181<1T1X1\1`1
2 2$2(2,2l2p2t2x2|2
3P3T3X3\3`3
3X6^6d6j6p6v6
7 7.737A7F7T7Y7e7s7x7
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
80=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=
@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
1(1H1h1
2,202L2P2
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
1(1,10181<1@1D1H1L1P1T1\1`1d1h1l1p1t1x1|1
5$5,545<5D5L5T5\5d5t5|5
6$6,646<6D6L6T6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848D8L8T8\8d8l8t8
9$9,949<9D9L9\9d9l9t9|9
:$:,:4:<:D:L:T:\:d:l:t:|:
;$;4;D;L;T;d;l;|;
<$<,<4<<<D<L<T<\<d<l<t<|<
= =$=(=0=4=8=@=D=H=P=T=X=`=d=h=p=t=x=
0 0$0(0,0004080<0@0D0H0L0
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160721000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
u1H/P\
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!0 0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
http://www.mcafee.com 0
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
180829080031Z0#
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
171101191842Z
181101191842Z0
Washington1
Redmond1
Microsoft Corporation1;09
2Microsoft Windows Hardware Compatibility Publisher0
-.7jvp|A|
232825+2432940
chttp://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crl0
ehttp://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crt0
$dO\;J0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
120418234838Z
270418235838Z0
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
-g<'<V
}PH.=C
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
p%|Yi1$
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 2012
(https://www.microsoft.com/en-us/windows 0
20180829155738.618Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:B1B7-F67F-FEC21%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
160907175657Z
180907175657Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:B1B7-F67F-FEC21%0#
Microsoft Time-Stamp Service0
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100701213655Z
250701214655Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
$`2X`F
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
oK0D$"<
r~akow
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:B1B7-F67F-FEC21%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher NTS ESN:57F6-C1E0-554C1+0)
"Microsoft Time Source Master Clock0
20180829125704Z
20180830125704Z0w0=
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160816000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
http://www.mcafee.com 0
20180829080041Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G2
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
170102000000Z
280401235959Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G20
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-50
\Z^ k;
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
180829080041Z0/
/1(0&0$0"
!This program cannot be run in DOS mode.
h.rdata
H.data
.pdata
H.bldvar
B.reloc
D$ MFE1
WATAUAVAWH
A_A^A]A\_
WATAUH
0A]A\_
VWATAUAVH
A^A]A\_^
WATAUAVAWH
A_A^A]A\_
x ATAUAVH
@A^A]A\
H9t$Pt
G8H9D$0t
H9t$Pt
H9T$0t
H!;H!{
H9\$@u
@SUVWATAUH
A]A\_^][
@SUVWATH
A\_^][
UVWATAUH
A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
L$PH9l$Pt%H
L$PH9l$Pt%H
L$PH9l$Pt%H
UVWATAUH
D$@D9hHt
A]A\_^]
\$ UVWATAUAVAWH
A_A^A]A\_^]
\$ UVWATAUAVAWH
A_A^A]A\_^]
VWATAUAVAWH
I!{ H!|$X3
A_A^A]A\_^
WATAUH
A]A\_
D$@|xH
8\t^Hc
H;L$@H
t$ WATAUAVAWH
L$@H9\$8u
L$@H9\$8
9\$Ht;D;
A_A^A]A\_
H9t$0t
H9T$@t
t$ WATAUAVAWH
u L9aXuJL
A_A^A]A\_
UVWATAUAVAWH
L9\$Pt
A_A^A]A\_^]
x ATAUAVH
P:fA9T$T
A^A]A\
L$ ATAUAVH
@A^A]A\
VWATAUAVH
@A^A]A\_^
t$ WATAUAVAWH
I!8I!9H
A_A^A]A\_
VWATAUAVH
0A^A]A\_^
WATAUAVAWH
A_A^A]A\_
UVWAUAVH
@88t$A
A^A]_^]
UVWATAUAVAWH
A_A^A]A\_^]
t$ WATAUH
WATAVH
A^A\_H
UVWATAUAVAWH
@A_A^A]A\_^]
VWATAUAVH
0A^A]A\_^
WAUAVH
{8H9{0t
WAVAWH
A_A^_
|$ AVH
@SUVWATH
A\_^][
H92tTH;
p WATAUH
@A]A\_
\$ D;Z
\$ D;Z
ATAUAVH
A^A]A\
UUUUUUUUH
33333333H
x ATAUL
WATAUAVAWH
A_A^A]A\_
UVWATAUH
pA]A\_^]
\$ D;Z
t$ WATAUAVAWH
D$4H)C
A_A^A]A\_
\$ E;X
D$0D)\$8J
@SUVWH
D$PuDH
t$ WATAUH
t>L9gH
A]A\_H
x ATAUAVH
A^A]A\
\$0D;Z
@SUVWATAUAVAWH
t2L93u
tBL9sH
A_A^A]A\_^][
WATAUAVAWH
fD9>t|M;
twfE9<$tpf
A_A^A]A\_
t>H9{H
WATAUAVAWH
t6D91v
A_A^A]A\_
WATAUAVAWH
tDH9GH
A_A^A]A\_
WATAUH
A]A\_
x ATAUH
WATAUH
A]A\_
L$DD!\$@E
WATAUAVAWH
0A_A^A]A\_
UVWATAUAVAWH
A_A^A]A\_^]
t$ WATAUAVAWH
0A_A^A]A\_
SUVWATH
PA\_^][
WATAUH
A]A\_
tCf9\$Pt
f9\$Pt
tHf9\$Pt
f9\$Pt
tEf9\$Pt
f9\$Pt
tJf9\$Pt
f9\$Pt
f;k0sMH
fD;C0s/M
WATAUH
A]A\_
x ATAUAVH
0A^A]A\
WATAUAVAWH
0A_A^A]A\_
x ATAUAVH
0A^A]A\
WATAUAVAWH
0A_A^A]A\_
x AUAVAWH
T$8uYH
@A_A^A]
L$PH9)
WATAUH
uIfD9/tAL
VWATAUAVH
.L9t$ u
0A^A]A\_^
uUfD9d$Pu
VWATAVAWH
L9\$xtjH
A_A^A\_^
VWATAVAWH
A_A^A\_^
VWATAUAWH
A_A]A\_^
x ATAUAVH
A^A]A\
UVWATAUAVAWH
9D$Pt&
D9|$Ht
A_A^A]A\_^]
f;{0s(H
WATAUAVAWH
A_A^A]A\_
t)fD9A
WATAUAVAWH
0A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
` AUAVAWH
@A_A^A]
f;k0s&H
WATAUH
A]A\_
@SUVWATAUAVH
utfD9t$pt
0A^A]A\_^][
t$ WATAUH
A]A\_
t$ WATAUAVAWH
d$XfE;
A_A^A]A\_
WATAUAVAWH
L9|$ uqL9|$(uj
0A_A^A]A\_
x ATAUAVH
A^A]A\
x ATAUAVH
A^A]A\
x ATAUAVH
A^A]A\
x ATAUAVH
A^A]A\
UVWATAUAVAWH
pA_A^A]A\_^]
WAUAVH
D9t$hv#L
A^A]_
f9l$Xu
WATAUH
A]A\_
f9t$0t,
VWATAUAVH
0A^A]A\_^
3w?t6A
UVWATAUAVAWH
A_A^A]A\_^]
x ATAUAVH
A^A]A\
x ATAUAVH
fD97u3H
A^A]A\
x ATAUAVH
fD97u3H
A^A]A\
H9\$Xu
t f9\)
H9\$Xu
H!D$(H
WATAUH
u/fD9.u
A]A\_
uWf9l$@t
UVWATAUAVAWH
@A_A^A]A\_^]
VWATAUAVH
fD97t?H
L93t'A
0A^A]A\_^
tCfD;M
H!D$@H
WATAUH
A]A\_
WATAUAVAWH
A_A^A]A\_
T$ D;Q
WATAUAVAWH
@A_A^A]A\_
\$ UVWH
|$ ATH
l$ VWATH
D$(4 B
ALDCu!H
@SUVWATAUAVH
A^A]A\_^][
VWATAUAVH
A^A]A\_^
UAUAVAWH
A_A^A]]
t$ WATAUH
WATAUH
@8l$pt
A]A\_
WATAUH
@8l$pt
A]A\_
~+fffff
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
~+fffff
l$ VWATH
Controlling process monitor thread finishes with error code 0x%x
Controlling process monitor thread finishes normally
Controlling process died
Monitoring controlling process 0x%x
Failed to create monitor thread: 0x%x
.\ExecutableInfo.cpp
Win32Path().Len()
(ei.flags & Es::Path) && ei.path.len == e->ei.path.len
d:\build_854529\build\hostips\windows\source\hiparmor\hipshieldkernel\ExecutableSectionValues.h
refCnt>0
!esvRefCnt
exeTableHead
MfeHipsk::InjectionResultNofification injection state cannot be modified at this point
ERROR: MfeHipsk::InjectionResultNofification there was a problem getting the processinfo of current process
ERROR: MfeHipsk::InjectionResultNofification there was a problem updating injection state 0x%x on monitored pid 0x%x
MfeHipsk::InjectionResultNofification monitored pid 0x%x injection state updated to 0x%x
.\mfehipsk_content.cpp
n == 33
Failed to apply shield DB: 0x%x
Applied shield DB size 0x%x
Failed to set policies: 0x%x
Set Policies succeeded.
Instance has been stubbed out.
ERROR: Unexpected HamQ code 0x%x
d:\build_854529\build\hostips\windows\source\hiparmor\hipshieldkernel\ExecutableInfo.h
Pipe connect from pid 0x%x returns 0x%x,0x%x
Unable to exchange process state bits
Got %d byte query
Unable to query current process info for exchange
ContentDriverQuery received function %d
Executable Specifications Table contains %u entries
Applied executable table: %u entries, 0x%x + 0x%x bytes
Failed to apply executable table: 0x%x
GetMessages invalid parameter(s)
ConfigureInjection incorrect data size 0x%x.
StubOutInstance invalid parameter
SetPolicies incorrect data size 0x%x.
Illegal control attempt by pid 0x%x.
SetConfig incorrect data size 0x%x.
Control attempt by pid 0x%x rejected, code 0x%x.
.\mfehipsk_filefilter.cpp
KeGetCurrentIrql() <= APC_LEVEL
valuePtr == (Byte*)(&valueStorage + 1)
sectionPtr == (Byte*)(§ionStorage + 1)
ProcessIsStarted: pid 0x%x, flagx 0x%x, parent pid 0x%x
.\mfehipsk_procfilter.cpp
process
Unexpected error checking opened process with program engine: %d
Unable to filter open process access: Rules database not ready
Access bits 0x%x (mask 0x%x) stripped from OpenProcess(%S)
Unexpected failure to identify target process info
Unexpected failure to identify actor executable path
Unexpected failure to identify actor process executable instance
Unexpected error checking new process with program engine: %d
Unable to get image name for process being created
Unexpected failure to find ProcessInfo for 0x%x
NotifyProcessStart: pid 0x%x, parent pid 0x%x
NotifyProcessStop: pid 0x%x
.\mfehipsk_regfilter.cpp
\REGISTRY\MACHINE\SYSTEM\ControlSet\Services\
\Start
\REGISTRY\MACHINE\SYSTEM\ControlSet\Services\
\REGISTRY\MACHINE\SYSTEM\ControlSet\Hardware Profiles\
\System\CurrentControlSet\Enum\ROOT\LEGACY_
invalid
disabled
manual
automatic
system
\REGISTRY\MACHINE\SYSTEM\ControlSet\Services\
d:\build_854529\build\hostips\windows\source\hiparmor\hipshieldkernel\../HipShieldCommon/RegUtil.cpp
commonPrefixLen && oldPrefixLen
commonPrefix || valuePart
EventsDBPtr == (Byte*)(&EventsDBStorage + 1)
User mode returns error code 0x%x for sid lookup
User mode not listening for sid lookup
.\mfehipsk_sid.cpp
Out of resources to maintain sid map, code 0x%x
User mode failed to determine name for sid
Out of resources to maintain sid map
.\mfehipsk.cpp
references
me == v && memBuf == (Byte*)(me+1)
(MfeSai::Eid)p == InvalidEid
me == v+n && memBuf == (Byte*)(me+1)
eid != InvalidEid
dbContext
!dbContext
Eid %u
Db: %s
DriverUnload
!references
references == 1
MfeHipsk::ReleaseAndDestroy
!exeTableDb && !exeTableDbRef
(memBuf - storage) <= sizeof(Section)
(memBuf - storage) <= sizeof(Value)
old != newValues
Failed to load avfk driver
Failed to get name cache service
avfkHandle == INVALID_HANDLE_VALUE
Loading avfk driver for name cache service
Existing avfk driver instance is providing name cache service
value && !value->next && GetValueType(value) == VAL_TYPE_UNICODE && value->size > 2
Failed to create MfeHipsk initialization thread: 0x%x
Driver entry returning %x
Bad load arguments
Bad version info
clientContext->Init returned %x
DriverEntry
d:\build_854529\build\hostips\windows\source\hiparmor\hipshieldkernel\../InjectionK/ProcessMonitoring.cpp
Unexpected failure querying pid 0x%x bits
%s Eid %u
Descend
NoSync
Exclude
Include
Injection lists:
exeTableDb
Potential ProcessInfo management issue for pid 0x%x
processEntry
bucket
state != Startup
Process 0x%x is not currently registered
msg->pid == (int)XntGetCurrentProcessId()
d:\build_854529\build\hostips\windows\source\sai\private\SaiEidVector.h
NumSparse() < SaiEidVectorSparseThreshold
d:\build_854529\build\hostips\windows\source\hiparmor\hipshieldkernel\../../Sai/Match/SaiUnPatch.cpp
d:\build_854529\build\hostips\windows\source\hiparmor\hipshieldkernel\../../Sai/Match/SaiMatchTrie.cpp
subStrLen
Unexpected failure to allocate message space
Unexpected resource failure copying string: 0x%x
d:\build_854529\build\hostips\windows\source\hiparmor\hipshieldkernel\../../Sai/Match/SaiLookupHelper.cpp
currentTrace
stillHasWildCards
shortenedVersion.Len() >= 3
Unexpected low resource state
Unexpected 0x%x bit module
Unexpected null module path
Unexpected failure querying module information
Pid 0x%x is network facing
Process monitoring configured (%s) 0x%x/0x%x/0x%x/0x%x
async only
with sync
Unable to identify 0x%x for ips enforcement
Unable to identify unregistered 0x%x for ips enforcement
Unable to identify a process for ips enforcement
No services manager process was registered
Process stopped during startup notifications: 0x%x
servicesPid == (HANDLE)-1
Unexpected failure to find a process entry
UM module load report failure: 0x%x
NoticeLoadImage - ProcessEntry::SyncInjectionActive is set: 0x%x
NoticeLoadImage - wantSyncInjected true. Setting SyncInjectionActive flag: 0x%x
Unexpected missing process entry during image load: 0x%x
InjectionK
Unexpected empty syscore path for process: 0x%x
Inserted new process entry: 0x%x
Unexpected failure to insert a process entry: 0x%x
Unexpected failure to create a new process entry: 0x%x
Unable to add pid 0x%x for tracking
Parent process 0x%x is not registered
.\HipArmorKernelLog.cpp
sendSize <= bufSize
, local_file
, query
, raw_url
raw_data
Agent truncated details - too much data to display.
- too much data to display.
Agent was unable to send advanced details
Agent was unable to send advanced details for sections:
TruncateStringValues: Packed query size:%d.
SC_Block:PackupViolationInDb:PackAndPatchEventsDB() failed.
SC_Block:PackupViolationInDb:SC_Malloc() failed.
SC_Block:PackupViolationInDb:GetEventsDBTotalSize() 2 failed.
SC_Block:PackupViolationInDb:GetEventsDBTotalSize() failed.
SC_Block:PackupViolationInDb:CreateEventsDB() failed.
D:\BUILD_854529\BUILD\HostIps\Windows\Source\HipArmor\Db/Match/sc_block.c
D:\BUILD_854529\BUILD\HostIps\Windows\Source\HipArmor\Db/Match/trie.c
isNodeAttributeSet(me, TRIE_NODE_ATTRIB_IS_ID_MAP)
SC_Block: CreateEventsDB() failed.
SC_Block: AddNewSectionToEvent(SCDB_SECTION_USER_GROUPS) failed.
SC_Block: AddNewStringValToSec() failed.
SC_Block: PackupViolationInDb() failed.
%s event matching sig %d
Reaction to event matching sig %d has been downgraded to log due to unknown application path
Unexpected failure removing internal detail from violation
SC_Block:Found auto gen rule
SC_Block: SC_GetGlobalData(policies_head) failed.
GetValueType(val) == VAL_TYPE_EXEC_ID
CreateClassTree: GetNextRelevantSecForClass(%ld) failed
CreateClassTree: isReqTrie(%ld, %ld) failed
CreateClassTree: CreateTrieNode() failed.
linkCandChainsInSuperTree failed
AddRulesDbToSuperTree failed
CreateSuperTree failed
BuildSuperTree: AddNewConstStringValTOSec(g_incAddSec, allChars) failed
BuildSuperTree: CreateRuleSection(g_incAllSec) failed
Tamper
Illegal_API_Use
Program
Illegal Use
Buffer_Overflow
Services
Registry
Exceptions
*SG_Global*
*SG_Internal*
Parent Executable Fingerprint
Parent Executable Description
Parent Executable Subject Org Name
Parent Executable Is Trusted SDN
Parent Executable SDN
Parent Executable Path
Executable Fingerprint
Executable Description
Subject Organization Name
Is Trusted Subject Distinguished Name
Subject Distinguished Name
treaction
Disable Globals
ex_Group_SID
Take ownership
Warning Note
violations
module stack
dependencies
user groups
token handle
global logon id
session id
process id
unique rule ids
wrkstn name
domain user name
domain name
user name
Executable
application
illegal_api_use:invalid_call
illegal_api_use:bad_parameter
Vulnerability Name
Detailed Event Info
sql:request
transport
sql_user_password
authentication_mode
sql_line_comment
sp_param_char_len_ten
sp_param_char_len_nine
sp_param_char_len_eight
sp_param_char_len_seven
sp_param_char_len_six
sp_param_char_len_five
sp_param_char_len_four
sp_param_char_len_three
sp_param_char_len_two
sp_param_char_len_one
sp_param_orig_len_ten
sp_param_orig_len_nine
sp_param_orig_len_eight
sp_param_orig_len_seven
sp_param_orig_len_six
sp_param_orig_len_five
sp_param_orig_len_four
sp_param_orig_len_three
sp_param_orig_len_two
sp_param_orig_len_one
sp_param_ten
sp_param_nine
sp_param_eight
sp_param_seven
sp_param_six
sp_param_five
sp_param_four
sp_param_three
sp_param_two
sp_param_one
client_agent
server_name
db_user_name
sql_original_query
sql_query
sp_name
isapi:response
isapi:request
isapi:rawdata
isapi:reqquery
isapi:requrl
content len
server
source
raw url
local file
method
Web Server Type
raw data
files:permissions
files:hardlink
files:writeop
files:attribute
files:rename
files:delete
files:execute
files:write
files:read
files:create
drive type
dest file
hook:set_windows_hook
Handler Description
Handler Fingerprint
Handler Organization Name
Handler Is Trusted Distinguished Name
Handler Distinguished Name
Handler Path
Handler Module
image:load_for_execute
Image Description
Image Fingerprint
Image Organization Name
Image Is Trusted Distinguished Name
Image Distinguished Name
Image Path
program:open_with_any
program:open_with_create_thread
program:open_with_wait
program:open_with_modify
program:open_with_terminate
program:run
Target Fingerprint
Target Description
Target Organization Name
Is Trusted Target Distinguished Name
Target Distinguished Name
Target Executable
illegal:api
bo:dep_viol
bo:dep_write
bo:dep_heap
bo:dep_stack
bo:privilege_escalation
bo:no_module
bo:different_stack
bo:call_return_to_api
bo:call_different_target
bo:call_not_found
bo:call_return_unreadable
bo:invalid_call
bo:writeable_memory
bo:heap
bo:stack
DLL Name
Caller Description
Caller Fingerprint
Caller Organization Name
Caller Is Trusted Distinguished Name
Caller Distinguished Name
Caller Path
Caller Module
target_bytes
API Name
services:delete
services:create
services:logon
services:profile_disable
services:profile_enable
services:startup
services:continue
services:pause
services:stop
services:start
group names
hw profile
new startup
old startup
params
display names
services
registry:open_existing_key
registry:load
registry:replace
registry:restore
registry:monitor
registry:enumerate
registry:permissions
registry:modify
registry:delete
registry:rename
registry:read
registry:create
new data type
old data type
new data
old data
dest keys
values
Exclude_more
Include_more
attributes
directives
Exclude
Include
Exception
UNKNOWN
policiesHead
shieldDbHead
UNICODE-MIN_VAL
INT-MIN_VAL
HEXBIN-MIN_VAL
BIN-MIN_VAL
EXEC_ID
ERROR!!! NO SUCH TYPE
STRING-MIN_VAL
STRING
UNICODE
HEXBIN
MIN_VALUE
CASE_SENSITIVE
DATA_OWNER
OWN_MYSELF
DATA_STAR
CREATED_IN_KERNEL_MODE
ERROR!!! NO SUCH ATTRIBUTE
(TC) isValidRelativePtr: %s - unexpected offset value (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
(TC) isValidRelativePtr: %s - invalid ptr offset (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
(TC) isValidRelativePtr: %s - invalid offset (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
UnpatchValue: me->data.bin
UnpatchValue: me->next
(TC) UnpatchValue: me->size (%ld) invalid data size
(TC) UnpatchValue: me->attributes invalid attr or val
FreeValue: tried to free INT value!
%sattributes %s= %s = %s
%snext = 0x%p
%ssize = %ld
%sexData = %ld
%sdata = "%s"
%sdata = "%S"
%sdata = "0x%p"
%sdata = %ld
%stype = %s
%s--- Value ---
NOVAL_REV
NOVAL_REM
NOVAL_ALL
IS_CREATED_IN_KERNEL_MODE
NO SUCH ATTRIBUTE!
IS_OWN_MYSELF
DONT_DISPLAY
DONT_COMPARE
DONT_ALLOW_EX
INCLUDE
EXCLUDE
UnpatchSection: me->next
UnpatchSection: me->values
(TC) UnpatchSection: me->type invalid
(TC) UnpatchSection: me->attributes invalid attr or val
%svalues = 0x%p
%snext = 0x%p
%stype = %ld
%sname = %s
%s--- Section ---
EXCEPTION_CREATED_FROM_RULE
AUDIT_MODE_SUPPORTED
NOT_AUDITABLE
NO_LOG
EXCEPTION_MATCHES_ALL_RULE_IDS
EXCEPTION
INACTIVE
NO_TRUSTED_APPS
(TC) UnpatchEvent: me->type invalid
(TC) UnpatchEvent: me->sigId invalid
UnpatchEvent (me->secLookupTable[i].v)
UnpatchEvent: me->next
UnpatchEvent: me->sections
(TC) UnpatchEvent: me->attributes invalid attribute
(TC) UnpatchEvent: me->directives invalid directive value
%sdirectives = %s
%ssections = 0x%p
%ssecLookupTable[%3ld] = 0x%p
%sreaction = %ld
%suniqueId = %ld (0x%lx)
%ssigId = %ld (0x%lx)
%sengine name = %s
%sengineType = %ld
%s--- %s ---
UnpatchEventsDB: me->events
(TC) UnpatchEventsDB: me->attributes invalid attr
(TC) UnpackEventsDBCkSm: invalid size
(TC) UnpackEventsDBCkSm: invalid values:%u %u
FindAndAddRulesToSection: SetEventDirective() failed. (#1)
FindAndAddRulesToSection: UniqueIdFromRule() failed. (#1)
FindAndAddRulesToSection: AddNewInstValueToSection() failed. (#1)
LinkRulesToException: FindAndAddRulesToSection() failed.(#2)
LinkRulesToException: RemoveSectionFromInst() failed.
LinkRulesToException: FindAndAddRulesToSection() failed.(#1)
LinkRulesToException: SetSectionAttribute(SEC_ATTRIB_DONT_COMPARE) failed.
LinkRulesToException: AddNewSectionToEvent(SCDB_SECTION_RULES) failed.
LinkRulesToException: SetEventAttribute(EVENT_ATTRIB_EXCEPTION_MATCHES_ALL_RULE_IDS) failed.
LinkRulesToException: GetSectionFromEvent(SCDB_SECTION_ID) failed.
SC_Malloc:Can't allocate memory,size %d
D:\BUILD_854529\BUILD\HostIps\Windows\Source\HipArmor\Db/Common/sc_malloc.c
D:\BUILD_854529\BUILD\HostIps\Windows\Source\HipArmor\Db/Match/IdMap.cpp
Failed to create IdMap: 0x%x
Failed to create IdMap: no memory
Failed to access IdMap: 0x%x
Failed to lookup IdMap: 0x%x
firstAvailable
D:\BUILD_854529\BUILD\HostSharedSource\HssUtils/Mk/MkMap.cpp
("Illegal insert of item that already exists in map", 0)
("Illegal remove of item that does not exist in map",0)
ASSERT:
.\assertives.cpp
Runtime static initializer failure.
[o ,System
0123456789abcdef0x
0123456789ABCDEF0X
RSDS#m
D:\BUILD_854529\BUILD\HostIps\Windows\Source\HipArmor\amd64rel\mfeepmpk.pdb
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
PsTerminateSystemThread
KeWaitForMultipleObjects
ZwClose
PsCreateSystemThread
ExInitializeResourceLite
ExDeleteResourceLite
ExAcquireResourceSharedLite
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeClearEvent
__C_specific_handler
MmHighestUserAddress
IoGetCurrentProcess
PsDereferencePrimaryToken
PsReferencePrimaryToken
ProbeForRead
ProbeForWrite
PsGetProcessId
ObfDereferenceObject
PsLookupProcessByProcessId
RtlCompareMemory
ZwQueryValueKey
RtlInitUnicodeString
ObOpenObjectByPointer
ZwOpenKey
ZwEnumerateValueKey
towupper
wcsncmp
_wcsnicmp
wcschr
SeReleaseSubjectContext
SeUnlockSubjectContext
SeLockSubjectContext
SeCaptureSubjectContext
RtlValidSid
ExFreePoolWithTag
RtlLengthSid
ObReferenceObjectByHandle
RtlGetVersion
MmIsAddressValid
MmSystemRangeStart
_purecall
PsGetCurrentThreadId
ExAllocatePoolWithTag
ZwQueryInformationProcess
ZwOpenProcess
strncat
strncpy
RtlUpcaseUnicodeChar
RtlUpperChar
wcsncpy
wcscspn
ntoskrnl.exe
KeQueryPerformanceCounter
HAL.dll
KeBugCheckEx
KeNumberProcessors
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
DbgPrint
DbgBreakPoint
strrchr
IoCreateSymbolicLink
IoDeleteSymbolicLink
ZwDeviceIoControlFile
ZwOpenFile
ZwSetValueKey
MmGetSystemRoutineAddress
ZwWaitForSingleObject
_stricmp
PsGetCurrentProcessId
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160721000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
u1H/P\
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!0 0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
http://www.mcafee.com 0
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
180829082059Z0#
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
171101191842Z
181101191842Z0
Washington1
Redmond1
Microsoft Corporation1;09
2Microsoft Windows Hardware Compatibility Publisher0
-.7jvp|A|
232825+2432940
chttp://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crl0
ehttp://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crt0
$dO\;J0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
120418234838Z
270418235838Z0
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
-g<'<V
}PH.=C
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
p%|Yi1$
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 2012
(https://www.microsoft.com/en-us/windows 0
20180829155735.402Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:BBEC-30CA-2DBE1%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
160907175648Z
180907175648Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:BBEC-30CA-2DBE1%0#
Microsoft Time-Stamp Service0
zUsKaC
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
(/*JQy y9*w
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100701213655Z
250701214655Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
$`2X`F
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
oK0D$"<
r~akow
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:BBEC-30CA-2DBE1%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher NTS ESN:57F6-C1E0-554C1+0)
"Microsoft Time Source Master Clock0
20180829202638Z
20180830202638Z0t0:
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
,qc-kP
Ax_t}+Ft
=)&d-E
KSWK2}j
Y.7\.Q
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160816000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
http://www.mcafee.com 0
20180829082109Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G3
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
171223000000Z
290322235959Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G30
?'J3Nm
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-60
U){9FN
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
180829082109Z0/
/1(0&0$0"
AJyQ.,C:j
!This program cannot be run in DOS mode.
h.rdata
H.data
H.bldvar
B.reloc
hMFE1W
PhMFE1SSW
Ch;FXt
Fh9~lv
t0IIt'IIt
Ht`HtKHt
\t8W@P
QSSSSh
j<h 1B
j\h@1B
t"j\[f;
HHt.Ht
9~HuLh
YYSSSS
t$WWWW
~$9~ t
t$jJjIjHjGjFjEj
jDjCjBjAj@j*j
VhIPSrhX
VhIPSqh
97u)j
t+Ht(Ht%Ht
HtsHt>Ht
Ht6Ht(Ht
*t j&^j
f;2tGOtB
f;2t7Ot2
4At@Sf
u+f9] t%
!wEt=Ht4Ht+HHt!
"t>HHt4
Ht4Ht'Ht
HtPHtAHt#;u
Ht<Ht/Ht
Ht\HtMHt.;u
w@t7Ht-Ht#HHt
w@t7Ht-Ht#HHt
QQSVW3
DPPWhL
Ht7Ht*Ht
HtWHtHHt(;u
GGFF;}
Jt6Jt JJt
Jt5Jt"JJt
WhIPSVj
WhIPSvj
WWh`UB
WhIPSsj
WhIPSeh
WhIPSdj(
WWh`VB
WhIPSSj
WWh`WB
tDHt:Ht0Ht&Ht
tEHt:Ht/Ht$Ht
hMHipQ
BQh`WB
&Qh`VB
t0f;;t<
It'Iu,
URPQQh
hmfemP
hmfemP
hmfemP
hmfemh
hmfemh
hMFE1QP
t8h$&B
tAh &B
hMFE0PQ
hMFE0P
VhMFEKhX
t`hMFEKhX
hMFEKW
hMFEKV
PVh4 B
hmfePV
hmfePV
w%Wh\'B
Controlling process monitor thread finishes with error code 0x%x
Controlling process monitor thread finishes normally
Controlling process died
Monitoring controlling process 0x%x
Failed to create monitor thread: 0x%x
.\ExecutableInfo.cpp
Win32Path().Len()
(ei.flags & Es::Path) && ei.path.len == e->ei.path.len
d:\build_854526\build\hostips\windows\source\hiparmor\hipshieldkernel\ExecutableSectionValues.h
refCnt>0
!esvRefCnt
exeTableHead
MfeHipsk::InjectionResultNofification injection state cannot be modified at this point
ERROR: MfeHipsk::InjectionResultNofification there was a problem getting the processinfo of current process
ERROR: MfeHipsk::InjectionResultNofification there was a problem updating injection state 0x%x on monitored pid 0x%x
MfeHipsk::InjectionResultNofification monitored pid 0x%x injection state updated to 0x%x
.\mfehipsk_content.cpp
n == 33
Failed to apply shield DB: 0x%x
Applied shield DB size 0x%x
Failed to set policies: 0x%x
Set Policies succeeded.
Instance has been stubbed out.
ERROR: Unexpected HamQ code 0x%x
d:\build_854526\build\hostips\windows\source\hiparmor\hipshieldkernel\ExecutableInfo.h
Pipe connect from pid 0x%x returns 0x%x,0x%x
Unable to exchange process state bits
Unable to query current process info for exchange
Got %d byte query
ContentDriverQuery received function %d
Executable Specifications Table contains %u entries
Applied executable table: %u entries, 0x%x + 0x%x bytes
Failed to apply executable table: 0x%x
GetMessages invalid parameter(s)
ConfigureInjection incorrect data size 0x%x.
StubOutInstance invalid parameter
SetPolicies incorrect data size 0x%x.
Illegal control attempt by pid 0x%x.
SetConfig incorrect data size 0x%x.
Control attempt by pid 0x%x rejected, code 0x%x.
KeGetCurrentIrql() <= APC_LEVEL
.\mfehipsk_filefilter.cpp
valuePtr == (Byte*)(&valueStorage + 1)
sectionPtr == (Byte*)(§ionStorage + 1)
ProcessIsStarted: pid 0x%x, flagx 0x%x, parent pid 0x%x
process
.\mfehipsk_procfilter.cpp
Access bits 0x%x (mask 0x%x) stripped from OpenProcess(%S)
Unexpected error checking opened process with program engine: %d
Unable to filter open process access: Rules database not ready
Unexpected failure to identify target process info
Unexpected failure to identify actor executable path
Unexpected failure to identify actor process executable instance
Unexpected error checking new process with program engine: %d
Unable to get image name for process being created
Unexpected failure to find ProcessInfo for 0x%x
NotifyProcessStart: pid 0x%x, parent pid 0x%x
NotifyProcessStop: pid 0x%x
.\mfehipsk_regfilter.cpp
\REGISTRY\MACHINE\SYSTEM\ControlSet\Services\
\Start
\REGISTRY\MACHINE\SYSTEM\ControlSet\Services\
\REGISTRY\MACHINE\SYSTEM\ControlSet\Hardware Profiles\
\System\CurrentControlSet\Enum\ROOT\LEGACY_
invalid
disabled
manual
automatic
system
\REGISTRY\MACHINE\SYSTEM\ControlSet\Services\
d:\build_854526\build\hostips\windows\source\hiparmor\hipshieldkernel\../HipShieldCommon/RegUtil.cpp
commonPrefixLen && oldPrefixLen
commonPrefix || valuePart
EventsDBPtr == (Byte*)(&EventsDBStorage + 1)
User mode returns error code 0x%x for sid lookup
.\mfehipsk_sid.cpp
User mode not listening for sid lookup
Out of resources to maintain sid map, code 0x%x
User mode failed to determine name for sid
Out of resources to maintain sid map
.\mfehipsk.cpp
references
me == v && memBuf == (Byte*)(me+1)
(MfeSai::Eid)p == InvalidEid
me == v+n && memBuf == (Byte*)(me+1)
eid != InvalidEid
dbContext
!dbContext
Eid %u
Db: %s
DriverUnload
!references
references == 1
MfeHipsk::ReleaseAndDestroy
!exeTableDb && !exeTableDbRef
(memBuf - storage) <= sizeof(Section)
(memBuf - storage) <= sizeof(Value)
old != newValues
Failed to load avfk driver
Failed to get name cache service
avfkHandle == INVALID_HANDLE_VALUE
Loading avfk driver for name cache service
Existing avfk driver instance is providing name cache service
value && !value->next && GetValueType(value) == VAL_TYPE_UNICODE && value->size > 2
Failed to create MfeHipsk initialization thread: 0x%x
Driver entry returning %x
Bad load arguments
Bad version info
clientContext->Init returned %x
DriverEntry
d:\build_854526\build\hostips\windows\source\hiparmor\hipshieldkernel\../InjectionK/ProcessMonitoring.cpp
Unexpected failure querying pid 0x%x bits
%s Eid %u
Descend
NoSync
Exclude
Include
Injection lists:
exeTableDb
Potential ProcessInfo management issue for pid 0x%x
processEntry
bucket
state != Startup
Process 0x%x is not currently registered
d:\build_854526\build\hostips\windows\source\sai\private\SaiEidVector.h
NumSparse() < SaiEidVectorSparseThreshold
d:\build_854526\build\hostips\windows\source\hiparmor\hipshieldkernel\../../Sai/Match/SaiUnPatch.cpp
d:\build_854526\build\hostips\windows\source\hiparmor\hipshieldkernel\../../Sai/Match/SaiMatchTrie.cpp
subStrLen
Unexpected failure to allocate message space
Unexpected resource failure copying string: 0x%x
d:\build_854526\build\hostips\windows\source\hiparmor\hipshieldkernel\../../Sai/Match/SaiLookupHelper.cpp
currentTrace
stillHasWildCards
shortenedVersion.Len() >= 3
Unexpected low resource state
Unexpected 0x%x bit module
Unexpected null module path
Unexpected failure querying module information
Pid 0x%x is network facing
Process monitoring configured (%s) 0x%x/0x%x/0x%x/0x%x
async only
with sync
Unable to identify 0x%x for ips enforcement
Unable to identify unregistered 0x%x for ips enforcement
Unable to identify a process for ips enforcement
No services manager process was registered
Process stopped during startup notifications: 0x%x
servicesPid == (HANDLE)-1
Unexpected failure to find a process entry
UM module load report failure: 0x%x
NoticeLoadImage - ProcessEntry::SyncInjectionActive is set: 0x%x
NoticeLoadImage - wantSyncInjected true. Setting SyncInjectionActive flag: 0x%x
Unexpected missing process entry during image load: 0x%x
InjectionK
Unexpected empty syscore path for process: 0x%x
Inserted new process entry: 0x%x
Unexpected failure to insert a process entry: 0x%x
Unexpected failure to create a new process entry: 0x%x
Unable to add pid 0x%x for tracking
Parent process 0x%x is not registered
.\HipArmorKernelLog.cpp
sendSize <= bufSize
, local_file
, query
, raw_url
raw_data
Agent truncated details - too much data to display.
- too much data to display.
Agent was unable to send advanced details
Agent was unable to send advanced details for sections:
TruncateStringValues: Packed query size:%d.
SC_Block:PackupViolationInDb:PackAndPatchEventsDB() failed.
SC_Block:PackupViolationInDb:SC_Malloc() failed.
SC_Block:PackupViolationInDb:GetEventsDBTotalSize() 2 failed.
SC_Block:PackupViolationInDb:GetEventsDBTotalSize() failed.
SC_Block:PackupViolationInDb:CreateEventsDB() failed.
D:\BUILD_854526\BUILD\HostIps\Windows\Source\HipArmor\Db/Match/sc_block.c
D:\BUILD_854526\BUILD\HostIps\Windows\Source\HipArmor\Db/Match/trie.c
isNodeAttributeSet(me, TRIE_NODE_ATTRIB_IS_ID_MAP)
SC_Block: PackupViolationInDb() failed.
SC_Block: AddNewStringValToSec() failed.
SC_Block: AddNewSectionToEvent(SCDB_SECTION_USER_GROUPS) failed.
SC_Block: CreateEventsDB() failed.
%s event matching sig %d
Reaction to event matching sig %d has been downgraded to log due to unknown application path
Unexpected failure removing internal detail from violation
SC_Block:Found auto gen rule
SC_Block: SC_GetGlobalData(policies_head) failed.
GetValueType(val) == VAL_TYPE_EXEC_ID
CreateClassTree: CreateTrieNode() failed.
CreateClassTree: isReqTrie(%ld, %ld) failed
CreateClassTree: GetNextRelevantSecForClass(%ld) failed
linkCandChainsInSuperTree failed
AddRulesDbToSuperTree failed
CreateSuperTree failed
BuildSuperTree: AddNewConstStringValTOSec(g_incAddSec, allChars) failed
BuildSuperTree: CreateRuleSection(g_incAllSec) failed
Tamper
Illegal_API_Use
Program
Illegal Use
Buffer_Overflow
Services
Registry
Exceptions
*SG_Global*
*SG_Internal*
Parent Executable Fingerprint
Parent Executable Description
Parent Executable Subject Org Name
Parent Executable Is Trusted SDN
Parent Executable SDN
Parent Executable Path
Executable Fingerprint
Executable Description
Subject Organization Name
Is Trusted Subject Distinguished Name
Subject Distinguished Name
treaction
Disable Globals
ex_Group_SID
Take ownership
Warning Note
violations
module stack
dependencies
user groups
token handle
global logon id
session id
process id
unique rule ids
wrkstn name
domain user name
domain name
user name
Executable
application
illegal_api_use:invalid_call
illegal_api_use:bad_parameter
Vulnerability Name
Detailed Event Info
sql:request
transport
sql_user_password
authentication_mode
sql_line_comment
sp_param_char_len_ten
sp_param_char_len_nine
sp_param_char_len_eight
sp_param_char_len_seven
sp_param_char_len_six
sp_param_char_len_five
sp_param_char_len_four
sp_param_char_len_three
sp_param_char_len_two
sp_param_char_len_one
sp_param_orig_len_ten
sp_param_orig_len_nine
sp_param_orig_len_eight
sp_param_orig_len_seven
sp_param_orig_len_six
sp_param_orig_len_five
sp_param_orig_len_four
sp_param_orig_len_three
sp_param_orig_len_two
sp_param_orig_len_one
sp_param_ten
sp_param_nine
sp_param_eight
sp_param_seven
sp_param_six
sp_param_five
sp_param_four
sp_param_three
sp_param_two
sp_param_one
client_agent
server_name
db_user_name
sql_original_query
sql_query
sp_name
isapi:response
isapi:request
isapi:rawdata
isapi:reqquery
isapi:requrl
content len
server
source
raw url
local file
method
Web Server Type
raw data
files:permissions
files:hardlink
files:writeop
files:attribute
files:rename
files:delete
files:execute
files:write
files:read
files:create
drive type
dest file
hook:set_windows_hook
Handler Description
Handler Fingerprint
Handler Organization Name
Handler Is Trusted Distinguished Name
Handler Distinguished Name
Handler Path
Handler Module
image:load_for_execute
Image Description
Image Fingerprint
Image Organization Name
Image Is Trusted Distinguished Name
Image Distinguished Name
Image Path
program:open_with_any
program:open_with_create_thread
program:open_with_wait
program:open_with_modify
program:open_with_terminate
program:run
Target Fingerprint
Target Description
Target Organization Name
Is Trusted Target Distinguished Name
Target Distinguished Name
Target Executable
illegal:api
bo:dep_viol
bo:dep_write
bo:dep_heap
bo:dep_stack
bo:privilege_escalation
bo:no_module
bo:different_stack
bo:call_return_to_api
bo:call_different_target
bo:call_not_found
bo:call_return_unreadable
bo:invalid_call
bo:writeable_memory
bo:heap
bo:stack
DLL Name
Caller Description
Caller Fingerprint
Caller Organization Name
Caller Is Trusted Distinguished Name
Caller Distinguished Name
Caller Path
Caller Module
target_bytes
API Name
services:delete
services:create
services:logon
services:profile_disable
services:profile_enable
services:startup
services:continue
services:pause
services:stop
services:start
group names
hw profile
new startup
old startup
params
display names
services
registry:open_existing_key
registry:load
registry:replace
registry:restore
registry:monitor
registry:enumerate
registry:permissions
registry:modify
registry:delete
registry:rename
registry:read
registry:create
new data type
old data type
new data
old data
dest keys
values
Exclude_more
Include_more
attributes
directives
Exclude
Include
Exception
UNKNOWN
policiesHead
shieldDbHead
UNICODE-MIN_VAL
INT-MIN_VAL
HEXBIN-MIN_VAL
BIN-MIN_VAL
EXEC_ID
ERROR!!! NO SUCH TYPE
STRING-MIN_VAL
STRING
UNICODE
HEXBIN
MIN_VALUE
CASE_SENSITIVE
DATA_OWNER
OWN_MYSELF
DATA_STAR
CREATED_IN_KERNEL_MODE
ERROR!!! NO SUCH ATTRIBUTE
(TC) isValidRelativePtr: %s - unexpected offset value (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
(TC) isValidRelativePtr: %s - invalid ptr offset (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
(TC) isValidRelativePtr: %s - invalid offset (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
UnpatchValue: me->data.bin
UnpatchValue: me->next
(TC) UnpatchValue: me->size (%ld) invalid data size
(TC) UnpatchValue: me->attributes invalid attr or val
FreeValue: tried to free INT value!
%sattributes %s= %s = %s
%snext = 0x%p
%ssize = %ld
%sexData = %ld
%sdata = "%s"
%sdata = "%S"
%sdata = "0x%p"
%sdata = %ld
%stype = %s
%s--- Value ---
NOVAL_REV
NOVAL_REM
NOVAL_ALL
IS_CREATED_IN_KERNEL_MODE
NO SUCH ATTRIBUTE!
IS_OWN_MYSELF
DONT_DISPLAY
DONT_COMPARE
DONT_ALLOW_EX
INCLUDE
EXCLUDE
UnpatchSection: me->next
UnpatchSection: me->values
(TC) UnpatchSection: me->type invalid
(TC) UnpatchSection: me->attributes invalid attr or val
%svalues = 0x%p
%snext = 0x%p
%stype = %ld
%sname = %s
%s--- Section ---
EXCEPTION_CREATED_FROM_RULE
AUDIT_MODE_SUPPORTED
NOT_AUDITABLE
NO_LOG
EXCEPTION_MATCHES_ALL_RULE_IDS
EXCEPTION
INACTIVE
NO_TRUSTED_APPS
(TC) UnpatchEvent: me->type invalid
(TC) UnpatchEvent: me->sigId invalid
UnpatchEvent (me->secLookupTable[i].v)
UnpatchEvent: me->next
UnpatchEvent: me->sections
(TC) UnpatchEvent: me->attributes invalid attribute
(TC) UnpatchEvent: me->directives invalid directive value
%sdirectives = %s
%ssections = 0x%p
%ssecLookupTable[%3ld] = 0x%p
%sreaction = %ld
%suniqueId = %ld (0x%lx)
%ssigId = %ld (0x%lx)
%sengine name = %s
%sengineType = %ld
%s--- %s ---
UnpatchEventsDB: me->events
(TC) UnpatchEventsDB: me->attributes invalid attr
(TC) UnpackEventsDBCkSm: invalid size
(TC) UnpackEventsDBCkSm: invalid values:%u %u
FindAndAddRulesToSection: AddNewInstValueToSection() failed. (#1)
FindAndAddRulesToSection: UniqueIdFromRule() failed. (#1)
FindAndAddRulesToSection: SetEventDirective() failed. (#1)
LinkRulesToException: FindAndAddRulesToSection() failed.(#2)
LinkRulesToException: RemoveSectionFromInst() failed.
LinkRulesToException: FindAndAddRulesToSection() failed.(#1)
LinkRulesToException: SetSectionAttribute(SEC_ATTRIB_DONT_COMPARE) failed.
LinkRulesToException: AddNewSectionToEvent(SCDB_SECTION_RULES) failed.
LinkRulesToException: SetEventAttribute(EVENT_ATTRIB_EXCEPTION_MATCHES_ALL_RULE_IDS) failed.
LinkRulesToException: GetSectionFromEvent(SCDB_SECTION_ID) failed.
SC_Malloc:Can't allocate memory,size %d
D:\BUILD_854526\BUILD\HostIps\Windows\Source\HipArmor\Db/Common/sc_malloc.c
D:\BUILD_854526\BUILD\HostIps\Windows\Source\HipArmor\Db/Match/IdMap.cpp
Failed to create IdMap: 0x%x
Failed to create IdMap: no memory
Failed to access IdMap: 0x%x
Failed to lookup IdMap: 0x%x
firstAvailable
D:\BUILD_854526\BUILD\HostSharedSource\HssUtils/Mk/MkMap.cpp
("Illegal insert of item that already exists in map", 0)
("Illegal remove of item that does not exist in map",0)
ASSERT:
.\assertives.cpp
Runtime static initializer failure.
[o ,System
0123456789abcdef0x
0123456789ABCDEF0X
RSDSr"'
D:\BUILD_854526\BUILD\HostIps\Windows\Source\HipArmor\release\mfeepmpk.pdb
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
PsTerminateSystemThread
KeWaitForMultipleObjects
ZwClose
PsCreateSystemThread
ExInitializeResourceLite
ExDeleteResourceLite
ExAcquireResourceSharedLite
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleaseResourceLite
KeGetCurrentThread
ExAcquireResourceExclusiveLite
KeClearEvent
memcpy
MmHighestUserAddress
IoGetCurrentProcess
PsDereferencePrimaryToken
PsReferencePrimaryToken
ProbeForWrite
ProbeForRead
PsGetProcessId
ObfDereferenceObject
PsLookupProcessByProcessId
RtlCompareMemory
ZwQueryValueKey
RtlInitUnicodeString
ObOpenObjectByPointer
ZwOpenKey
ZwEnumerateValueKey
towupper
wcsncmp
_wcsnicmp
ExFreeToPagedLookasideList
ExAllocateFromPagedLookasideList
wcschr
SeReleaseSubjectContext
SeUnlockSubjectContext
SeLockSubjectContext
SeCaptureSubjectContext
RtlValidSid
memset
ExFreePool
RtlLengthSid
ObReferenceObjectByHandle
RtlGetVersion
MmIsAddressValid
MmSystemRangeStart
_purecall
KeQuerySystemTime
ExDeletePagedLookasideList
ExInitializePagedLookasideList
PsGetCurrentThreadId
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQueryInformationProcess
ZwOpenProcess
strncat
strncpy
RtlUpcaseUnicodeChar
RtlUpperChar
wcsncpy
wcscspn
ntoskrnl.exe
KeGetCurrentIrql
KeQueryPerformanceCounter
HAL.dll
KeBugCheckEx
RtlUnwind
KeNumberProcessors
DbgPrint
DbgBreakPoint
strrchr
IoCreateSymbolicLink
IoDeleteSymbolicLink
memmove
ZwDeviceIoControlFile
ZwOpenFile
ZwSetValueKey
MmGetSystemRoutineAddress
ZwWaitForSingleObject
_stricmp
PsGetCurrentProcessId
KfAcquireSpinLock
KfReleaseSpinLock
2M2b2k2
2>3D3_3f3t3
4.5Z5d5l5
5 6)6:6n6x6
3*3Q3V3[3f3r3y3>4s4}4
5I6S6[6n6x6
;C<S<r<
? ?#?'?+?/?3?7?;???C?G?K?O?S?W?[?f?
0 00090E0V0u0
2c2k3u3
3=4Q4[4c4
4Q5[5c5
7"7'707\7
8:9D9j;
X0a0r0
2%2F2[2q2z2
3%3-3h3j4t4|4
4"5,545
6&7\7j7
8c8q8Q9
:&:f:n:
707D7Z7n7
7%8>8R8k8
2 2g2K3
7;7c7h7o7
:$:b:s:
4<4F4N4^4h4p4
:P:Z:b:
<)=0=@=
6 7^7h7
9G9M9W9_9u9
:u;"<-<Z<o<v<
=-=E=g=z=
=+>I>\>y>
2?2l2~2
2L3S3Z3`3
6M6Z6l6
=3=:=D=K=R=p=
>3>A>g>q>
1:1?1E1O1Y1n1
2 232:2G2
3 6*626
9A9e9o9z9
:&:3:C:P:]:j:
:';0;`;n;
=H=R=]=m=s=
;J<T<\<w<
<S=X=l=
0*141;1h1r1
485=5B5G5
9>9H9f9p9x9
=)=6=U=c=
011h102:2B2X2b2j2
4[4e4m4
4W5_5h5
> ?&?4?
0"0Z0q0
0W1^1e1l1s1z1
2 272N2e2
2`3g3n3u3|3
657J7\7c7
:/:F:i:
<9<=<A<E<I<M<Q<U<Y<
1S2_2f2m2K5U5
1,1T1e1x1
2*292F2L2^2
4!4'4k4r4y4
;;;Y;z;
010?0}0
1)3E3R3_3e3v3
4A4H4O4V4]4d476[6
: ;);6;I;\;r;
6 6&6-646E6P6Y6c6
7(717;7r7z7
<J<Q<Y<
7!8-8%9Q9X9j9s9
9%:2:R:Y:c:h:r:}:
;(;-;7;<;F;K;U;Z;d;i;s;x;
<(<.<4<:<?<E<K<Q<V<\<g<u<
='=@=F=_=e=y=
>#>,>Q>m>v>
?"?'?1?6?@?E?O?T?^?c?m?r?|?
0!0&00050?0D0N0Y0p0z0
1!1&10151?1T1Y1^1h1m1x1~1
2#2(22272A2F2Q2W2^2d2r2w2
3+353:3D3I3T3Y3
4$4.434=4B4L4Q4[4`4j4o4{4
5F5K5]5t5
7 7&787X7d7z7
8&80888C8X8a8g8
:S;\;f;};
='=D=l=v=
>,?Q?]?n?s?
0$0,0:0j0
415U5^5g5n5w5}5
5$6*6M6U6
=)=0=*>1>
0M2T2f2m2
3D4H4L4P4T4X4\4`4d4h4l4p4
5 5P5T5X5\5`5
54686<6@6D6
=.>5>M>T>
/262H2O2
3 4$4(4,4044484<4@4D4H4L4d4h4l4p4
4,5054585<5|5
6 6`6d6h6l6p6
6h9n9t9z9
:+:0:>:C:Q:V:d:i:u:
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
8@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
P7T7X7\7`7d7h7l7p7t7x7|7
; ;$;(;,;0;4;
181X1x1
2 2<2@2\2`2
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
1(1,10181<1@1D1H1L1P1T1\1`1d1h1l1p1t1x1|1
5$5,545<5D5L5T5\5d5t5|5
6$6,646<6D6L6T6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848D8L8T8\8d8l8t8
9$9,949<9D9L9\9d9l9t9|9
:$:,:4:<:D:L:T:\:d:l:t:|:
;$;4;D;L;T;d;l;|;
<$<,<4<<<D<L<T<\<d<l<t<|<
= =$=(=0=4=8=@=D=H=P=T=X=`=d=h=p=t=x=
0 0$0(0,0004080<0@0D0H0L0
~HIEeVI
K;]#Np
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160721000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
u1H/P\
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!0 0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
http://www.mcafee.com 0
W]l6wsD
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
180829080103Z0#
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
171101191847Z
181101191847Z0
Washington1
Redmond1
Microsoft Corporation1;09
2Microsoft Windows Hardware Compatibility Publisher0
232825+2432950
chttp://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crl0
ehttp://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crt0
eqw/"[4
L-/QoT
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
120418234838Z
270418235838Z0
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
-g<'<V
}PH.=C
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
p%|Yi1$
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 2012
(https://www.microsoft.com/en-us/windows 0
JI?xx7
20180829184627.698Z0
Redmond1
Microsoft Corporation1-0+
$Microsoft Ireland Operations Limited1&0$
Thales TSS ESN:FC41-4BD4-D2201%0#
Microsoft Time-Stamp service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
180131190048Z
180907190048Z0
Redmond1
Microsoft Corporation1-0+
$Microsoft Ireland Operations Limited1&0$
Thales TSS ESN:FC41-4BD4-D2201%0#
Microsoft Time-Stamp service0
B..>U(=-9
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
*FJ$X 74
I;M~d[
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100623215724Z
350623220401Z0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
"D e4iL
n)n!!A&
[;depf
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100701213655Z
250701214655Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
$`2X`F
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
oK0D$"<
r~akow
Redmond1
Microsoft Corporation1-0+
$Microsoft Ireland Operations Limited1&0$
Thales TSS ESN:FC41-4BD4-D2201%0#
Microsoft Time-Stamp service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
20180830010934Z
20180831010934Z0w0=
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
M0jM3Yt
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160816000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
http://www.mcafee.com 0
20180829080113Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G2
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
170102000000Z
280401235959Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G20
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-50
\Z^ k;
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
180829080113Z0/
/1(0&0$0"
laX3/5
!This program cannot be run in DOS mode.
h.rdata
H.data
.pdata
H.bldvar
B.reloc
D$ MFE1
WATAUAVAWH
A_A^A]A\_
WATAUH
0A]A\_
VWATAUAVH
A^A]A\_^
WATAUAVAWH
A_A^A]A\_
x ATAUAVH
@A^A]A\
H9t$Pt
G8H9D$0t
H9t$Pt
H9T$0t
H!;H!{
H9\$@u
@SUVWATAUH
A]A\_^][
@SUVWATH
A\_^][
UVWATAUH
A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
L$PH9l$Pt%H
L$PH9l$Pt%H
L$PH9l$Pt%H
UVWATAUH
D$@D9hHt
A]A\_^]
\$ UVWATAUAVAWH
A_A^A]A\_^]
\$ UVWATAUAVAWH
A_A^A]A\_^]
SVWATAUAVAWH
9\$DuyE3
A_A^A]A\_^[
WATAUH
A]A\_
UVWATAUH
A]A\_^]
D$@|xH
8\t^Hc
H;L$@H
t$ WATAUAVAWH
L$@H9\$8u
L$@H9\$8
9\$Ht<9\$Lt6H
A_A^A]A\_
H9t$0t
H9T$@t
t$ WATAUAVAWH
u L9aXuJL
A_A^A]A\_
UVWATAUAVAWH
L9\$Pt
A_A^A]A\_^]
x ATAUAVH
P:fA9T$T
A^A]A\
L$ ATAUAVH
@A^A]A\
VWATAUAVH
@A^A]A\_^
t$ WATAUAVAWH
I!8I!9H
A_A^A]A\_
VWATAUAVH
0A^A]A\_^
WATAUAVAWH
A_A^A]A\_
UVWAUAVH
@88t$A
A^A]_^]
UVWATAUAVAWH
A_A^A]A\_^]
t$ WATAUH
WATAVH
A^A\_H
UVWATAUAVAWH
@A_A^A]A\_^]
VWATAUAVH
0A^A]A\_^
WAUAVH
{8H9{0t
WAVAWH
A_A^_
|$ AVH
@SUVWATH
A\_^][
l$ VWATH
D$(IPSrH
D$(IPSqH
H92tTH;
p WATAUH
@A]A\_
\$ D;Z
\$ D;Z
ATAUAVH
A^A]A\
UUUUUUUUH
33333333H
x ATAUL
WATAUAVAWH
A_A^A]A\_
UVWATAUH
pA]A\_^]
\$ D;Z
t$ WATAUAVAWH
D$4H)C
A_A^A]A\_
\$ E;X
D$0D)\$8J
@SUVWH
D$PuDH
t$ WATAUH
t>L9gH
A]A\_H
x ATAUAVH
A^A]A\
\$0D;Z
@SUVWATAUAVAWH
t2L93u
tBL9sH
A_A^A]A\_^][
WATAUAVAWH
fD9>t|M;
twfE9<$tpf
A_A^A]A\_
t>H9{H
WATAUAVAWH
t6D91v
A_A^A]A\_
WATAUAVAWH
tDH9GH
A_A^A]A\_
WATAUH
A]A\_
x ATAUH
WATAUH
A]A\_
L$DD!\$@E
WATAUAVAWH
0A_A^A]A\_
UVWATAUAVAWH
A_A^A]A\_^]
t$ WATAUAVAWH
0A_A^A]A\_
SUVWATH
PA\_^][
WATAUH
A]A\_
tCf9\$Pt
f9\$Pt
tHf9\$Pt
f9\$Pt
tEf9\$Pt
f9\$Pt
tJf9\$Pt
f9\$Pt
fD;c0sSI
fD;C0s/M
WATAUH
A]A\_
x ATAUAVH
0A^A]A\
WATAUAVAWH
0A_A^A]A\_
x ATAUAVH
0A^A]A\
WATAUAVAWH
0A_A^A]A\_
x AUAVAWH
T$8uYH
@A_A^A]
L$PH9)
WATAUH
uIfD9/tAL
VWATAUAVH
.L9t$ u
0A^A]A\_^
uUfD9d$Pu
VWATAVAWH
L9\$xtjH
A_A^A\_^
VWATAVAWH
A_A^A\_^
VWATAUAWH
A_A]A\_^
x ATAUAVH
A^A]A\
UVWATAUAVAWH
9D$Pt&
D9|$Ht
A_A^A]A\_^]
f;{0s(H
WATAUAVAWH
A_A^A]A\_
t)fD9A
WATAUAVAWH
0A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
` AUAVAWH
@A_A^A]
f;k0s&H
WATAUH
A]A\_
@SUVWATAUAVH
utfD9t$pt
0A^A]A\_^][
t$ WATAUH
A]A\_
t$ WATAUAVAWH
d$XfE;
A_A^A]A\_
WATAUAVAWH
L9|$ uqL9|$(uj
0A_A^A]A\_
x ATAUAVH
A^A]A\
x ATAUAVH
A^A]A\
x ATAUAVH
A^A]A\
x ATAUAVH
A^A]A\
UVWATAUAVAWH
pA_A^A]A\_^]
WAUAVH
D9t$hv#L
A^A]_
f9l$Xu
WATAUH
A]A\_
f9t$0t,
VWATAUAVH
0A^A]A\_^
3w?t6A
UVWATAUAVAWH
A_A^A]A\_^]
x ATAUAVH
A^A]A\
x ATAUAVH
fD97u3H
A^A]A\
x ATAUAVH
fD97u3H
A^A]A\
H9\$Xu
t f9\)
H9\$Xu
H!D$(H
WATAUH
u/fD9.u
A]A\_
uWf9l$@t
UVWATAUAVAWH
@A_A^A]A\_^]
D$(IPSVH
D$(IPSvH
D$(IPSsH
D$(IPSeH
D$(IPSdH
D$(IPSSH
VWATAUAVH
fD97t?H
L93t'A
0A^A]A\_^
tCfD;M
H!D$@H
WATAUH
A]A\_
WATAUAVAWH
A_A^A]A\_
T$ D;Q
WATAUAVAWH
@A_A^A]A\_
\$ UVWH
|$ ATH
l$ VWATH
D$(4 B
ALDCu!H
@SUVWATAUAVH
A^A]A\_^][
VWATAUAVH
A^A]A\_^
UAUAVAWH
A_A^A]]
t$ WATAUH
WATAUH
@8l$pt
A]A\_
WATAUH
@8l$pt
A]A\_
~+fffff
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
~+fffff
l$ VWATH
Controlling process monitor thread finishes with error code 0x%x
Controlling process monitor thread finishes normally
Controlling process died
Monitoring controlling process 0x%x
Failed to create monitor thread: 0x%x
.\ExecutableInfo.cpp
Win32Path().Len()
(ei.flags & Es::Path) && ei.path.len == e->ei.path.len
d:\build_854526\build\hostips\windows\source\hiparmor\hipshieldkernel\ExecutableSectionValues.h
refCnt>0
!esvRefCnt
exeTableHead
MfeHipsk::InjectionResultNofification injection state cannot be modified at this point
ERROR: MfeHipsk::InjectionResultNofification there was a problem getting the processinfo of current process
ERROR: MfeHipsk::InjectionResultNofification there was a problem updating injection state 0x%x on monitored pid 0x%x
MfeHipsk::InjectionResultNofification monitored pid 0x%x injection state updated to 0x%x
.\mfehipsk_content.cpp
n == 33
Failed to apply shield DB: 0x%x
Applied shield DB size 0x%x
Failed to set policies: 0x%x
Set Policies succeeded.
Instance has been stubbed out.
ERROR: Unexpected HamQ code 0x%x
d:\build_854526\build\hostips\windows\source\hiparmor\hipshieldkernel\ExecutableInfo.h
Pipe connect from pid 0x%x returns 0x%x,0x%x
Unable to exchange process state bits
Got %d byte query
Unable to query current process info for exchange
ContentDriverQuery received function %d
Executable Specifications Table contains %u entries
Applied executable table: %u entries, 0x%x + 0x%x bytes
Failed to apply executable table: 0x%x
GetMessages invalid parameter(s)
ConfigureInjection incorrect data size 0x%x.
StubOutInstance invalid parameter
SetPolicies incorrect data size 0x%x.
Illegal control attempt by pid 0x%x.
SetConfig incorrect data size 0x%x.
Control attempt by pid 0x%x rejected, code 0x%x.
.\mfehipsk_filefilter.cpp
KeGetCurrentIrql() <= APC_LEVEL
valuePtr == (Byte*)(&valueStorage + 1)
sectionPtr == (Byte*)(§ionStorage + 1)
ProcessIsStarted: pid 0x%x, flagx 0x%x, parent pid 0x%x
.\mfehipsk_procfilter.cpp
process
Unexpected error checking opened process with program engine: %d
Unable to filter open process access: Rules database not ready
Access bits 0x%x (mask 0x%x) stripped from OpenProcess(%S)
Unexpected failure to identify target process info
Unexpected failure to identify actor executable path
Unexpected failure to identify actor process executable instance
Unexpected error checking new process with program engine: %d
Unable to get image name for process being created
Unexpected failure to find ProcessInfo for 0x%x
NotifyProcessStart: pid 0x%x, parent pid 0x%x
NotifyProcessStop: pid 0x%x
.\mfehipsk_regfilter.cpp
\REGISTRY\MACHINE\SYSTEM\ControlSet\Services\
\Start
\REGISTRY\MACHINE\SYSTEM\ControlSet\Services\
\REGISTRY\MACHINE\SYSTEM\ControlSet\Hardware Profiles\
\System\CurrentControlSet\Enum\ROOT\LEGACY_
invalid
disabled
manual
automatic
system
\REGISTRY\MACHINE\SYSTEM\ControlSet\Services\
d:\build_854526\build\hostips\windows\source\hiparmor\hipshieldkernel\../HipShieldCommon/RegUtil.cpp
commonPrefixLen && oldPrefixLen
commonPrefix || valuePart
EventsDBPtr == (Byte*)(&EventsDBStorage + 1)
User mode returns error code 0x%x for sid lookup
User mode not listening for sid lookup
.\mfehipsk_sid.cpp
Out of resources to maintain sid map, code 0x%x
User mode failed to determine name for sid
Out of resources to maintain sid map
.\mfehipsk.cpp
references
me == v && memBuf == (Byte*)(me+1)
(MfeSai::Eid)p == InvalidEid
me == v+n && memBuf == (Byte*)(me+1)
eid != InvalidEid
dbContext
!dbContext
Eid %u
Db: %s
DriverUnload
!references
references == 1
MfeHipsk::ReleaseAndDestroy
!exeTableDb && !exeTableDbRef
(memBuf - storage) <= sizeof(Section)
(memBuf - storage) <= sizeof(Value)
old != newValues
Failed to load avfk driver
Failed to get name cache service
avfkHandle == INVALID_HANDLE_VALUE
Loading avfk driver for name cache service
Existing avfk driver instance is providing name cache service
value && !value->next && GetValueType(value) == VAL_TYPE_UNICODE && value->size > 2
Failed to create MfeHipsk initialization thread: 0x%x
Driver entry returning %x
Bad load arguments
Bad version info
clientContext->Init returned %x
DriverEntry
d:\build_854526\build\hostips\windows\source\hiparmor\hipshieldkernel\../InjectionK/ProcessMonitoring.cpp
Unexpected failure querying pid 0x%x bits
%s Eid %u
Descend
NoSync
Exclude
Include
Injection lists:
exeTableDb
Potential ProcessInfo management issue for pid 0x%x
processEntry
bucket
state != Startup
Process 0x%x is not currently registered
msg->pid == (int)XntGetCurrentProcessId()
d:\build_854526\build\hostips\windows\source\sai\private\SaiEidVector.h
NumSparse() < SaiEidVectorSparseThreshold
d:\build_854526\build\hostips\windows\source\hiparmor\hipshieldkernel\../../Sai/Match/SaiUnPatch.cpp
d:\build_854526\build\hostips\windows\source\hiparmor\hipshieldkernel\../../Sai/Match/SaiMatchTrie.cpp
subStrLen
Unexpected failure to allocate message space
Unexpected resource failure copying string: 0x%x
d:\build_854526\build\hostips\windows\source\hiparmor\hipshieldkernel\../../Sai/Match/SaiLookupHelper.cpp
currentTrace
stillHasWildCards
shortenedVersion.Len() >= 3
Unexpected low resource state
Unexpected 0x%x bit module
Unexpected null module path
Unexpected failure querying module information
Pid 0x%x is network facing
Process monitoring configured (%s) 0x%x/0x%x/0x%x/0x%x
async only
with sync
Unable to identify 0x%x for ips enforcement
Unable to identify unregistered 0x%x for ips enforcement
Unable to identify a process for ips enforcement
No services manager process was registered
Process stopped during startup notifications: 0x%x
servicesPid == (HANDLE)-1
Unexpected failure to find a process entry
UM module load report failure: 0x%x
NoticeLoadImage - ProcessEntry::SyncInjectionActive is set: 0x%x
NoticeLoadImage - wantSyncInjected true. Setting SyncInjectionActive flag: 0x%x
Unexpected missing process entry during image load: 0x%x
InjectionK
Unexpected empty syscore path for process: 0x%x
Inserted new process entry: 0x%x
Unexpected failure to insert a process entry: 0x%x
Unexpected failure to create a new process entry: 0x%x
Unable to add pid 0x%x for tracking
Parent process 0x%x is not registered
.\HipArmorKernelLog.cpp
sendSize <= bufSize
, local_file
, query
, raw_url
raw_data
Agent truncated details - too much data to display.
- too much data to display.
Agent was unable to send advanced details
Agent was unable to send advanced details for sections:
TruncateStringValues: Packed query size:%d.
SC_Block:PackupViolationInDb:PackAndPatchEventsDB() failed.
SC_Block:PackupViolationInDb:SC_Malloc() failed.
SC_Block:PackupViolationInDb:GetEventsDBTotalSize() 2 failed.
SC_Block:PackupViolationInDb:GetEventsDBTotalSize() failed.
SC_Block:PackupViolationInDb:CreateEventsDB() failed.
D:\BUILD_854526\BUILD\HostIps\Windows\Source\HipArmor\Db/Match/sc_block.c
D:\BUILD_854526\BUILD\HostIps\Windows\Source\HipArmor\Db/Match/trie.c
isNodeAttributeSet(me, TRIE_NODE_ATTRIB_IS_ID_MAP)
SC_Block: CreateEventsDB() failed.
SC_Block: AddNewSectionToEvent(SCDB_SECTION_USER_GROUPS) failed.
SC_Block: AddNewStringValToSec() failed.
SC_Block: PackupViolationInDb() failed.
%s event matching sig %d
Reaction to event matching sig %d has been downgraded to log due to unknown application path
Unexpected failure removing internal detail from violation
SC_Block:Found auto gen rule
SC_Block: SC_GetGlobalData(policies_head) failed.
GetValueType(val) == VAL_TYPE_EXEC_ID
CreateClassTree: GetNextRelevantSecForClass(%ld) failed
CreateClassTree: isReqTrie(%ld, %ld) failed
CreateClassTree: CreateTrieNode() failed.
linkCandChainsInSuperTree failed
AddRulesDbToSuperTree failed
CreateSuperTree failed
BuildSuperTree: AddNewConstStringValTOSec(g_incAddSec, allChars) failed
BuildSuperTree: CreateRuleSection(g_incAllSec) failed
Tamper
Illegal_API_Use
Program
Illegal Use
Buffer_Overflow
Services
Registry
Exceptions
*SG_Global*
*SG_Internal*
Parent Executable Fingerprint
Parent Executable Description
Parent Executable Subject Org Name
Parent Executable Is Trusted SDN
Parent Executable SDN
Parent Executable Path
Executable Fingerprint
Executable Description
Subject Organization Name
Is Trusted Subject Distinguished Name
Subject Distinguished Name
treaction
Disable Globals
ex_Group_SID
Take ownership
Warning Note
violations
module stack
dependencies
user groups
token handle
global logon id
session id
process id
unique rule ids
wrkstn name
domain user name
domain name
user name
Executable
application
illegal_api_use:invalid_call
illegal_api_use:bad_parameter
Vulnerability Name
Detailed Event Info
sql:request
transport
sql_user_password
authentication_mode
sql_line_comment
sp_param_char_len_ten
sp_param_char_len_nine
sp_param_char_len_eight
sp_param_char_len_seven
sp_param_char_len_six
sp_param_char_len_five
sp_param_char_len_four
sp_param_char_len_three
sp_param_char_len_two
sp_param_char_len_one
sp_param_orig_len_ten
sp_param_orig_len_nine
sp_param_orig_len_eight
sp_param_orig_len_seven
sp_param_orig_len_six
sp_param_orig_len_five
sp_param_orig_len_four
sp_param_orig_len_three
sp_param_orig_len_two
sp_param_orig_len_one
sp_param_ten
sp_param_nine
sp_param_eight
sp_param_seven
sp_param_six
sp_param_five
sp_param_four
sp_param_three
sp_param_two
sp_param_one
client_agent
server_name
db_user_name
sql_original_query
sql_query
sp_name
isapi:response
isapi:request
isapi:rawdata
isapi:reqquery
isapi:requrl
content len
server
source
raw url
local file
method
Web Server Type
raw data
files:permissions
files:hardlink
files:writeop
files:attribute
files:rename
files:delete
files:execute
files:write
files:read
files:create
drive type
dest file
hook:set_windows_hook
Handler Description
Handler Fingerprint
Handler Organization Name
Handler Is Trusted Distinguished Name
Handler Distinguished Name
Handler Path
Handler Module
image:load_for_execute
Image Description
Image Fingerprint
Image Organization Name
Image Is Trusted Distinguished Name
Image Distinguished Name
Image Path
program:open_with_any
program:open_with_create_thread
program:open_with_wait
program:open_with_modify
program:open_with_terminate
program:run
Target Fingerprint
Target Description
Target Organization Name
Is Trusted Target Distinguished Name
Target Distinguished Name
Target Executable
illegal:api
bo:dep_viol
bo:dep_write
bo:dep_heap
bo:dep_stack
bo:privilege_escalation
bo:no_module
bo:different_stack
bo:call_return_to_api
bo:call_different_target
bo:call_not_found
bo:call_return_unreadable
bo:invalid_call
bo:writeable_memory
bo:heap
bo:stack
DLL Name
Caller Description
Caller Fingerprint
Caller Organization Name
Caller Is Trusted Distinguished Name
Caller Distinguished Name
Caller Path
Caller Module
target_bytes
API Name
services:delete
services:create
services:logon
services:profile_disable
services:profile_enable
services:startup
services:continue
services:pause
services:stop
services:start
group names
hw profile
new startup
old startup
params
display names
services
registry:open_existing_key
registry:load
registry:replace
registry:restore
registry:monitor
registry:enumerate
registry:permissions
registry:modify
registry:delete
registry:rename
registry:read
registry:create
new data type
old data type
new data
old data
dest keys
values
Exclude_more
Include_more
attributes
directives
Exclude
Include
Exception
UNKNOWN
policiesHead
shieldDbHead
UNICODE-MIN_VAL
INT-MIN_VAL
HEXBIN-MIN_VAL
BIN-MIN_VAL
EXEC_ID
ERROR!!! NO SUCH TYPE
STRING-MIN_VAL
STRING
UNICODE
HEXBIN
MIN_VALUE
CASE_SENSITIVE
DATA_OWNER
OWN_MYSELF
DATA_STAR
CREATED_IN_KERNEL_MODE
ERROR!!! NO SUCH ATTRIBUTE
(TC) isValidRelativePtr: %s - unexpected offset value (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
(TC) isValidRelativePtr: %s - invalid ptr offset (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
(TC) isValidRelativePtr: %s - invalid offset (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
UnpatchValue: me->data.bin
UnpatchValue: me->next
(TC) UnpatchValue: me->size (%ld) invalid data size
(TC) UnpatchValue: me->attributes invalid attr or val
FreeValue: tried to free INT value!
%sattributes %s= %s = %s
%snext = 0x%p
%ssize = %ld
%sexData = %ld
%sdata = "%s"
%sdata = "%S"
%sdata = "0x%p"
%sdata = %ld
%stype = %s
%s--- Value ---
NOVAL_REV
NOVAL_REM
NOVAL_ALL
IS_CREATED_IN_KERNEL_MODE
NO SUCH ATTRIBUTE!
IS_OWN_MYSELF
DONT_DISPLAY
DONT_COMPARE
DONT_ALLOW_EX
INCLUDE
EXCLUDE
UnpatchSection: me->next
UnpatchSection: me->values
(TC) UnpatchSection: me->type invalid
(TC) UnpatchSection: me->attributes invalid attr or val
%svalues = 0x%p
%snext = 0x%p
%stype = %ld
%sname = %s
%s--- Section ---
EXCEPTION_CREATED_FROM_RULE
AUDIT_MODE_SUPPORTED
NOT_AUDITABLE
NO_LOG
EXCEPTION_MATCHES_ALL_RULE_IDS
EXCEPTION
INACTIVE
NO_TRUSTED_APPS
(TC) UnpatchEvent: me->type invalid
(TC) UnpatchEvent: me->sigId invalid
UnpatchEvent (me->secLookupTable[i].v)
UnpatchEvent: me->next
UnpatchEvent: me->sections
(TC) UnpatchEvent: me->attributes invalid attribute
(TC) UnpatchEvent: me->directives invalid directive value
%sdirectives = %s
%ssections = 0x%p
%ssecLookupTable[%3ld] = 0x%p
%sreaction = %ld
%suniqueId = %ld (0x%lx)
%ssigId = %ld (0x%lx)
%sengine name = %s
%sengineType = %ld
%s--- %s ---
UnpatchEventsDB: me->events
(TC) UnpatchEventsDB: me->attributes invalid attr
(TC) UnpackEventsDBCkSm: invalid size
(TC) UnpackEventsDBCkSm: invalid values:%u %u
FindAndAddRulesToSection: SetEventDirective() failed. (#1)
FindAndAddRulesToSection: UniqueIdFromRule() failed. (#1)
FindAndAddRulesToSection: AddNewInstValueToSection() failed. (#1)
LinkRulesToException: FindAndAddRulesToSection() failed.(#2)
LinkRulesToException: RemoveSectionFromInst() failed.
LinkRulesToException: FindAndAddRulesToSection() failed.(#1)
LinkRulesToException: SetSectionAttribute(SEC_ATTRIB_DONT_COMPARE) failed.
LinkRulesToException: AddNewSectionToEvent(SCDB_SECTION_RULES) failed.
LinkRulesToException: SetEventAttribute(EVENT_ATTRIB_EXCEPTION_MATCHES_ALL_RULE_IDS) failed.
LinkRulesToException: GetSectionFromEvent(SCDB_SECTION_ID) failed.
SC_Malloc:Can't allocate memory,size %d
D:\BUILD_854526\BUILD\HostIps\Windows\Source\HipArmor\Db/Common/sc_malloc.c
D:\BUILD_854526\BUILD\HostIps\Windows\Source\HipArmor\Db/Match/IdMap.cpp
Failed to create IdMap: 0x%x
Failed to create IdMap: no memory
Failed to access IdMap: 0x%x
Failed to lookup IdMap: 0x%x
firstAvailable
D:\BUILD_854526\BUILD\HostSharedSource\HssUtils/Mk/MkMap.cpp
("Illegal insert of item that already exists in map", 0)
("Illegal remove of item that does not exist in map",0)
ASSERT:
.\assertives.cpp
Runtime static initializer failure.
[o ,System
0123456789abcdef0x
0123456789ABCDEF0X
D:\BUILD_854526\BUILD\HostIps\Windows\Source\HipArmor\amd64rel\mfeepmpk.pdb
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
PsTerminateSystemThread
KeWaitForMultipleObjects
ZwClose
PsCreateSystemThread
ExInitializeResourceLite
ExDeleteResourceLite
ExAcquireResourceSharedLite
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeClearEvent
__C_specific_handler
MmHighestUserAddress
IoGetCurrentProcess
PsDereferencePrimaryToken
PsReferencePrimaryToken
ProbeForRead
ProbeForWrite
PsGetProcessId
ObfDereferenceObject
PsLookupProcessByProcessId
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExQueryDepthSList
RtlCompareMemory
ZwQueryValueKey
RtlInitUnicodeString
ObOpenObjectByPointer
ZwOpenKey
ZwEnumerateValueKey
towupper
wcsncmp
_wcsnicmp
wcschr
SeReleaseSubjectContext
SeUnlockSubjectContext
SeLockSubjectContext
SeCaptureSubjectContext
RtlValidSid
ExFreePoolWithTag
RtlLengthSid
ObReferenceObjectByHandle
RtlGetVersion
MmIsAddressValid
MmSystemRangeStart
_purecall
ExDeletePagedLookasideList
ExInitializePagedLookasideList
PsGetCurrentThreadId
ExAllocatePoolWithTag
ZwQueryInformationProcess
ZwOpenProcess
strncat
strncpy
RtlUpcaseUnicodeChar
RtlUpperChar
wcsncpy
wcscspn
ntoskrnl.exe
KeQueryPerformanceCounter
HAL.dll
KeBugCheckEx
KeNumberProcessors
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
DbgPrint
DbgBreakPoint
strrchr
IoCreateSymbolicLink
IoDeleteSymbolicLink
ZwDeviceIoControlFile
ZwOpenFile
ZwSetValueKey
MmGetSystemRoutineAddress
ZwWaitForSingleObject
_stricmp
PsGetCurrentProcessId
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160721000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
u1H/P\
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!0 0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
BssB>i
http://www.mcafee.com 0
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
180829081933Z0#
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
171101191847Z
181101191847Z0
Washington1
Redmond1
Microsoft Corporation1;09
2Microsoft Windows Hardware Compatibility Publisher0
232825+2432950
chttp://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crl0
ehttp://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crt0
eqw/"[4
L-/QoT
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
120418234838Z
270418235838Z0
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
-g<'<V
}PH.=C
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
p%|Yi1$
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 2012
(https://www.microsoft.com/en-us/windows 0
.lb]z+'
20180829184631.793Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:F6FF-2DA7-BB751%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100701213655Z
250701214655Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
$`2X`F
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
oK0D$"<
r~akow
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
180823202708Z
191123202708Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:F6FF-2DA7-BB751%0#
Microsoft Time-Stamp Service0
|5)Y|/
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
@;Ff8#
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:F6FF-2DA7-BB751%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1
AOC1'0%
nCipher NTS ESN:2665-4C3F-C5DE1+0)
"Microsoft Time Source Master Clock0
20180828214129Z
20180829214129Z0w0=
gHVS<L\a
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
IHt]\`ujN
BU.vx8
mSvvm>
$y?J<zS=
j<d?yQ"
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160816000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
http://www.mcafee.com 0
20180829081942Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G3
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
171223000000Z
290322235959Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G30
?'J3Nm
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-60
U){9FN
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
180829081942Z0/
/1(0&0$0"
!This program cannot be run in DOS mode.
h.rdata
H.data
.bldvar
B.reloc
hMFE1W
PhMFE1SSW
Ch;FXt
Fh9~lv
t0IIt'IIt
Ht`HtKHt
\t8W@P
QSSSSh
j<hP.B
j\hp.B
t"j\[f;
HHt.Ht
9~HuLh
YYSSSS
t$WWWW
~$9~ t
t$jJjIjHjGjFjEj
jDjCjBjAj@j*j
97u)j
t+Ht(Ht%Ht
HtsHt>Ht
Ht6Ht(Ht
*t j&^j
f;2tGOtB
f;2t7Ot2
4At@Sf
u+f9] t%
!wEt=Ht4Ht+HHt!
"t>HHt4
Ht4Ht'Ht
HtPHtAHt#;u
Ht<Ht/Ht
Ht\HtMHt.;u
w@t7Ht-Ht#HHt
w@t7Ht-Ht#HHt
QQSVW3
DPPWh|
SVWj<_W
Ht7Ht*Ht
HtWHtHHt(;u
GGFF;}
Jt6Jt JJt
Jt5Jt"JJt
t0f;;t<
It'Iu,
URPQQh
hmfemP
hmfemP
hmfemP
hmfemh
hmfemh
hMFE1QP
t8hT#B
tAhP#B
hMFE0PQ
hMFE0P
VhMFEKhX
t`hMFEKhX
hMFEKW
hMFEKV
PVh4 B
hmfePV
hmfePV
Controlling process monitor thread finishes with error code 0x%x
Controlling process monitor thread finishes normally
Controlling process died
Monitoring controlling process 0x%x
Failed to create monitor thread: 0x%x
.\ExecutableInfo.cpp
Win32Path().Len()
(ei.flags & Es::Path) && ei.path.len == e->ei.path.len
d:\build_854710\build\hostips\windows\source\hiparmor\hipshieldkernel\ExecutableSectionValues.h
refCnt>0
!esvRefCnt
exeTableHead
MfeHipsk::InjectionResultNofification injection state cannot be modified at this point
ERROR: MfeHipsk::InjectionResultNofification there was a problem getting the processinfo of current process
ERROR: MfeHipsk::InjectionResultNofification there was a problem updating injection state 0x%x on monitored pid 0x%x
MfeHipsk::InjectionResultNofification monitored pid 0x%x injection state updated to 0x%x
.\mfehipsk_content.cpp
n == 33
Failed to apply shield DB: 0x%x
Applied shield DB size 0x%x
Failed to set policies: 0x%x
Set Policies succeeded.
Instance has been stubbed out.
ERROR: Unexpected HamQ code 0x%x
d:\build_854710\build\hostips\windows\source\hiparmor\hipshieldkernel\ExecutableInfo.h
Pipe connect from pid 0x%x returns 0x%x,0x%x
Unable to exchange process state bits
Unable to query current process info for exchange
Got %d byte query
ContentDriverQuery received function %d
Executable Specifications Table contains %u entries
Applied executable table: %u entries, 0x%x + 0x%x bytes
Failed to apply executable table: 0x%x
GetMessages invalid parameter(s)
ConfigureInjection incorrect data size 0x%x.
StubOutInstance invalid parameter
SetPolicies incorrect data size 0x%x.
Illegal control attempt by pid 0x%x.
SetConfig incorrect data size 0x%x.
Control attempt by pid 0x%x rejected, code 0x%x.
KeGetCurrentIrql() <= APC_LEVEL
.\mfehipsk_filefilter.cpp
valuePtr == (Byte*)(&valueStorage + 1)
sectionPtr == (Byte*)(§ionStorage + 1)
ProcessIsStarted: pid 0x%x, flagx 0x%x, parent pid 0x%x
process
.\mfehipsk_procfilter.cpp
Access bits 0x%x (mask 0x%x) stripped from OpenProcess(%S)
Unexpected error checking opened process with program engine: %d
Unable to filter open process access: Rules database not ready
Unexpected failure to identify target process info
Unexpected failure to identify actor executable path
Unexpected failure to identify actor process executable instance
Unexpected error checking new process with program engine: %d
Unable to get image name for process being created
Unexpected failure to find ProcessInfo for 0x%x
NotifyProcessStart: pid 0x%x, parent pid 0x%x
NotifyProcessStop: pid 0x%x
.\mfehipsk_regfilter.cpp
\REGISTRY\MACHINE\SYSTEM\ControlSet\Services\
\Start
\REGISTRY\MACHINE\SYSTEM\ControlSet\Services\
\REGISTRY\MACHINE\SYSTEM\ControlSet\Hardware Profiles\
\System\CurrentControlSet\Enum\ROOT\LEGACY_
invalid
disabled
manual
automatic
system
\REGISTRY\MACHINE\SYSTEM\ControlSet\Services\
d:\build_854710\build\hostips\windows\source\hiparmor\hipshieldkernel\../HipShieldCommon/RegUtil.cpp
commonPrefixLen && oldPrefixLen
commonPrefix || valuePart
EventsDBPtr == (Byte*)(&EventsDBStorage + 1)
User mode returns error code 0x%x for sid lookup
.\mfehipsk_sid.cpp
User mode not listening for sid lookup
Out of resources to maintain sid map, code 0x%x
User mode failed to determine name for sid
Out of resources to maintain sid map
.\mfehipsk.cpp
references
me == v && memBuf == (Byte*)(me+1)
(MfeSai::Eid)p == InvalidEid
me == v+n && memBuf == (Byte*)(me+1)
eid != InvalidEid
dbContext
!dbContext
Eid %u
Db: %s
DriverUnload
!references
references == 1
MfeHipsk::ReleaseAndDestroy
!exeTableDb && !exeTableDbRef
(memBuf - storage) <= sizeof(Section)
(memBuf - storage) <= sizeof(Value)
old != newValues
Failed to load avfk driver
Failed to get name cache service
avfkHandle == INVALID_HANDLE_VALUE
Loading avfk driver for name cache service
Existing avfk driver instance is providing name cache service
value && !value->next && GetValueType(value) == VAL_TYPE_UNICODE && value->size > 2
Failed to create MfeHipsk initialization thread: 0x%x
Driver entry returning %x
Bad load arguments
Bad version info
clientContext->Init returned %x
DriverEntry
d:\build_854710\build\hostips\windows\source\hiparmor\hipshieldkernel\../InjectionK/ProcessMonitoring.cpp
Unexpected failure querying pid 0x%x bits
%s Eid %u
Descend
NoSync
Exclude
Include
Injection lists:
exeTableDb
Potential ProcessInfo management issue for pid 0x%x
processEntry
bucket
state != Startup
Process 0x%x is not currently registered
d:\build_854710\build\hostips\windows\source\sai\private\SaiEidVector.h
NumSparse() < SaiEidVectorSparseThreshold
d:\build_854710\build\hostips\windows\source\hiparmor\hipshieldkernel\../../Sai/Match/SaiUnPatch.cpp
d:\build_854710\build\hostips\windows\source\hiparmor\hipshieldkernel\../../Sai/Match/SaiMatchTrie.cpp
subStrLen
Unexpected failure to allocate message space
Unexpected resource failure copying string: 0x%x
d:\build_854710\build\hostips\windows\source\hiparmor\hipshieldkernel\../../Sai/Match/SaiLookupHelper.cpp
currentTrace
stillHasWildCards
shortenedVersion.Len() >= 3
Unexpected low resource state
Unexpected 0x%x bit module
Unexpected null module path
Unexpected failure querying module information
Pid 0x%x is network facing
Process monitoring configured (%s) 0x%x/0x%x/0x%x/0x%x
async only
with sync
Unable to identify 0x%x for ips enforcement
Unable to identify unregistered 0x%x for ips enforcement
Unable to identify a process for ips enforcement
No services manager process was registered
Process stopped during startup notifications: 0x%x
servicesPid == (HANDLE)-1
Unexpected failure to find a process entry
UM module load report failure: 0x%x
NoticeLoadImage - ProcessEntry::SyncInjectionActive is set: 0x%x
NoticeLoadImage - wantSyncInjected true. Setting SyncInjectionActive flag: 0x%x
Unexpected missing process entry during image load: 0x%x
InjectionK
Unexpected empty syscore path for process: 0x%x
Inserted new process entry: 0x%x
Unexpected failure to insert a process entry: 0x%x
Unexpected failure to create a new process entry: 0x%x
Unable to add pid 0x%x for tracking
Parent process 0x%x is not registered
.\HipArmorKernelLog.cpp
sendSize <= bufSize
, local_file
, query
, raw_url
raw_data
Agent truncated details - too much data to display.
- too much data to display.
Agent was unable to send advanced details
Agent was unable to send advanced details for sections:
TruncateStringValues: Packed query size:%d.
SC_Block:PackupViolationInDb:PackAndPatchEventsDB() failed.
SC_Block:PackupViolationInDb:SC_Malloc() failed.
SC_Block:PackupViolationInDb:GetEventsDBTotalSize() 2 failed.
SC_Block:PackupViolationInDb:GetEventsDBTotalSize() failed.
SC_Block:PackupViolationInDb:CreateEventsDB() failed.
D:\BUILD_854710\BUILD\HostIps\Windows\Source\HipArmor\Db/Match/sc_block.c
D:\BUILD_854710\BUILD\HostIps\Windows\Source\HipArmor\Db/Match/trie.c
isNodeAttributeSet(me, TRIE_NODE_ATTRIB_IS_ID_MAP)
SC_Block: PackupViolationInDb() failed.
SC_Block: AddNewStringValToSec() failed.
SC_Block: AddNewSectionToEvent(SCDB_SECTION_USER_GROUPS) failed.
SC_Block: CreateEventsDB() failed.
%s event matching sig %d
Reaction to event matching sig %d has been downgraded to log due to unknown application path
Unexpected failure removing internal detail from violation
SC_Block:Found auto gen rule
SC_Block: SC_GetGlobalData(policies_head) failed.
GetValueType(val) == VAL_TYPE_EXEC_ID
CreateClassTree: CreateTrieNode() failed.
CreateClassTree: isReqTrie(%ld, %ld) failed
CreateClassTree: GetNextRelevantSecForClass(%ld) failed
linkCandChainsInSuperTree failed
AddRulesDbToSuperTree failed
CreateSuperTree failed
BuildSuperTree: AddNewConstStringValTOSec(g_incAddSec, allChars) failed
BuildSuperTree: CreateRuleSection(g_incAllSec) failed
Tamper
Illegal_API_Use
Program
Illegal Use
Buffer_Overflow
Services
Registry
Exceptions
*SG_Global*
*SG_Internal*
Parent Executable Fingerprint
Parent Executable Description
Parent Executable Subject Org Name
Parent Executable Is Trusted SDN
Parent Executable SDN
Parent Executable Path
Executable Fingerprint
Executable Description
Subject Organization Name
Is Trusted Subject Distinguished Name
Subject Distinguished Name
treaction
Disable Globals
ex_Group_SID
Take ownership
Warning Note
violations
module stack
dependencies
user groups
token handle
global logon id
session id
process id
unique rule ids
wrkstn name
domain user name
domain name
user name
Executable
application
illegal_api_use:invalid_call
illegal_api_use:bad_parameter
Vulnerability Name
Detailed Event Info
sql:request
transport
sql_user_password
authentication_mode
sql_line_comment
sp_param_char_len_ten
sp_param_char_len_nine
sp_param_char_len_eight
sp_param_char_len_seven
sp_param_char_len_six
sp_param_char_len_five
sp_param_char_len_four
sp_param_char_len_three
sp_param_char_len_two
sp_param_char_len_one
sp_param_orig_len_ten
sp_param_orig_len_nine
sp_param_orig_len_eight
sp_param_orig_len_seven
sp_param_orig_len_six
sp_param_orig_len_five
sp_param_orig_len_four
sp_param_orig_len_three
sp_param_orig_len_two
sp_param_orig_len_one
sp_param_ten
sp_param_nine
sp_param_eight
sp_param_seven
sp_param_six
sp_param_five
sp_param_four
sp_param_three
sp_param_two
sp_param_one
client_agent
server_name
db_user_name
sql_original_query
sql_query
sp_name
isapi:response
isapi:request
isapi:rawdata
isapi:reqquery
isapi:requrl
content len
server
source
raw url
local file
method
Web Server Type
raw data
files:permissions
files:hardlink
files:writeop
files:attribute
files:rename
files:delete
files:execute
files:write
files:read
files:create
drive type
dest file
hook:set_windows_hook
Handler Description
Handler Fingerprint
Handler Organization Name
Handler Is Trusted Distinguished Name
Handler Distinguished Name
Handler Path
Handler Module
image:load_for_execute
Image Description
Image Fingerprint
Image Organization Name
Image Is Trusted Distinguished Name
Image Distinguished Name
Image Path
program:open_with_any
program:open_with_create_thread
program:open_with_wait
program:open_with_modify
program:open_with_terminate
program:run
Target Fingerprint
Target Description
Target Organization Name
Is Trusted Target Distinguished Name
Target Distinguished Name
Target Executable
illegal:api
bo:dep_viol
bo:dep_write
bo:dep_heap
bo:dep_stack
bo:privilege_escalation
bo:no_module
bo:different_stack
bo:call_return_to_api
bo:call_different_target
bo:call_not_found
bo:call_return_unreadable
bo:invalid_call
bo:writeable_memory
bo:heap
bo:stack
DLL Name
Caller Description
Caller Fingerprint
Caller Organization Name
Caller Is Trusted Distinguished Name
Caller Distinguished Name
Caller Path
Caller Module
target_bytes
API Name
services:delete
services:create
services:logon
services:profile_disable
services:profile_enable
services:startup
services:continue
services:pause
services:stop
services:start
group names
hw profile
new startup
old startup
params
display names
services
registry:open_existing_key
registry:load
registry:replace
registry:restore
registry:monitor
registry:enumerate
registry:permissions
registry:modify
registry:delete
registry:rename
registry:read
registry:create
new data type
old data type
new data
old data
dest keys
values
Exclude_more
Include_more
attributes
directives
Exclude
Include
Exception
UNKNOWN
policiesHead
shieldDbHead
UNICODE-MIN_VAL
INT-MIN_VAL
HEXBIN-MIN_VAL
BIN-MIN_VAL
EXEC_ID
ERROR!!! NO SUCH TYPE
STRING-MIN_VAL
STRING
UNICODE
HEXBIN
MIN_VALUE
CASE_SENSITIVE
DATA_OWNER
OWN_MYSELF
DATA_STAR
CREATED_IN_KERNEL_MODE
ERROR!!! NO SUCH ATTRIBUTE
(TC) isValidRelativePtr: %s - unexpected offset value (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
(TC) isValidRelativePtr: %s - invalid ptr offset (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
(TC) isValidRelativePtr: %s - invalid offset (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
UnpatchValue: me->data.bin
UnpatchValue: me->next
(TC) UnpatchValue: me->size (%ld) invalid data size
(TC) UnpatchValue: me->attributes invalid attr or val
FreeValue: tried to free INT value!
%sattributes %s= %s = %s
%snext = 0x%p
%ssize = %ld
%sexData = %ld
%sdata = "%s"
%sdata = "%S"
%sdata = "0x%p"
%sdata = %ld
%stype = %s
%s--- Value ---
NOVAL_REV
NOVAL_REM
NOVAL_ALL
IS_CREATED_IN_KERNEL_MODE
NO SUCH ATTRIBUTE!
IS_OWN_MYSELF
DONT_DISPLAY
DONT_COMPARE
DONT_ALLOW_EX
INCLUDE
EXCLUDE
UnpatchSection: me->next
UnpatchSection: me->values
(TC) UnpatchSection: me->type invalid
(TC) UnpatchSection: me->attributes invalid attr or val
%svalues = 0x%p
%snext = 0x%p
%stype = %ld
%sname = %s
%s--- Section ---
EXCEPTION_CREATED_FROM_RULE
AUDIT_MODE_SUPPORTED
NOT_AUDITABLE
NO_LOG
EXCEPTION_MATCHES_ALL_RULE_IDS
EXCEPTION
INACTIVE
NO_TRUSTED_APPS
(TC) UnpatchEvent: me->type invalid
(TC) UnpatchEvent: me->sigId invalid
UnpatchEvent (me->secLookupTable[i].v)
UnpatchEvent: me->next
UnpatchEvent: me->sections
(TC) UnpatchEvent: me->attributes invalid attribute
(TC) UnpatchEvent: me->directives invalid directive value
%sdirectives = %s
%ssections = 0x%p
%ssecLookupTable[%3ld] = 0x%p
%sreaction = %ld
%suniqueId = %ld (0x%lx)
%ssigId = %ld (0x%lx)
%sengine name = %s
%sengineType = %ld
%s--- %s ---
UnpatchEventsDB: me->events
(TC) UnpatchEventsDB: me->attributes invalid attr
(TC) UnpackEventsDBCkSm: invalid size
(TC) UnpackEventsDBCkSm: invalid values:%u %u
FindAndAddRulesToSection: AddNewInstValueToSection() failed. (#1)
FindAndAddRulesToSection: UniqueIdFromRule() failed. (#1)
FindAndAddRulesToSection: SetEventDirective() failed. (#1)
LinkRulesToException: FindAndAddRulesToSection() failed.(#2)
LinkRulesToException: RemoveSectionFromInst() failed.
LinkRulesToException: FindAndAddRulesToSection() failed.(#1)
LinkRulesToException: SetSectionAttribute(SEC_ATTRIB_DONT_COMPARE) failed.
LinkRulesToException: AddNewSectionToEvent(SCDB_SECTION_RULES) failed.
LinkRulesToException: SetEventAttribute(EVENT_ATTRIB_EXCEPTION_MATCHES_ALL_RULE_IDS) failed.
LinkRulesToException: GetSectionFromEvent(SCDB_SECTION_ID) failed.
SC_Malloc:Can't allocate memory,size %d
D:\BUILD_854710\BUILD\HostIps\Windows\Source\HipArmor\Db/Common/sc_malloc.c
D:\BUILD_854710\BUILD\HostIps\Windows\Source\HipArmor\Db/Match/IdMap.cpp
Failed to create IdMap: 0x%x
Failed to create IdMap: no memory
Failed to access IdMap: 0x%x
Failed to lookup IdMap: 0x%x
firstAvailable
D:\BUILD_854710\BUILD\HostSharedSource\HssUtils/Mk/MkMap.cpp
("Illegal insert of item that already exists in map", 0)
("Illegal remove of item that does not exist in map",0)
ASSERT:
.\assertives.cpp
Runtime static initializer failure.
System
0123456789abcdef0x
0123456789ABCDEF0X
D:\BUILD_854710\BUILD\HostIps\Windows\Source\HipArmor\release\mfeepmpk.pdb
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
PsTerminateSystemThread
KeWaitForMultipleObjects
ZwClose
PsCreateSystemThread
ExInitializeResourceLite
ExDeleteResourceLite
ExAcquireResourceSharedLite
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleaseResourceLite
KeGetCurrentThread
ExAcquireResourceExclusiveLite
KeClearEvent
memcpy
MmHighestUserAddress
IoGetCurrentProcess
PsDereferencePrimaryToken
PsReferencePrimaryToken
ProbeForWrite
ProbeForRead
PsGetProcessId
ObfDereferenceObject
PsLookupProcessByProcessId
RtlCompareMemory
ZwQueryValueKey
RtlInitUnicodeString
ObOpenObjectByPointer
ZwOpenKey
ZwEnumerateValueKey
towupper
wcsncmp
_wcsnicmp
wcschr
SeReleaseSubjectContext
SeUnlockSubjectContext
SeLockSubjectContext
SeCaptureSubjectContext
RtlValidSid
memset
ExFreePool
RtlLengthSid
ObReferenceObjectByHandle
RtlGetVersion
MmIsAddressValid
MmSystemRangeStart
_purecall
KeQuerySystemTime
PsGetCurrentThreadId
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQueryInformationProcess
ZwOpenProcess
strncat
strncpy
RtlUpcaseUnicodeChar
RtlUpperChar
wcsncpy
wcscspn
ntoskrnl.exe
KeGetCurrentIrql
KeQueryPerformanceCounter
HAL.dll
KeBugCheckEx
RtlUnwind
KeNumberProcessors
DbgPrint
DbgBreakPoint
strrchr
IoCreateSymbolicLink
IoDeleteSymbolicLink
memmove
ZwDeviceIoControlFile
ZwOpenFile
ZwSetValueKey
MmGetSystemRoutineAddress
ZwWaitForSingleObject
_stricmp
PsGetCurrentProcessId
KfAcquireSpinLock
KfReleaseSpinLock
2M2b2k2
2>3D3_3f3t3
4.5Z5d5l5
5 6)6:6n6x6
3)3P3U3Z3e3q3x3=4r4|4
5H6R6Z6m6w6
;C<S<r<
? ?#?'?+?/?3?7?;???C?G?K?O?S?W?[?f?
0 00090E0V0u0
2c2k3u3
3=4Q4[4c4
4Q5[5c5
7#7,7X7
8P8f8|8
869@9f;
T0]0n0
2!2B2W2m2v2
3!3)3d3f4p4x4
6"7X7f7
8_8m8I9
a0-1{1
727H7`7
8/8V8}8
9*9;9|9
</=Y=9>
1(2H2O2`2o2v2
4P5d5n5v5
9c:i:y:
031=1b1
1%2E2]2b2N3
6#6b6l6
8;8A8K8S8
919@9^9s9
="=)=5=T=_=
0B1I1V1]1d1v1
5*5U5_5s5z5
='=5=M=f=z=
+0B0_0
0S1Y1^1
2)535;5
8!8J8n8x8
9/9<9L9Y9f9s9
90:9:i:w:
<Q<[<f<v<|<
:S;];e;
;\<a<u<
30=0D0q0{0
3 3*323
3A4F4K4P4
7$7K7Q7
8G8Q8o8y8
8&909;9
<2<?<^<l<
0:0q091C1K1a1k1s1
2#3d3n3v3
3`4h4q4
>-?D?[?r?
*01080?0F0M0T0[0i0
1!181R1l1
132:2A2H2O2V2]2d2k2r2|2
6/666y6
8\:e:j:
6Y:j:y:
>>>[>o>=?F?o?
0'181;2A2G2M2S2Y2_2
3m4$505
;+<G<d<t<
>&?-?4?;?B?I?h?o?v?}?
.0Y0r0
6"6D9f9o9
:+:1:V:{:
&2#3/3>3D3
4$484n4y4
9D9K9S9
0l2r2x2~2
6A6H6Z6c6u6~6
7"7B7I7S7X7b7m7
8'8,868;8E8J8T8Y8c8h8r8w8
9$9*9/959;9A9F9L9W9e9r9
:0:6:O:U:i:o:
;A;];f;o;w;
<!<&<0<5<?<D<N<S<]<b<l<q<{<
= =%=/=4=>=I=`=j=u=
> >%>/>D>I>N>X>]>h>n>v>
?"?'?1?6?A?G?N?T?b?g?q?v?
0%0*04090D0I0
1#1-121<1A1K1P1Z1_1k1p1~1
262;2M2d2s2~2
4(4H4T4j4
5 5(535H5Q5W5v5
7c8l8v8
9(:7:T:|:
<<<a<m<~<
=4=<=J=z=
1A2e2n2w2~2
<H=Q=d=-?4?F?M?
w0~0$1(1,1014181<1@1D1H1L1P1h1l1p1t1
2024282<2@2
3 3$3d3h3l3p3t3
:.;5;M;T;
</?6?H?O?
0 1$1(1,1014181<1@1D1H1L1d1h1l1p1
1,2024282<2|2
3 3`3d3h3l3p3
3h6n6t6z6
? ?$?(?
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
60;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;
@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
5t8x8|8
> >(>,>H>h>
?(?4?L?P?l?p?
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
1(1,10181<1@1D1H1L1P1T1\1`1d1h1l1p1t1x1|1
5$5,545<5D5L5T5\5d5t5|5
6$6,646<6D6L6T6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848D8L8T8\8d8l8t8
9$9,949<9D9L9\9d9l9t9|9
:$:,:4:<:D:L:T:\:d:l:t:|:
;$;4;D;L;T;d;l;|;
<$<,<4<<<D<L<T<\<d<l<t<|<
= =$=(=0=4=8=@=D=H=P=T=X=`=d=h=p=t=x=
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160721000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
u1H/P\
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!0 0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
http://www.mcafee.com 0
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
180829154658Z0#
q<$::A
A<S;'[l
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
171101191842Z
181101191842Z0
Washington1
Redmond1
Microsoft Corporation1;09
2Microsoft Windows Hardware Compatibility Publisher0
-.7jvp|A|
232825+2432940
chttp://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crl0
ehttp://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crt0
$dO\;J0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
120418234838Z
270418235838Z0
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
-g<'<V
}PH.=C
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
p%|Yi1$
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 2012
(https://www.microsoft.com/en-us/windows 0
$P-'9Y
20180829204557.013Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:843D-37F6-F1041%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100701213655Z
250701214655Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
$`2X`F
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
oK0D$"<
r~akow
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
180823202711Z
191123202711Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:843D-37F6-F1041%0#
Microsoft Time-Stamp Service0
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:843D-37F6-F1041%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1
AOC1'0%
nCipher NTS ESN:2665-4C3F-C5DE1+0)
"Microsoft Time Source Master Clock0
20180829092252Z
20180830092252Z0t0:
U7~cj`
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
'VI3EE,O
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160816000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
http://www.mcafee.com 0
>Do2]Dv&
20180829154728Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G2
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
170102000000Z
280401235959Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G20
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-50
\Z^ k;
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
180829154728Z0/
/1(0&0$0"
!This program cannot be run in DOS mode.
h.rdata
H.data
.pdata
H.bldvar
B.reloc
D$ MFE1
WATAUAVAWH
A_A^A]A\_
WATAUH
0A]A\_
VWATAUAVH
A^A]A\_^
WATAUAVAWH
A_A^A]A\_
x ATAUAVH
@A^A]A\
H9t$Pt
G8H9D$0t
H9t$Pt
H9T$0t
H!;H!{
H9\$@u
@SUVWATAUH
A]A\_^][
@SUVWATH
A\_^][
UVWATAUH
A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
L$PH9l$Pt%H
L$PH9l$Pt%H
L$PH9l$Pt%H
UVWATAUH
D$@D9hHt
A]A\_^]
\$ UVWATAUAVAWH
A_A^A]A\_^]
\$ UVWATAUAVAWH
A_A^A]A\_^]
VWATAUAVAWH
I!{ H!|$X3
A_A^A]A\_^
WATAUH
A]A\_
D$@|xH
8\t^Hc
H;L$@H
t$ WATAUAVAWH
L$@H9\$8u
L$@H9\$8
9\$Ht;D;
A_A^A]A\_
H9t$0t
H9T$@t
t$ WATAUAVAWH
u L9aXuJL
A_A^A]A\_
UVWATAUAVAWH
L9\$Pt
A_A^A]A\_^]
x ATAUAVH
P:fA9T$T
A^A]A\
L$ ATAUAVH
@A^A]A\
VWATAUAVH
@A^A]A\_^
t$ WATAUAVAWH
I!8I!9H
A_A^A]A\_
VWATAUAVH
0A^A]A\_^
WATAUAVAWH
A_A^A]A\_
UVWAUAVH
@88t$A
A^A]_^]
UVWATAUAVAWH
A_A^A]A\_^]
t$ WATAUH
WATAVH
A^A\_H
UVWATAUAVAWH
@A_A^A]A\_^]
VWATAUAVH
0A^A]A\_^
WAUAVH
{8H9{0t
WAVAWH
A_A^_
|$ AVH
@SUVWATH
A\_^][
H92tTH;
p WATAUH
@A]A\_
\$ D;Z
\$ D;Z
ATAUAVH
A^A]A\
UUUUUUUUH
33333333H
x ATAUL
WATAUAVAWH
A_A^A]A\_
UVWATAUH
pA]A\_^]
\$ D;Z
t$ WATAUAVAWH
D$4H)C
A_A^A]A\_
\$ E;X
D$0D)\$8J
@SUVWH
D$PuDH
t$ WATAUH
t>L9gH
A]A\_H
x ATAUAVH
A^A]A\
\$0D;Z
@SUVWATAUAVAWH
t2L93u
tBL9sH
A_A^A]A\_^][
WATAUAVAWH
fD9>t|M;
twfE9<$tpf
A_A^A]A\_
t>H9{H
WATAUAVAWH
t6D91v
A_A^A]A\_
WATAUAVAWH
tDH9GH
A_A^A]A\_
WATAUH
A]A\_
x ATAUH
WATAUH
A]A\_
L$DD!\$@E
WATAUAVAWH
0A_A^A]A\_
UVWATAUAVAWH
A_A^A]A\_^]
t$ WATAUAVAWH
0A_A^A]A\_
SUVWATH
PA\_^][
WATAUH
A]A\_
tCf9\$Pt
f9\$Pt
tHf9\$Pt
f9\$Pt
tEf9\$Pt
f9\$Pt
tJf9\$Pt
f9\$Pt
f;k0sMH
fD;C0s/M
WATAUH
A]A\_
x ATAUAVH
0A^A]A\
WATAUAVAWH
0A_A^A]A\_
x ATAUAVH
0A^A]A\
WATAUAVAWH
0A_A^A]A\_
x AUAVAWH
T$8uYH
@A_A^A]
L$PH9)
WATAUH
uIfD9/tAL
VWATAUAVH
.L9t$ u
0A^A]A\_^
uUfD9d$Pu
VWATAVAWH
L9\$xtjH
A_A^A\_^
VWATAVAWH
A_A^A\_^
VWATAUAWH
A_A]A\_^
x ATAUAVH
A^A]A\
UVWATAUAVAWH
9D$Pt&
D9|$Ht
A_A^A]A\_^]
f;{0s(H
WATAUAVAWH
A_A^A]A\_
t)fD9A
WATAUAVAWH
0A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
` AUAVAWH
@A_A^A]
f;k0s&H
WATAUH
A]A\_
@SUVWATAUAVH
utfD9t$pt
0A^A]A\_^][
t$ WATAUH
A]A\_
t$ WATAUAVAWH
d$XfE;
A_A^A]A\_
WATAUAVAWH
L9|$ uqL9|$(uj
0A_A^A]A\_
x ATAUAVH
A^A]A\
x ATAUAVH
A^A]A\
x ATAUAVH
A^A]A\
x ATAUAVH
A^A]A\
UVWATAUAVAWH
pA_A^A]A\_^]
WAUAVH
D9t$hv#L
A^A]_
f9l$Xu
WATAUH
A]A\_
f9t$0t,
VWATAUAVH
0A^A]A\_^
3w?t6A
UVWATAUAVAWH
A_A^A]A\_^]
x ATAUAVH
A^A]A\
x ATAUAVH
fD97u3H
A^A]A\
x ATAUAVH
fD97u3H
A^A]A\
H9\$Xu
t f9\)
H9\$Xu
H!D$(H
WATAUH
u/fD9.u
A]A\_
uWf9l$@t
UVWATAUAVAWH
@A_A^A]A\_^]
VWATAUAVH
fD97t?H
L93t'A
0A^A]A\_^
tCfD;M
H!D$@H
WATAUH
A]A\_
WATAUAVAWH
A_A^A]A\_
T$ D;Q
WATAUAVAWH
@A_A^A]A\_
\$ UVWH
|$ ATH
l$ VWATH
D$(4 B
ALDCu!H
@SUVWATAUAVH
A^A]A\_^][
VWATAUAVH
A^A]A\_^
UAUAVAWH
A_A^A]]
t$ WATAUH
WATAUH
@8l$pt
A]A\_
WATAUH
@8l$pt
A]A\_
~+fffff
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
~+fffff
l$ VWATH
Controlling process monitor thread finishes with error code 0x%x
Controlling process monitor thread finishes normally
Controlling process died
Monitoring controlling process 0x%x
Failed to create monitor thread: 0x%x
.\ExecutableInfo.cpp
Win32Path().Len()
(ei.flags & Es::Path) && ei.path.len == e->ei.path.len
d:\build_854710\build\hostips\windows\source\hiparmor\hipshieldkernel\ExecutableSectionValues.h
refCnt>0
!esvRefCnt
exeTableHead
MfeHipsk::InjectionResultNofification injection state cannot be modified at this point
ERROR: MfeHipsk::InjectionResultNofification there was a problem getting the processinfo of current process
ERROR: MfeHipsk::InjectionResultNofification there was a problem updating injection state 0x%x on monitored pid 0x%x
MfeHipsk::InjectionResultNofification monitored pid 0x%x injection state updated to 0x%x
.\mfehipsk_content.cpp
n == 33
Failed to apply shield DB: 0x%x
Applied shield DB size 0x%x
Failed to set policies: 0x%x
Set Policies succeeded.
Instance has been stubbed out.
ERROR: Unexpected HamQ code 0x%x
d:\build_854710\build\hostips\windows\source\hiparmor\hipshieldkernel\ExecutableInfo.h
Pipe connect from pid 0x%x returns 0x%x,0x%x
Unable to exchange process state bits
Got %d byte query
Unable to query current process info for exchange
ContentDriverQuery received function %d
Executable Specifications Table contains %u entries
Applied executable table: %u entries, 0x%x + 0x%x bytes
Failed to apply executable table: 0x%x
GetMessages invalid parameter(s)
ConfigureInjection incorrect data size 0x%x.
StubOutInstance invalid parameter
SetPolicies incorrect data size 0x%x.
Illegal control attempt by pid 0x%x.
SetConfig incorrect data size 0x%x.
Control attempt by pid 0x%x rejected, code 0x%x.
.\mfehipsk_filefilter.cpp
KeGetCurrentIrql() <= APC_LEVEL
valuePtr == (Byte*)(&valueStorage + 1)
sectionPtr == (Byte*)(§ionStorage + 1)
ProcessIsStarted: pid 0x%x, flagx 0x%x, parent pid 0x%x
.\mfehipsk_procfilter.cpp
process
Unexpected error checking opened process with program engine: %d
Unable to filter open process access: Rules database not ready
Access bits 0x%x (mask 0x%x) stripped from OpenProcess(%S)
Unexpected failure to identify target process info
Unexpected failure to identify actor executable path
Unexpected failure to identify actor process executable instance
Unexpected error checking new process with program engine: %d
Unable to get image name for process being created
Unexpected failure to find ProcessInfo for 0x%x
NotifyProcessStart: pid 0x%x, parent pid 0x%x
NotifyProcessStop: pid 0x%x
.\mfehipsk_regfilter.cpp
\REGISTRY\MACHINE\SYSTEM\ControlSet\Services\
\Start
\REGISTRY\MACHINE\SYSTEM\ControlSet\Services\
\REGISTRY\MACHINE\SYSTEM\ControlSet\Hardware Profiles\
\System\CurrentControlSet\Enum\ROOT\LEGACY_
invalid
disabled
manual
automatic
system
\REGISTRY\MACHINE\SYSTEM\ControlSet\Services\
d:\build_854710\build\hostips\windows\source\hiparmor\hipshieldkernel\../HipShieldCommon/RegUtil.cpp
commonPrefixLen && oldPrefixLen
commonPrefix || valuePart
EventsDBPtr == (Byte*)(&EventsDBStorage + 1)
User mode returns error code 0x%x for sid lookup
User mode not listening for sid lookup
.\mfehipsk_sid.cpp
Out of resources to maintain sid map, code 0x%x
User mode failed to determine name for sid
Out of resources to maintain sid map
.\mfehipsk.cpp
references
me == v && memBuf == (Byte*)(me+1)
(MfeSai::Eid)p == InvalidEid
me == v+n && memBuf == (Byte*)(me+1)
eid != InvalidEid
dbContext
!dbContext
Eid %u
Db: %s
DriverUnload
!references
references == 1
MfeHipsk::ReleaseAndDestroy
!exeTableDb && !exeTableDbRef
(memBuf - storage) <= sizeof(Section)
(memBuf - storage) <= sizeof(Value)
old != newValues
Failed to load avfk driver
Failed to get name cache service
avfkHandle == INVALID_HANDLE_VALUE
Loading avfk driver for name cache service
Existing avfk driver instance is providing name cache service
value && !value->next && GetValueType(value) == VAL_TYPE_UNICODE && value->size > 2
Failed to create MfeHipsk initialization thread: 0x%x
Driver entry returning %x
Bad load arguments
Bad version info
clientContext->Init returned %x
DriverEntry
d:\build_854710\build\hostips\windows\source\hiparmor\hipshieldkernel\../InjectionK/ProcessMonitoring.cpp
Unexpected failure querying pid 0x%x bits
%s Eid %u
Descend
NoSync
Exclude
Include
Injection lists:
exeTableDb
Potential ProcessInfo management issue for pid 0x%x
processEntry
bucket
state != Startup
Process 0x%x is not currently registered
msg->pid == (int)XntGetCurrentProcessId()
d:\build_854710\build\hostips\windows\source\sai\private\SaiEidVector.h
NumSparse() < SaiEidVectorSparseThreshold
d:\build_854710\build\hostips\windows\source\hiparmor\hipshieldkernel\../../Sai/Match/SaiUnPatch.cpp
d:\build_854710\build\hostips\windows\source\hiparmor\hipshieldkernel\../../Sai/Match/SaiMatchTrie.cpp
subStrLen
Unexpected failure to allocate message space
Unexpected resource failure copying string: 0x%x
d:\build_854710\build\hostips\windows\source\hiparmor\hipshieldkernel\../../Sai/Match/SaiLookupHelper.cpp
currentTrace
stillHasWildCards
shortenedVersion.Len() >= 3
Unexpected low resource state
Unexpected 0x%x bit module
Unexpected null module path
Unexpected failure querying module information
Pid 0x%x is network facing
Process monitoring configured (%s) 0x%x/0x%x/0x%x/0x%x
async only
with sync
Unable to identify 0x%x for ips enforcement
Unable to identify unregistered 0x%x for ips enforcement
Unable to identify a process for ips enforcement
No services manager process was registered
Process stopped during startup notifications: 0x%x
servicesPid == (HANDLE)-1
Unexpected failure to find a process entry
UM module load report failure: 0x%x
NoticeLoadImage - ProcessEntry::SyncInjectionActive is set: 0x%x
NoticeLoadImage - wantSyncInjected true. Setting SyncInjectionActive flag: 0x%x
Unexpected missing process entry during image load: 0x%x
InjectionK
Unexpected empty syscore path for process: 0x%x
Inserted new process entry: 0x%x
Unexpected failure to insert a process entry: 0x%x
Unexpected failure to create a new process entry: 0x%x
Unable to add pid 0x%x for tracking
Parent process 0x%x is not registered
.\HipArmorKernelLog.cpp
sendSize <= bufSize
, local_file
, query
, raw_url
raw_data
Agent truncated details - too much data to display.
- too much data to display.
Agent was unable to send advanced details
Agent was unable to send advanced details for sections:
TruncateStringValues: Packed query size:%d.
SC_Block:PackupViolationInDb:PackAndPatchEventsDB() failed.
SC_Block:PackupViolationInDb:SC_Malloc() failed.
SC_Block:PackupViolationInDb:GetEventsDBTotalSize() 2 failed.
SC_Block:PackupViolationInDb:GetEventsDBTotalSize() failed.
SC_Block:PackupViolationInDb:CreateEventsDB() failed.
D:\BUILD_854710\BUILD\HostIps\Windows\Source\HipArmor\Db/Match/sc_block.c
D:\BUILD_854710\BUILD\HostIps\Windows\Source\HipArmor\Db/Match/trie.c
isNodeAttributeSet(me, TRIE_NODE_ATTRIB_IS_ID_MAP)
SC_Block: CreateEventsDB() failed.
SC_Block: AddNewSectionToEvent(SCDB_SECTION_USER_GROUPS) failed.
SC_Block: AddNewStringValToSec() failed.
SC_Block: PackupViolationInDb() failed.
%s event matching sig %d
Reaction to event matching sig %d has been downgraded to log due to unknown application path
Unexpected failure removing internal detail from violation
SC_Block:Found auto gen rule
SC_Block: SC_GetGlobalData(policies_head) failed.
GetValueType(val) == VAL_TYPE_EXEC_ID
CreateClassTree: GetNextRelevantSecForClass(%ld) failed
CreateClassTree: isReqTrie(%ld, %ld) failed
CreateClassTree: CreateTrieNode() failed.
linkCandChainsInSuperTree failed
AddRulesDbToSuperTree failed
CreateSuperTree failed
BuildSuperTree: AddNewConstStringValTOSec(g_incAddSec, allChars) failed
BuildSuperTree: CreateRuleSection(g_incAllSec) failed
Tamper
Illegal_API_Use
Program
Illegal Use
Buffer_Overflow
Services
Registry
Exceptions
*SG_Global*
*SG_Internal*
Parent Executable Fingerprint
Parent Executable Description
Parent Executable Subject Org Name
Parent Executable Is Trusted SDN
Parent Executable SDN
Parent Executable Path
Executable Fingerprint
Executable Description
Subject Organization Name
Is Trusted Subject Distinguished Name
Subject Distinguished Name
treaction
Disable Globals
ex_Group_SID
Take ownership
Warning Note
violations
module stack
dependencies
user groups
token handle
global logon id
session id
process id
unique rule ids
wrkstn name
domain user name
domain name
user name
Executable
application
illegal_api_use:invalid_call
illegal_api_use:bad_parameter
Vulnerability Name
Detailed Event Info
sql:request
transport
sql_user_password
authentication_mode
sql_line_comment
sp_param_char_len_ten
sp_param_char_len_nine
sp_param_char_len_eight
sp_param_char_len_seven
sp_param_char_len_six
sp_param_char_len_five
sp_param_char_len_four
sp_param_char_len_three
sp_param_char_len_two
sp_param_char_len_one
sp_param_orig_len_ten
sp_param_orig_len_nine
sp_param_orig_len_eight
sp_param_orig_len_seven
sp_param_orig_len_six
sp_param_orig_len_five
sp_param_orig_len_four
sp_param_orig_len_three
sp_param_orig_len_two
sp_param_orig_len_one
sp_param_ten
sp_param_nine
sp_param_eight
sp_param_seven
sp_param_six
sp_param_five
sp_param_four
sp_param_three
sp_param_two
sp_param_one
client_agent
server_name
db_user_name
sql_original_query
sql_query
sp_name
isapi:response
isapi:request
isapi:rawdata
isapi:reqquery
isapi:requrl
content len
server
source
raw url
local file
method
Web Server Type
raw data
files:permissions
files:hardlink
files:writeop
files:attribute
files:rename
files:delete
files:execute
files:write
files:read
files:create
drive type
dest file
hook:set_windows_hook
Handler Description
Handler Fingerprint
Handler Organization Name
Handler Is Trusted Distinguished Name
Handler Distinguished Name
Handler Path
Handler Module
image:load_for_execute
Image Description
Image Fingerprint
Image Organization Name
Image Is Trusted Distinguished Name
Image Distinguished Name
Image Path
program:open_with_any
program:open_with_create_thread
program:open_with_wait
program:open_with_modify
program:open_with_terminate
program:run
Target Fingerprint
Target Description
Target Organization Name
Is Trusted Target Distinguished Name
Target Distinguished Name
Target Executable
illegal:api
bo:dep_viol
bo:dep_write
bo:dep_heap
bo:dep_stack
bo:privilege_escalation
bo:no_module
bo:different_stack
bo:call_return_to_api
bo:call_different_target
bo:call_not_found
bo:call_return_unreadable
bo:invalid_call
bo:writeable_memory
bo:heap
bo:stack
DLL Name
Caller Description
Caller Fingerprint
Caller Organization Name
Caller Is Trusted Distinguished Name
Caller Distinguished Name
Caller Path
Caller Module
target_bytes
API Name
services:delete
services:create
services:logon
services:profile_disable
services:profile_enable
services:startup
services:continue
services:pause
services:stop
services:start
group names
hw profile
new startup
old startup
params
display names
services
registry:open_existing_key
registry:load
registry:replace
registry:restore
registry:monitor
registry:enumerate
registry:permissions
registry:modify
registry:delete
registry:rename
registry:read
registry:create
new data type
old data type
new data
old data
dest keys
values
Exclude_more
Include_more
attributes
directives
Exclude
Include
Exception
UNKNOWN
policiesHead
shieldDbHead
UNICODE-MIN_VAL
INT-MIN_VAL
HEXBIN-MIN_VAL
BIN-MIN_VAL
EXEC_ID
ERROR!!! NO SUCH TYPE
STRING-MIN_VAL
STRING
UNICODE
HEXBIN
MIN_VALUE
CASE_SENSITIVE
DATA_OWNER
OWN_MYSELF
DATA_STAR
CREATED_IN_KERNEL_MODE
ERROR!!! NO SUCH ATTRIBUTE
(TC) isValidRelativePtr: %s - unexpected offset value (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
(TC) isValidRelativePtr: %s - invalid ptr offset (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
(TC) isValidRelativePtr: %s - invalid offset (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
UnpatchValue: me->data.bin
UnpatchValue: me->next
(TC) UnpatchValue: me->size (%ld) invalid data size
(TC) UnpatchValue: me->attributes invalid attr or val
FreeValue: tried to free INT value!
%sattributes %s= %s = %s
%snext = 0x%p
%ssize = %ld
%sexData = %ld
%sdata = "%s"
%sdata = "%S"
%sdata = "0x%p"
%sdata = %ld
%stype = %s
%s--- Value ---
NOVAL_REV
NOVAL_REM
NOVAL_ALL
IS_CREATED_IN_KERNEL_MODE
NO SUCH ATTRIBUTE!
IS_OWN_MYSELF
DONT_DISPLAY
DONT_COMPARE
DONT_ALLOW_EX
INCLUDE
EXCLUDE
UnpatchSection: me->next
UnpatchSection: me->values
(TC) UnpatchSection: me->type invalid
(TC) UnpatchSection: me->attributes invalid attr or val
%svalues = 0x%p
%snext = 0x%p
%stype = %ld
%sname = %s
%s--- Section ---
EXCEPTION_CREATED_FROM_RULE
AUDIT_MODE_SUPPORTED
NOT_AUDITABLE
NO_LOG
EXCEPTION_MATCHES_ALL_RULE_IDS
EXCEPTION
INACTIVE
NO_TRUSTED_APPS
(TC) UnpatchEvent: me->type invalid
(TC) UnpatchEvent: me->sigId invalid
UnpatchEvent (me->secLookupTable[i].v)
UnpatchEvent: me->next
UnpatchEvent: me->sections
(TC) UnpatchEvent: me->attributes invalid attribute
(TC) UnpatchEvent: me->directives invalid directive value
%sdirectives = %s
%ssections = 0x%p
%ssecLookupTable[%3ld] = 0x%p
%sreaction = %ld
%suniqueId = %ld (0x%lx)
%ssigId = %ld (0x%lx)
%sengine name = %s
%sengineType = %ld
%s--- %s ---
UnpatchEventsDB: me->events
(TC) UnpatchEventsDB: me->attributes invalid attr
(TC) UnpackEventsDBCkSm: invalid size
(TC) UnpackEventsDBCkSm: invalid values:%u %u
FindAndAddRulesToSection: SetEventDirective() failed. (#1)
FindAndAddRulesToSection: UniqueIdFromRule() failed. (#1)
FindAndAddRulesToSection: AddNewInstValueToSection() failed. (#1)
LinkRulesToException: FindAndAddRulesToSection() failed.(#2)
LinkRulesToException: RemoveSectionFromInst() failed.
LinkRulesToException: FindAndAddRulesToSection() failed.(#1)
LinkRulesToException: SetSectionAttribute(SEC_ATTRIB_DONT_COMPARE) failed.
LinkRulesToException: AddNewSectionToEvent(SCDB_SECTION_RULES) failed.
LinkRulesToException: SetEventAttribute(EVENT_ATTRIB_EXCEPTION_MATCHES_ALL_RULE_IDS) failed.
LinkRulesToException: GetSectionFromEvent(SCDB_SECTION_ID) failed.
SC_Malloc:Can't allocate memory,size %d
D:\BUILD_854710\BUILD\HostIps\Windows\Source\HipArmor\Db/Common/sc_malloc.c
D:\BUILD_854710\BUILD\HostIps\Windows\Source\HipArmor\Db/Match/IdMap.cpp
Failed to create IdMap: 0x%x
Failed to create IdMap: no memory
Failed to access IdMap: 0x%x
Failed to lookup IdMap: 0x%x
firstAvailable
D:\BUILD_854710\BUILD\HostSharedSource\HssUtils/Mk/MkMap.cpp
("Illegal insert of item that already exists in map", 0)
("Illegal remove of item that does not exist in map",0)
ASSERT:
.\assertives.cpp
Runtime static initializer failure.
System
0123456789abcdef0x
0123456789ABCDEF0X
D:\BUILD_854710\BUILD\HostIps\Windows\Source\HipArmor\amd64rel\mfeepmpk.pdb
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
PsTerminateSystemThread
KeWaitForMultipleObjects
ZwClose
PsCreateSystemThread
ExInitializeResourceLite
ExDeleteResourceLite
ExAcquireResourceSharedLite
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeClearEvent
__C_specific_handler
MmHighestUserAddress
IoGetCurrentProcess
PsDereferencePrimaryToken
PsReferencePrimaryToken
ProbeForRead
ProbeForWrite
PsGetProcessId
ObfDereferenceObject
PsLookupProcessByProcessId
RtlCompareMemory
ZwQueryValueKey
RtlInitUnicodeString
ObOpenObjectByPointer
ZwOpenKey
ZwEnumerateValueKey
towupper
wcsncmp
_wcsnicmp
wcschr
SeReleaseSubjectContext
SeUnlockSubjectContext
SeLockSubjectContext
SeCaptureSubjectContext
RtlValidSid
ExFreePoolWithTag
RtlLengthSid
ObReferenceObjectByHandle
RtlGetVersion
MmIsAddressValid
MmSystemRangeStart
_purecall
PsGetCurrentThreadId
ExAllocatePoolWithTag
ZwQueryInformationProcess
ZwOpenProcess
strncat
strncpy
RtlUpcaseUnicodeChar
RtlUpperChar
wcsncpy
wcscspn
ntoskrnl.exe
KeQueryPerformanceCounter
HAL.dll
KeBugCheckEx
KeNumberProcessors
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
DbgPrint
DbgBreakPoint
strrchr
IoCreateSymbolicLink
IoDeleteSymbolicLink
ZwDeviceIoControlFile
ZwOpenFile
ZwSetValueKey
MmGetSystemRoutineAddress
ZwWaitForSingleObject
_stricmp
PsGetCurrentProcessId
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160721000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
u1H/P\
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!0 0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
http://www.mcafee.com 0
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
180829160837Z0#
MK{$kA
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
171101191842Z
181101191842Z0
Washington1
Redmond1
Microsoft Corporation1;09
2Microsoft Windows Hardware Compatibility Publisher0
-.7jvp|A|
232825+2432940
chttp://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crl0
ehttp://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crt0
$dO\;J0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
120418234838Z
270418235838Z0
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
-g<'<V
}PH.=C
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
p%|Yi1$
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 2012
(https://www.microsoft.com/en-us/windows 0
20180829204602.62Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:57C8-2D15-1C8B1%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100701213655Z
250701214655Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
$`2X`F
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
oK0D$"<
r~akow
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
180823202712Z
191123202712Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:57C8-2D15-1C8B1%0#
Microsoft Time-Stamp Service0
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
~$QR_2
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:57C8-2D15-1C8B1%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1
AOC1'0%
nCipher NTS ESN:2665-4C3F-C5DE1+0)
"Microsoft Time Source Master Clock0
20180829092612Z
20180830092612Z0t0:
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
\7o Pq
}&`O4?
Z-3;W,
,2f]49oA
y9_I[k
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160816000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
http://www.mcafee.com 0
u^7lGK
20180829160852Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G2
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
170102000000Z
280401235959Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G20
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-50
\Z^ k;
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
180829160852Z0/
/1(0&0$0"
xd^oBVIWk
/9wfbS
!This program cannot be run in DOS mode.
mZ&AmE
mZ&CmI
mZ&wmM
mZ&vmI
mZ&rmr
mZ&Fm@
mZ&Gm@
mZ&@m@
mRichA
`.rdata
@.data
@.reloc
thPWhHI
d}Vh`J
D$$PVW
D$$PWV
D$ PSW
D$HSVW
tXf93tS
t[f9 tV
wD;wHt(
wT;wXt$
tu9Y8up
t?9Y8u:
D$ SVWh
uwjzhdc
D$0SVW
D$XSVW
D$09|$(r
K(9{ r
t2Ht Hu<S
T$$9T$d
T$$9T$du
T$$9T$du
T$$9T$du
P QWAQR
L$,hTO
T$,hLO
D$$h8O
T$,h$O
T$,htN
D$$h\N
D$$h<N
t^f93tY3
tUf9 tP
69V8u69WHt
t*9P8u%
D$(SVW
V PQ@PR
9|$Dt'
|$@)\$Du
P0WVhp3
P0Vhp3
P0Vhp3
@0SVhp3
P0Vh 4
@0QWh 4
P0Sh 4
P0WSh 4
P0WSh 4
P0Wh 4
@0Qh 4
@0Sh 4
@0Vh 4
@0Vh 4
P0Vh 4
A,Phd5
@0QWh 4
P0Sh 4
P0Sh 4
A0Sh 4
P0Vh 4
t 8X9r
P0Vh 4
t!8XYr
@PQVh 4
t"8X9r
P0Vh 4
ti8X9rd
P0Vh 4
P0Vh 4
P0Vh 4
NHQhp7
VLRhd7
FPPhL7
NTQh47
N0Qh|8
V4Rhd8
F8PhL8
N<Qh48
F,PhH9
N0Qh49
V4Rh 9
@0Qh 4
@0SWQVh 4
@0Qh 4
A0Sh 4
P0Vh 4
P0Sh 4
P0Vh 4
P0Vh 4
P0Vh 4
P0Vh 4
@0QSh 4
P0Vh 4
P0Vh 4
@0Sh 4
U(RQPj
@0Qhh9
P0Vhh9
@0Vhh9
@0VQWhh9
P0Whh9
@0QWShh9
P0FVhh9
@0QShh9
P0Shh9
I0Shh9
I0Shh9
SQVhH;
SQVWhH;
SQVhH;
9{ vAV
_(9_(s
Vhmfeph
hmfepV
hmfeph
hmfepP
hmfep+
hmfepW
hmfepW
hmfep+
hmfepW
hmfepW
hmfepP
VQRh0D
LogLib.dll
NotComDllUnload
TraceMessageVa
TraceMessage
VtpUtils
MmsControl
SymGetModuleBase64
SymFunctionTableAccess64
SymCleanup
StackWalk64
SymLoadModuleEx
SymInitialize
StackWalkEx
QueryWorkingSetEx
SfcIsFileProtected
GetProcessIdOfThread
EnumProcessModulesEx
GetProcessImageFileNameW
VerifyCatalogSignature
RtlUpcaseUnicodeString
RtlCompareUnicodeString
NtQueryDirectoryFile
NtReadFile
RtlGetVersion
RtlDosPathNameToNtPathName_U
RtlNtStatusToDosError
RtlFreeUnicodeString
RtlInitUnicodeString
NtSetInformationFile
NtQueryInformationFile
NtCreateFile
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
SharedCacheErrorToString
SharedCacheWrite
SharedCacheFreeQuery
SharedCacheQuery
SharedCacheRelease
SharedCacheInit
ExamineCertificates
cryptnet.dll
0123456789abcdef0x
0123456789ABCDEF0X
STREET=
gSetDefaultDllDirectories
NCryptFreeObject
CertFreeCertificateContext
CertGetNameStringW
CertNameToStrW
CertAddSerializedElementToStore
CertEnumCertificatesInStore
CertCompareCertificate
CertDeleteCertificateFromStore
CertOpenStore
CertCloseStore
CryptCATAdminRemoveCatalog
CryptCATEnumerateAttr
CryptCATEnumerateCatAttr
CryptCATGetMemberInfo
CryptCATClose
CryptCATEnumerateMember
CryptCATOpen
CryptCATAdminAddCatalog
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
MD5 part of RCOM 2.3.0 11-Jun-2002
GetNativeSystemInfo
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/XML_NO_TEXT_NODE
XML_CAN_NOT_CONVERT_TEXT
XML_ERROR_PARSING
XML_ERROR_MISMATCHED_ELEMENT
XML_ERROR_EMPTY_DOCUMENT
XML_ERROR_PARSING_UNKNOWN
XML_ERROR_PARSING_DECLARATION
XML_ERROR_PARSING_COMMENT
XML_ERROR_PARSING_CDATA
XML_ERROR_PARSING_TEXT
XML_ERROR_IDENTIFYING_TAG
XML_ERROR_PARSING_ATTRIBUTE
XML_ERROR_PARSING_ELEMENT
XML_ERROR_ELEMENT_MISMATCH
XML_ERROR_FILE_READ_ERROR
XML_ERROR_FILE_COULD_NOT_BE_OPENED
XML_ERROR_FILE_NOT_FOUND
XML_WRONG_ATTRIBUTE_TYPE
XML_NO_ATTRIBUTE
XML_SUCCESS
AacControl
AacControl2
AacControl3
AacControl4
AacControl5
SHA1 part of RCOM 2.3.0 11-Jun-2002
RtlDumpResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlDeleteResource
RtlInitializeResource
ntdll.dll
blframework
..\..\..\..\..\..\HostSharedSource\HssUtils\VerifyProcess.cpp
vector<T> too long
%s exception:
(%s,%u)
RegKey
..\..\..\..\utility\mcvariant\mc\McRegKey.cpp
Unable to open registry key for reading :%S, code: 0x%x
OutOfMemory
RegKeyIterator
..\..\..\..\utility\mcvariant\mc\McRegKeyIterator.cpp
Unexpected registry access error: 0x%x
Internal
String
..\..\..\..\utility\mcvariant\mc\McString.cpp
Illegal resize of fixed string
!(nPercent >= 100)
Unable to grow string
unexpected vsnprintf failure
invalid map/set<T> iterator
NotComDllGetInterface
VtpValidationControl2
VtpValidationControl
..\..\blapiserverstub.cpp
invalid string position
string too long
list<T> too long
RegOpenKeyTransactedW
..\..\blclientcache.cpp
map/set<T> too long
..\..\blframework.cpp
IsWow64Process
kernel32
..\..\blruntimemgr.cpp
SetConfigOverride
BLFrameworkSetAlternateLogStrategy
GetBLFrameworkFactory
FreeBLFrameworkFactory
..\..\blapistub.cpp
..\..\RegistryMonitor.cpp
Unexpected result(%d) from WaitForMultipleObjects
Invalid type conversion attempt
Invalid parameter
Invalid parameter: Participant name prefix cannot be 0 length.
BLAlloc
BLFree
BLSubscribeEvent
BLUnsubscribeEvent
BLPostEvent
bad allocation
Invalid condition
deque<T> too long
D:\BUILD_922082\BUILD\ENS_ResultsDir\Release_wchar_native32\blframework.pdb
??RLogEvent@LogUtils@@QAEABU01@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@0UVarArgs@1@@Z
??RLogEvent@LogUtils@@QAEABU01@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@PBDUVarArgs@1@@Z
??RLogEvent@LogUtils@@QAEAAU01@K@Z
??0LogEvent@LogUtils@@QAE@PBDHW4Severity@1@0PAUILogManager@1@W4LoggingMode@1@_N@Z
?getLogManager@@YAPAUILogManager@LogUtils@@XZ
UuidCreate
RpcStringFreeW
UuidToStringW
RPCRT4.dll
InitializeCriticalSection
GetVersionExW
LeaveCriticalSection
InterlockedExchange
GetProcAddress
EnterCriticalSection
LoadLibraryA
DeleteCriticalSection
MultiByteToWideChar
GetLastError
GetCurrentDirectoryW
CloseHandle
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
OutputDebugStringW
GetCurrentProcessId
lstrlenA
GetModuleHandleW
WaitForSingleObject
CreateEventW
SetDllDirectoryW
GetFileAttributesW
GetModuleHandleA
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
SetEvent
WaitForMultipleObjects
GetCurrentThreadId
GetModuleHandleExW
LocalFree
LocalAlloc
LoadLibraryW
SetLastError
DeviceIoControl
CreateFileW
QueryDosDeviceW
GetLogicalDriveStringsW
ReadFile
SetFilePointer
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
GetFileAttributesExW
GetSystemWindowsDirectoryW
VirtualProtect
IsBadReadPtr
InterlockedCompareExchange
TerminateProcess
WriteFile
DebugBreak
GetSystemInfo
ResetEvent
GetSystemTimeAsFileTime
CreateMutexW
ReleaseMutex
KERNEL32.dll
wsprintfW
USER32.dll
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegNotifyChangeKeyValue
TraceEvent
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
ADVAPI32.dll
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
_vsnprintf_s
_vsnwprintf_s
strchr
_vsnprintf
_purecall
malloc
wcsncat
wcsrchr
_wcsicmp
swprintf_s
_beginthreadex
memcpy
memset
wcsncpy_s
_gmtime64_s
wcsftime
_time64
_i64tow_s
??0exception@std@@QAE@ABQBDH@Z
MSVCR100.dll
?terminate@@YAXXZ
_unlock
__dllonexit
_onexit
__CxxFrameHandler3
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1_Container_base12@std@@QAE@XZ
MSVCP100.dll
CertFreeCertificateContext
CertCreateCertificateContext
CryptVerifyMessageSignature
CertCloseStore
CertAddEncodedCertificateToStore
CertOpenStore
CryptDecodeObjectEx
CRYPT32.dll
PathFindFileNameW
wnsprintfW
SHLWAPI.dll
WinVerifyTrust
WINTRUST.dll
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
RaiseException
_wcsdup
_CxxThrowException
blframework.dll
??0BlAllocator@blframework@@QAE@ABU01@@Z
??0BlAllocator@blframework@@QAE@XZ
??0BlObject@blframework@@QAE@ABV01@@Z
??0BlObject@blframework@@QAE@XZ
??0IServerGlobalCallbacks@blframework@@QAE@ABV01@@Z
??0IServerGlobalCallbacks@blframework@@QAE@XZ
??1BlAllocator@blframework@@UAE@XZ
??1BlObject@blframework@@UAE@XZ
??4BlAllocator@blframework@@QAEAAU01@ABU01@@Z
??4BlObject@blframework@@QAEAAV01@ABV01@@Z
??4IServerGlobalCallbacks@blframework@@QAEAAV01@ABV01@@Z
??_7BlAllocator@blframework@@6B@
??_7BlObject@blframework@@6B@
??_7IServerGlobalCallbacks@blframework@@6B@
?AddRef@BlObject@blframework@@UAEXXZ
?Alloc@BlObject@blframework@@UBEPAXI@Z
?AllocChars@BlObject@blframework@@UAEPADI@Z
?AllocWideChars@BlObject@blframework@@UAEPA_WI@Z
?AssignAllocator@BlObject@blframework@@UAEXPAUIBLAllocator@2@@Z
?BLCheckClientLockState@blframework@@YAJAA_N@Z
?BLGetClientEndPointId@blframework@@YAJPAPB_W@Z
?BLGetClientInfo@blframework@@YAJPAPAUMcVariant@@@Z
?BLGetClientToken@blframework@@YAJPAPAX@Z
?BLImpersonateClient@blframework@@YAJXZ
?BLIsClientUnLocked@blframework@@YA_NXZ
?BLObjectInitializeInterface@blframework@@YAJPB_W@Z
?BLObjectInquireEx@blframework@@YAJPBDPBUMcVariant@@PAPAU2@@Z
?BLObjectRegisterInterface@blframework@@YAJPAVBlObject@1@PB_W@Z
?BLObjectUnRegisterInterface@blframework@@YAJPB_W@Z
?BLObjectUninitializeInterface@blframework@@YAJPB_W@Z
?BLRevertToSelf@blframework@@YAJXZ
?BLServerCleanUp@blframework@@YAXH@Z
?BLServerInit@blframework@@YAJPB_WPAKPAVIServerGlobalCallbacks@1@H@Z
?BLServerStart@blframework@@YAJXZ
?BLServerStop@blframework@@YAJXZ
?CreateBLErrorsInstance@blframework@@YAPAVIBLErrors@1@PBUMcVariant@@@Z
?DeleteBLErrorsInstance@blframework@@YAXPAVIBLErrors@1@@Z
?Free@BlObject@blframework@@UBEXPAX@Z
?FreeMcVariant@BlObject@blframework@@UBEJPAUMcVariant@@@Z
?GetAlloc@BlObject@blframework@@UBEP6APAXI@ZXZ
?GetAllocT@BlAllocator@blframework@@UAEP6APAXI@ZXZ
?GetBOName@BlObject@blframework@@UAEPB_WXZ
?GetBusinessObjectContract@BlObject@blframework@@UAEXPB_WPAPAUMcVariant@@AAVIBLErrors@2@@Z
?GetFree@BlObject@blframework@@UBEP6AXPAX@ZXZ
?GetFreeT@BlAllocator@blframework@@UAEP6AXPAX@ZXZ
?GetPropertiesEx@BlObject@blframework@@UAEXPB_WPBUMcVariant@@PAPAU3@AAVIBLErrors@2@@Z
?InitInstance@BlObject@blframework@@UAEJPBUMcVariant@@@Z
?InvokeMethod@BlObject@blframework@@UAEXPBDPBUMcVariant@@PAPAU3@AAVIBLErrors@2@@Z
?IsActionAllowedForUserType@BlObject@blframework@@UAEJW4tagEP_USER_TYPE@2@PB_WPAH@Z
?IsInitialized@BlObject@blframework@@UAE_NXZ
?Lock@BlObject@blframework@@UAEXXZ
?NotifyStateChange@BlObject@blframework@@UAEJW4BLStateChange@2@H@Z
?Release@BlObject@blframework@@UAEXXZ
?SendMsgUnauth@BlObject@blframework@@UAEXPBUMcVariant@@PAPAU3@AAVIBLErrors@2@@Z
?SetAllocators@BlAllocator@blframework@@UAEXP6APAXI@ZP6AXPAX@Z@Z
?SetNewDeleteImpl@BlAllocator@blframework@@UAEXXZ
?SetNullImpl@BlAllocator@blframework@@UAEXXZ
?SetPropertiesBeginEx@BlObject@blframework@@UAEXPA_KAAVIBLErrors@2@@Z
?SetPropertiesEndEx@BlObject@blframework@@UAEXPA_K_NAAVIBLErrors@2@@Z
?SetPropertiesEx@BlObject@blframework@@UAEXPB_WPBUMcVariant@@1AAVIBLErrors@2@@Z
?TriggerAction@IServerGlobalCallbacks@blframework@@UAEJPB_W0PBUMcVariant@@PAPAU3@PAUIBLObject@2@@Z
?UninitInstance@BlObject@blframework@@UAEJPBUMcVariant@@@Z
?Unlock@BlObject@blframework@@UAEXXZ
BLAlloc
BLFrameworkCleanUp
BLFrameworkInit
BLFree
BLGetBusinessObjectContract
BLGetBusinessObjectsNameList
BLGetBusinessObjectsNameListEx
BLGetConfig
BLGetLastError
BLGetObjectHandle
BLGetObjectHandleOption
BLGetPropertiesEx
BLInvokeMethod
BLPostEvent
BLReleaseObjectHandle
BLSetConfig
BLSetInquireCallbackEx
BLSetObjectHandleOption
BLSetPropertiesBeginEx
BLSetPropertiesCancelEx
BLSetPropertiesEndEx
BLSetPropertiesEx
BLSubscribeEvent
BLUnsubscribeEvent
microsoft1-0+
$Microsoft Root Certificate Authority0
060125232232Z
170125233232Z0y1
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
microsoft1-0+
$Microsoft Root Certificate Authority
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0v
JT8j#7
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
160324000000Z
180324235959Z0
956301
Folsom1
FM1-1101
1900 Prairie City Rd.1
Intel Corporation1
Intel Corporation0
?jjR2[(
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
Washington1
Redmond1
Microsoft Corporation1>0<
5Microsoft Development Root Certificate Authority 20140
140528164346Z
390528165148Z0
Washington1
Redmond1
Microsoft Corporation1>0<
5Microsoft Development Root Certificate Authority 20140
+ky;_m
HuNrf-
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160801000000Z
190801235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
#{$/R
CGQ cp
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
140305000000Z
170304235959Z0
Oregon1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
Engineering1
McAfee, Inc.0
EYZ QW
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
g}X\bP
microsoft1-0+
$Microsoft Root Certificate Authority0
010509231922Z
210509232813Z0_1
microsoft1-0+
$Microsoft Root Certificate Authority0
8 %m|g
IB{E3O
Greater Manchester1
Salford1
COMODO CA Limited1!0
COMODO Code Signing CA 20
160712000000Z
190708235959Z0
95054-18381
Santa Clara1#0!
2821 Mission College Blvd.1
McAfee, Inc.1
McAfee, Inc.0
}Nv-0n
https://secure.comodo.net/CPS0A
0http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
0http://crt.comodoca.com/COMODOCodeSigningCA2.crt0$
http://ocsp.comodoca.com0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100706204023Z
250706205023Z0y1
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Windows PCA 20100
Bm:P[H
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
[D#c%6wo
microsoft1-0+
$Microsoft Root Certificate Authority0
160211232409Z
210509232813Z0
Washington1
Redmond1
Microsoft Corporation1+0)
"Microsoft Windows Verification PCA0
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
M~S-Ogs",
0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
970110070000Z
201231070000Z0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
McAfee Inc1
McAfee External CA v10
121026155005Z
141026155006Z0
Beaverton1$0"
Gary_Weber@mcafee.com1
Engineering1
McAfee, Inc.1
McAfee Internal0
www.mcafee.com0
,https://pki.mcafee.com/pki/McAfee_CA_CPS.pdf0
9http://pki.mcafee.com/pki/McAfee%20External%20CA%20v1.crl0Y
Hhttp://dalapppki2.corp.nai.org:447/McAfee%20External%20CA%20v1_delta.crl0
Symantec Corporation1 0
Symantec Trust Network1B0@
9Symantec Class 3 Extended Validation Code Signing CA - G20
150417000000Z
160416235959Z0
Delaware1
Private Organization1
23067411
Oregon1
Beaverton1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
US-Delaware-23067410
http://sw.symcb.com/sw.crl0f
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sw.symcd.com0'
http://sw1.symcb.com/sw.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20110
110322220528Z
360322221304Z0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20110
?W@9!$V
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160816000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
110906000000Z
141008235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
_Dvlmf
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
MSFT1200
)Microsoft Authenticode(tm) Root Authority0
950101080001Z
991231235959Z0P1
MSFT1200
)Microsoft Authenticode(tm) Root Authority0
)Microsoft Authenticode(tm) Root Authority0r
MSFT1200
)Microsoft Authenticode(tm) Root Authority
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160721000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
u1H/P\
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
050921000000Z
061008235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
McAfee Inc1
McAfee Root CA0
100316001238Z
220316001238Z051
McAfee Inc1
McAfee External CA v10
,https://pki.mcafee.com/pki/McAfee_CA_CPS.pdf0F
5http://pki.mcafee.com/pki/McAfee%20Root%20CA%20v1.crl0
(e&$w*x
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
070907000000Z
081009235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
151221000000Z
170304235959Z0x1
Oregon1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0f
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
z10VqQ
McAfee Inc1
McAfee External CA v10
141121161734Z
171121161734Z0?1
pki@mcafee.com1
McAfee Legacy Signing0
Hhttp://dalapppki2.corp.nai.org:447/McAfee%20External%20CA%20v1_delta.crl0
#{("U!un
Redmond1
Microsoft Corporation1+0)
"Copyright (c) 1999 Microsoft Corp.1806
/Microsoft Windows Verification Intermediate PCA0
031217014213Z
050217015213Z0z1
Washington1
Redmond1
Microsoft Corporation1$0"
Microsoft Windows Publisher0
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
8http://crl.microsoft.com/pki/crl/products/WindowsPCA.crl0
microsoft1-0+
$Microsoft Root Certificate Authority0
050915215541Z
160315220541Z0
Washington1
Redmond1
Microsoft Corporation1+0)
"Microsoft Windows Verification PCA0
microsoft1-0+
$Microsoft Root Certificate Authority
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Verification Intermediate PCA0
051011232457Z
070111233457Z0
Washington1
Redmond1
Microsoft Corporation1.0,
%Microsoft Windows Component Publisher0
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
7http://crl.microsoft.com/pki/crl/products/WinIntPCA.crl0U
9http://www.microsoft.com/pki/certs/MicrosoftWinIntPCA.crt0
4https://www.microsoft.com/pki/ssl/cps/WindowsPCA.htm0f
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
111019184142Z
261019185142Z0
Washington1
Redmond1
Microsoft Corporation1.0,
%Microsoft Windows Production PCA 20110
i %(\6
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
060907000000Z
071009235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
080913000000Z
111009235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
150929000000Z
180928235959Z0
California1
Santa Clara1
McAfee, Inc.1
Engineering, Consumer1
McAfee, Inc.0
8B'[pd#
http://sf.symcb.com/sf.crl0f
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
Washington1
Redmond1
Microsoft Corporation1+0)
"Microsoft Windows Verification PCA0
071018220904Z
081218221904Z0p1
Washington1
Redmond1
Microsoft Corporation1
Microsoft Windows0
4http://crl.microsoft.com/pki/crl/products/WinPCA.crl
4http://www.microsoft.com/pki/crl/products/WinPCA.crl0R
6http://www.microsoft.com/pki/certs/MicrosoftWinPCA.crt0
V>XKrSR
microsoft1-0+
$Microsoft Root Certificate Authority0
100831221932Z
200831222932Z0y1
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
`Ge`@N
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100623215724Z
350623220401Z0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
"D e4iL
n)n!!A&
[;depf
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
160405000000Z
190405235959Z0
950541
Santa Clara1
FM1-1101"0
2200 Mission College Blvd1
Intel Corporation1
ISecG Enterprise1
Intel Corporation0
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
070822223102Z
120825070000Z0y1
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
Il/$>e
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
111006000000Z
131231235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
_Dvlmf
https://www.verisign.com/rpa0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0u
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
>%9#g
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
160324000000Z
180324235959Z0
956301
Folsom1
FM1-1101
1900 Prairie City Rd.1
Intel Corporation1
Intel Corporation0
?jjR2[(
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160801000000Z
190801235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
#{$/R
CGQ cp
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
140305000000Z
170304235959Z0
Oregon1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
Engineering1
McAfee, Inc.0
EYZ QW
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
g}X\bP
IB{E3O
Greater Manchester1
Salford1
COMODO CA Limited1!0
COMODO Code Signing CA 20
160712000000Z
190708235959Z0
95054-18381
Santa Clara1#0!
2821 Mission College Blvd.1
McAfee, Inc.1
McAfee, Inc.0
}Nv-0n
https://secure.comodo.net/CPS0A
0http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
0http://crt.comodoca.com/COMODOCodeSigningCA2.crt0$
http://ocsp.comodoca.com0
Symantec Corporation1 0
Symantec Trust Network1B0@
9Symantec Class 3 Extended Validation Code Signing CA - G20
150417000000Z
160416235959Z0
Delaware1
Private Organization1
23067411
Oregon1
Beaverton1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
US-Delaware-23067410
http://sw.symcb.com/sw.crl0f
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sw.symcd.com0'
http://sw1.symcb.com/sw.crt0
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160816000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
110906000000Z
141008235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
_Dvlmf
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160721000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
u1H/P\
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
050921000000Z
061008235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
070907000000Z
081009235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
151221000000Z
170304235959Z0x1
Oregon1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0f
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
z10VqQ
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
060907000000Z
071009235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
080913000000Z
111009235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
150929000000Z
180928235959Z0
California1
Santa Clara1
McAfee, Inc.1
Engineering, Consumer1
McAfee, Inc.0
8B'[pd#
http://sf.symcb.com/sf.crl0f
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
160405000000Z
190405235959Z0
950541
Santa Clara1
FM1-1101"0
2200 Mission College Blvd1
Intel Corporation1
ISecG Enterprise1
Intel Corporation0
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
111006000000Z
131231235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
_Dvlmf
https://www.verisign.com/rpa0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0u
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
>%9#g
AQLwH'
.?AVtype_info@@
.?AVHostCommonLogger@LogUtils@@
.?AVexception@std@@
.?AVbad_alloc@std@@
.?AVCMcString@@
.?AVCMcBufString@@
.?AV?$CMcFixedString@$0EA@@@
.?AVCMcException@@
.?AVCMcRegKeyException@@
.?AVCMcOutOfMemoryException@@
.?AVCMcRegKeyIteratorException@@
.?AVCMcStringException@@
.?AVCMcInternalException@@
.?AVBlObject@blframework@@
.?AUBlAllocator@blframework@@
.?AUIBLObject@blframework@@
.?AUIBLAllocator@blframework@@
.?AVCBLServerCleanUp@blapi@blframework@@
.?AUIBLApi@blapi@blframework@@
.?AVCBLGetBusinessObjectContract@blapi@blframework@@
.?AVCBLSetPropertiesCancelEx@blapi@blframework@@
.?AVCBLSetPropertiesEndEx@blapi@blframework@@
.?AVCBLSetPropertiesBeginEx@blapi@blframework@@
.?AVCBLSetInquireCallbackEx@blapi@blframework@@
.?AVCBLPostEvent@blapi@blframework@@
.?AVCBLSetConfig@blapi@blframework@@
.?AVCBLGetConfig@blapi@blframework@@
.?AVCBLGetBusinessObjectsNameList3@blapi@blframework@@
.?AVCBLGetBusinessObjectsNameList2@blapi@blframework@@
.?AVCBLGetLastError@blapi@blframework@@
.?AVBLUnsubscribeEvent@blapi@blframework@@
.?AVBLSubscribeEvent@blapi@blframework@@
.?AVCBLSetObjectHandleOption@blapi@blframework@@
.?AVCBLInvokeMethod@blapi@blframework@@
.?AVCBLSetPropertiesEx@blapi@blframework@@
.?AVCBLGetPropertiesEx@blapi@blframework@@
.?AVCBLReleaseObjectHandle@blapi@blframework@@
.?AVCBLGetObjectHandle@blapi@blframework@@
.?AVCBLClientApiStub@blframework@@
.?AVCBLApiStub@blframework@@
.?AVCBLErrorIterator@blframework@@
.?AVCBLErrors@blframework@@
.?AVCBLError@blframework@@
.?AVIBLErrors@blframework@@
.?AVIBLErrorIterator@blframework@@
.?AVIBLError@blframework@@
.?AV?$_Ref_count@VBLInquireCallback@blframework@@@tr1@std@@
.?AV?$_Ref_count@VBLEventCallbackInfo@blframework@@@tr1@std@@
.?AV_Ref_count_base@tr1@std@@
.?AV?$_Ref_count@VCBLObjectHandle@blframework@@@tr1@std@@
.?AVIServerGlobalCallbacks@blframework@@
.?AVCBLObjectUnRegisterInterface@blapi@blframework@@
.?AVCBLObjectRegisterInterface@blapi@blframework@@
.?AVCBLServerInit@blapi@blframework@@
.?AVCBLServerApiStub@blframework@@
.?AVCBLDisconnect@blapi@blframework@@
.?AVCBLConnect@blapi@blframework@@
.?AVCBLObjectInquireEx@blapi@blframework@@
.?AVCBLGetClientInfo@blapi@blframework@@
.?AVCBLGetClientToken@blapi@blframework@@
.?AVCBLGetClientEndPointId@blapi@blframework@@
.?AVCBLCheckClientLockState@blapi@blframework@@
.?AVCBLRevertToSelf@blapi@blframework@@
.?AVCBLImpersonateClient@blapi@blframework@@
.?AVCBLObjectUninitializeInterface@blapi@blframework@@
.?AVCBLObjectInitializeInterface@blapi@blframework@@
.?AVCBLServerStop@blapi@blframework@@
.?AVCBLServerStart@blapi@blframework@@
.?AVConfigDataProvider@@
.?AVIConfigDataProvider@@
.?AVCRegistryMonitor@blframework@@
.?AVlogic_error@std@@
.?AV?$CMtQueue@PAVAMessage@McVariantHelper@@@@
.?AVParticipant@Messaging@@
.?AVPublisher@Messaging@@
.PAUMcvIllegalOperationException@McVariantHelper@@
.?AVCSyncEvent@@
.?AVCSyncBase@@
.?AVCSyncMutex@@
.?AVCSyncCriticalSection@@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
0#0)0c0v0|0
1"1(181>1f1s1
2)2;2P2
3+3@3z3
3(4U4y4
465;5h5p5
9<9B9[9
9L:Y:r:
;!;J;n;s;
;#<G<L<u<
>5?f?p?
1 1G1w1
1&262x2
30383W3
8#888?8G8O8Y8h8}8
9!9+959;9A9G9O9e9k9s9{9
: :6:D:\:m:
;1<H<\<f<n<u<~<
31373<3C3T3\3c3|3
34494?4F4W4_4d4j4p4
5,5D5P5
7&8K8g8m8r8
969R9X9]9j9
9%:N:n:t:y:
;+;T;t;z;
<&<@<[<
=#=)=P=V=b=j=
0&0<0B0G0T0j0p0u0
141C1K1
2 2$2(2,2024282<2@2D2i2{2
4B4H4T4\4n4}4
5!5E5K5W5_5r5
5)6;6O6W6]6c6h6y6
7!7&7-7>7F7O7g7
7!8&8,838D8L8Q8W8]8
<0=m=z=
3#434E4f4x4
6+6F6X6
7j8V9h9
96:E:\:E;e;
<Y=h=v=
?+?G?~?
2@2[2q2
3?4S4|4
848C9v9
;7;I;[;
222L2r2
3S3s3}3
4$6f6v6
;(;I;O;8<=<H<k<
=$=.=4=:=
=0>A>K>T>^>
>e?j?u?
5 5H5t5
: :(:-:A:Q:W:_:o:v:|:
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
5*575=5E5M5R5]5c5l5w5}5
6+6V6g6|6
737V7f7x7
8&868H8P8Y8_8f8l8
969H9\9d9m9s9z9
:-:3:<:B:I:O:l:
;&;8;@;I;O;V;\;g;|;
<6<E<e<k<t<z<
<D=J=R=Z=
>->V>h>
? ?%?4?O?\?x?
R0m0r0
10181Y1p1v1~1
2'222;2A2H2N2X2s2
8!9f9x9
<^<c<n<
1h2m2x2
5f7x72878B8V8f8
8&969n9
2*282>2D2I2N2V2m2s2}2
3 3'3,363B3a3
4&4+4G4O4j4
5B6V6e6v6
7(70777=7C7H7X7s7|7
:2;8;z;
;/<F<V<v<
=&=/=7===G=M=[=c=
1*121S1q1
3!4)4J4
555:5J5W5h5v5
6 6D6L6m6
7 7C7K7l7
8+8Q8V8t8
9\:a:}:
;*;0;<;D;_;g;
<6<=<O<T<r<
0=0P0Y0g0l0
0F1X1i1
222B2S2Y2|2
383>3J3R3{3
4/4S4^4e4k4s4z4
5(505L5
696T6t6
7*7:7O7U7w7}7
868H8b8
;1;7;Z;`;l;t;
=I>X>k>
)090L0f0
1)282K2e2
3-3i3x3
4+4E4p4
6(6;6U6
6&7f7x7
8R8]8c8
8.949M9b9h9
:+:E:N:T:x:~:
;!;*;2;P;X;
<2<8<<<B<W<^<f<n<y<
<!=:=L=o=
>0>B>i>
0-0?0f0w0
131S1n1t1z1
23292?2
30373=3C3H3x3~3
3+41474y4
6%6?6H6N6T6Y6k6q6w6
7&7,797?7v7
2&252U2
3:3@3_3~3
4<4H4P4`4|4
5F5U5j5
6L6W6g6l6
787>7G7O7f7|7
9/9f9x9
9V:f:F;X;t;
;,<;<A<I<\<c<i<n<t<
=!>Y>}>
3$535H<r<
<&=8=w=}=
>">'>2>N>
0:0f0x0
2;3]3z4
8+8Q8V8d8z8
9"90959>9C9I9P9U9Z9c9h9n9v9{9
9&:5:F:P:W:]:m:u:
<&<;<@<K<
>:?Y?k?{?
3"4+41474=4A4G4M4R4`4h4
6"7)7;7A7K7
8-8V8h8
<M=R=]=r=w=
=B?q?w?
=1C1F2W2
4V4e4{4
7&868Y8
8*9V9h9
;V<)=;=u=&>8>n>
4J5O5Z5
>D?H?L?P?T?X?\?`?d?
:n;t;y;
0#0=0f0
0!1'141B1L1V1`1
4b4h4u4z4
8>99:Y:`:p:
;%;<;D;M;U;
<D<I<a<
= =%=*=:=?=D=W=l=q=v=
>D>n>y>
6.6[6|6
7$7)767<7E7P7U7m7{7
8!8)82878I8V8[8c8l8q8
9!9(9.969>9V9q9|9
;+<0<V<l<q<
=*=/=H=h=m=
>>?b?l?r?x?
0@1G1L1r1
3'4A4F4r4
5 6+62676]6v6
7<7T7k7p7
959B9a9
:):8:e:z:
;#;0;:;?;H;M;S;Z;_;d;j;r;{;
;&<:<?<X<f<l<u<
=,===B=Z=r=x=~=
? ?+?@?P?x?
0%0A0k0
1!1:1I1O1Y1_1d1k1q1
51575B5P5_5x5
6 63696D6]6
949N9S9y9
9(:.:U:
;L;Q;d;
;T<]<b<v<|<
='=a=o=t=
> >F>Y>^>r>x>
?2?7?P?t?
272=2P2u2z2
3#3f3l3
4;4s4}4
6C6d6}6
82878a8
9'9-9G9
:6:T:Y:p:
: ;V;\;b;
=&=>=V=n=
>'?3?=?D?V?
0.0B0V0j0
0;1F1W1
2I2j2}2
2 3%3T3f3x3
3+404L4p4u4
6&6+6W6
;T;Y;r;
;-<2<W<
=,===W=\=
>2>C>k>
?B?r?y?~?
070<0d0
0Z1_1x1
222C2p2u2
2'3[3~3
3"42474Q4w4
4 5P5{5
5%6R6p6
7#7-727N7c7h7m7
8#8=8L8k8x8}8
9-989G9h9
:::@:J:
;8;N;U;Z;s;
<)<E<\<b<p<u<
=H=t=y=
>*>E>w>|>
?)?/?r?
_0d0~0
3'3,3Q3a3f3z3
6-6<6B6H6]6b6{6
757Q7d7
:#:m:r:
:\;a;z;
<!<;<L<R<m<
=-=G=L=i={=
>R>W>j>
9M:V:o:
?8?<?@?D?H?L?
0 0$0(0,0l0p0t0
6%6*6=6C6N6f6m6{6
6(737J7R7q7
8#8(8H8Y8b8
839?9x9}9
;*;G;t;
<L<^<c<
< =7=<=[=
?k?y?~?
000C0H0n0
1)1.1N1\1a1
2&2B2g2
3-323L3e3l3
4 5&5C5R5b5
8!8&8?8O8
: :4:::E:W:|:
=<=A=[=r=y=
>2>_>y>
>2?7?P?i?
2 2%2J2f2k2
3G3L3q3
53686[6
7?7R7W7}7
8:8M8R8w8
8*9=9S9Y9t9
<8<=<B<G<
=,=d=i=
>=>B>a>
> ?$?I?w?}?
4090S0|0
1:1?1^1
262;2k2
3,3k3p3
494T4Y4~4
6(6-6F6W6a6t697
9.9G9L9e9
>M?b?h?
2.232O2V2b2p2u2;3I3N3
4&4+4D4X4\4`4d4h4l4
5#5(555:5G5L5Y5^5k5p5}5
6/646H6M6a6f6y6~6
7&7+7?7D7W7\7p7u7
81868J8O8b8g8{8
9&9W:|:
\2h2r2l3p3t3x3
3%5t7x7|7
7;8E8{8
9.949?9]9t9
<*<H<f<
>7>O>i>w>
5I647F7
<$</<{<
0"0^0d0j0p0v0}0
1!1/1<1A1g1p1
202H2`2f2y2
383E3]3
3%4T4Z4
7$7+72797@7H7P7X7d7m7r7x7
;.;6;B;H;N;T;b;
<1<L<X<`<
<$=0=8=c=p=
021Z1u1
4*5I5Q5h5
8"9J9z9
5!5M5U5o5
7(7.747:7V7[7f7q7w7|7
81878<8Q8a8g8l8
9!9&91979<9Q9W9^9d9h9m9r9w9|9
:!:':1:7:A:G:R:Z:k:u:
;(;A;R;Z;k;u;
<!<'<+<6<<<E<K<Q<W<[<f<l<u<{<
2P4T4X4H5L5P5
7(8,808
$303<3H3T3
:L;P;T;X;\;`;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<
; ;$;L?P?T?X?\?`?d?h?l?p?t?x?|?
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0
3 3$3(3,3
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
4 5$5(5,5054585<5@5D5H5L5T5X5\5`5
5 6$64686@6X6h6l6|6
7 70747D7H7L7T7l7|7
8(8,80888P8`8d8t8x8|8
9,9<9@9P9T9X9`9x9
: :0:4:8:@:X:h:l:|:
;$;<;L;P;`;d;h;p;
< <0<4<D<H<L<T<l<|<
=(=,=0=8=P=`=d=t=x=|=
>4>D>H>X>\>`>h>
?(?,?<?@?D?L?d?t?x?
0 0$0,0D0T0X0h0l0p0x0
1$14181H1L1T1l1|1
2$2(282<2@2H2`2p2t2
3(383<3L3P3T3\3t3
4 4044484@4X4h4l4|4
5$5<5L5P5`5d5h5p5
6 60646D6H6L6T6l6|6
7(7,70787P7`7d7t7x7|7
848D8H8X8\8`8h8
9 9$9(909H9X9\9l9p9
:$:4:8:H:L:P:X:p:
;(;,;0;8;P;
>0>P>`>
?(?0?4?<?D?L?h?
0,000@0H0d0h0x0
1$181D1L1d1p1
2(2H2P2X2d2
3 3(30383@3L3l3x3
4 4,4L4X4x4
5 5@5L5l5x5
6,646<6D6P6p6|6
787L7X7`7x7
848@8`8l8
9 9(909<9\9d9l9x9
: :,:L:T:\:h:
; ;(;0;8;@;L;l;t;|;
<,<@<L<T<
=,=8=X=d=
>,>@>T>`>h>
? ?8?D?d?p?
0<0D0P0p0|0
1 1,1L1T1`1
1,2@2L2T2l2t2
3 3,3L3X3x3
484@4H4P4\4
5$5,5\5p5|5
6 6@6X6l6x6
7,787X7d7
8 8(8@8H8P8X8d8
9 9(90989@9H9T9t9|9
:(:<:H:P:
;$;,;4;<;D;L;T;\;d;l;t;|;
< <(<4<T<\<h<
=<=D=P=p=|=
>(>0>H>P>X>d>
?$?,?8?`?t?
0 0,0L0X0x0
1$1,1D1P1p1|1
20282@2H2T2t2
30383@3L3l3t3|3
4$4,444<4D4L4T4\4d4p4
5(545T5\5h5
6$6,646<6D6L6T6\6d6l6t6|6
7 7(747\7d7l7|7
8$8,848<8D8L8T8\8d8l8x8
9$9D9L9T9\9d9l9t9|9
:,:4:<:D:L:T:\:d:l:t:|:
;$;,;8;X;`;h;p;|;
0(00040X0`0d0
;(;,;8;<;
>(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
0$0,040<0@0D0H0L0P0T0X0\0`0
1 1$1(1,1014181<1d1
2 3D3l3
8,8X8|8
: ;P;|;
> ?0?L?d?
(uB[,V
=Dqvy[
;N1Fg
'<{Kr8
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160721000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
u1H/P\
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!0 0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
http://www.mcafee.com 0
5t3E0?
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
190222201656Z0#
uiP{('
#]&kp9L
"b\01/
*&dv,3%
Sof,'lP
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160816000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
http://www.mcafee.com 0
20190222201706Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G3
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
171223000000Z
290322235959Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G30
?'J3Nm
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-60
U){9FN
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
190222201706Z0/
/1(0&0$0"
0<g|h>
WoGG<$s
!This program cannot be run in DOS mode.
T&Rich
`.rdata
@.data
.pdata
@.rsrc
@.reloc
ATAUAVH
A^A]A\
K SVWH
H SUVWH
VWATAUAVH
A^A]A\_^
@SUVWATH
A\_^][
@USWATH
@SUVWATAUH
A]A\_^][
T$8H;T$@u
D$@L;D$Hu
D$@L;D$Hu
D$@L;D$Hu
UVWATAUH
0A]A\_^]
|$ ATAUAVH
@A^A]A\
\$ UVWAUAWH
D8|$0t<
A_A]_^]
UATAUAVAWH
A_A^A]A\]
UATAUAVAWH
A_A^A]A\]
UATAUAVAWH
A_A^A]A\]
UWATAUAVH
A^A]A\_]
WATAUAVAWH
@A_A^A]A\_
l$0rHH
SVWATAUH
@A]A\_^[
|$ ATH
@UWATAUAVH
A^A]A\_]
WATAUH
@UVWATAUAVAWH
ePA_A^A]A\_^]
@UVWATAUH
e@A]A\_^]
@UVWATAUAVAWH
A_A^A]A\_^]
@SVATH
SVWATH
HA\_^[
@WATAUH
0A]A\_
@WATAUAVAWH
I;D$(u
"I;D$(u
@A_A^A]A\_
@VWATH
H;O(u
ATAUAVH
@A^A]A\
TUUUUUU
H;Ypt2
@SUVWATAUAVH
`A^A]A\_^][
USVWATAUAVAWH
ePI;\$p
A_A^A]A\_^[]
@UVWATAUH
pA]A\_^]
UWATAUAVH
A^A]A\_]
gfffffffH
UWATAUAVH
A^A]A\_]
t$Hu(H
t$Hu(H
gfffffffI+
effffff
fffffff
fffffff
gfffffffI
uIffff
uIffff
UVWATAUAVAWH
H;(u-A
0A_A^A]A\_^]
@SUATH
@SUATH
SUVWATAUAVH
|$xffff
H;(u,A
0A^A]A\_^][
effffff
d$0u:H
t$ ATH
UATAUAVAWH
A_A^A]A\]
UATAUAVAWH
A_A^A]A\]
WATAUH
@8q`u^I
UATAUAVAWH
A_A^A]A\]
UATAUAVAWH
A_A^A]A\]
UWATAUAVH
A^A]A\_]
UATAUAVAWH
A_A^A]A\]
UATAUAVAWH
A_A^A]A\]
UATAUH
WATAUAVAWH
A_A^A]A\_
UWATAVAWH
A_A^A\_]
\$@H9}0u
D$@L;D$Hu
D$@L;D$Hu
SUVWATAUAWH
H;0u(A
0A_A]A\_^][
2333333
UATAUAVAWH
A_A^A]A\]H
@UVWATAUH
A]A\_^]
UWATAUAVH
m'H9=\
A^A]A\_]
@UVWATAUH
@A]A\_^]
@USVWATAUAVH
`A^A]A\_^[]
@UVWATAUH
D$0H9D$pu
D$0H9D$pu
D$0H9D$pu
D$0H9D$pu
A]A\_^]
SVWATH
HA\_^[
H9 u1H
|$ ATH
@VWATH
UATAUH
H9k u:H
opH;Oht
@UVWATAUH
A]A\_^]
UWATAUAVH
A^A]A\_]
ATAUAVH
@A^A]A\
@WATAUH
@A]A\_
t$ ATH
@SWAUH
VWATAUAVH
fffff
A^A]A\_^
@USVWATAUAWH
A80t>H9q8u#
pA_A]A\_^[]
D$ H;G t
t_f9*tZ3
(H9I@u
@SUVWATH
t[fD9"tUH
pA\_^][
UVWATAUAVAWH
H;(u-A
0A_A^A]A\_^]
TUUUUUU
|$ ATH
H9k u"
s H9s uG
H9i0u*H
k09o(vAf
n8;o(r
UVWATAUH
A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
@UVWATAUH
`A]A\_^]
@SWAUH
t$Ht$A
H VWATH
L$ SVWH
@SUWAUH
HA]_][
|$ ATH
@SUVATAUAVAWH
L9l$Pt
A_A^A]A\^][
@SUVWATAUAVAW
A_A^A]A\_^][
@SUVWATAUAVAWH
D9d$Lu+H
A_A^A]A\_^][
H9t$0t
t$ ATH
H9|$XtuH
tBfffffff
t$ WATAVH
t$0L95
@UATAUAWH
A_A]A\]
SUVWATAUAVAWH
A_A^A]A\_^][
p WATAUH
t$pu-H
@SUVAUAVAWH
l$Ht%A
A_A^A]^][
\$HHc^<
H9;t*H
\$ UVWATAUAVAWH
9l$<u+H
A_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
~+fffff
\$ UVWATAUH
@A]A\_^]
WATAUAVAWH
0A_A^A]A\_
VATAVAWH
HA_A^A\^
|$ ATAUAVH
A^A]A\
L$ VWATAUAVH
A^A]A\_^
@UVATH
|$ ATH
t$ ATAUAVH
0A^A]A\
WATAUAVAWH
0A_A^A]A\_
SVATAUAWH
@A_A]A\^[
t!D;n,
@A_A]A\^[
9y0v`H
VATAUAVAWH
t6ffffff
f8D9f8s
@A_A^A]A\^
\$ UATAUH
@A]A\]
9|$TuEH
XLcG<A
\$ UVWATAVH
fD9?tY
WfD9?tJ
@A^A\_^]
WATAUH
0A]A\_
WATAUH
A]A\_
WATAUH
A]A\_
WATAUAVAWH
A_A^A]A\_
UVWATAUAVAW
\$XA_A^A]A\_^]
X8|7Ic
@SUVATAUAVAWH
A_A^A]A\^][
SATAUAVH
hA^A]A\[
L9|$@u
@SVWAUAVAWH
A_A^A]_^[
|$ ATH
SVWATH
8A\_^[
` AUAVAWH
A_A^A]
LcA<E3
@USVWATAUAVAWH
t&HcG<
H;|80u
xA_A^A]A\_^[]
LogLib.dll
NotComDllUnload
TraceMessageVa
TraceMessage
VtpUtils
MmsControl
Wow64GetThreadContext
IsWow64Process
SymGetModuleBase64
SymFunctionTableAccess64
SymCleanup
StackWalk64
SymLoadModuleEx
SymInitialize
StackWalkEx
QueryWorkingSetEx
SfcIsFileProtected
GetProcessIdOfThread
EnumProcessModulesEx
GetProcessImageFileNameW
VerifyCatalogSignature
RtlUpcaseUnicodeString
RtlCompareUnicodeString
NtQueryDirectoryFile
NtReadFile
RtlGetVersion
RtlDosPathNameToNtPathName_U
RtlNtStatusToDosError
RtlFreeUnicodeString
RtlInitUnicodeString
NtSetInformationFile
NtQueryInformationFile
NtCreateFile
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
SharedCacheErrorToString
SharedCacheWrite
SharedCacheFreeQuery
SharedCacheQuery
SharedCacheRelease
SharedCacheInit
ExamineCertificates
cryptnet.dll
0123456789abcdef0x
0123456789ABCDEF0X
STREET=
gSetDefaultDllDirectories
NCryptFreeObject
CertFreeCertificateContext
CertGetNameStringW
CertNameToStrW
CertAddSerializedElementToStore
CertEnumCertificatesInStore
CertCompareCertificate
CertDeleteCertificateFromStore
CertOpenStore
CertCloseStore
CryptCATAdminRemoveCatalog
CryptCATEnumerateAttr
CryptCATEnumerateCatAttr
CryptCATGetMemberInfo
CryptCATClose
CryptCATEnumerateMember
CryptCATOpen
CryptCATAdminAddCatalog
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
MD5 part of RCOM 2.3.0 11-Jun-2002
GetNativeSystemInfo
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/XML_NO_TEXT_NODE
XML_CAN_NOT_CONVERT_TEXT
XML_ERROR_PARSING
XML_ERROR_MISMATCHED_ELEMENT
XML_ERROR_EMPTY_DOCUMENT
XML_ERROR_PARSING_UNKNOWN
XML_ERROR_PARSING_DECLARATION
XML_ERROR_PARSING_COMMENT
XML_ERROR_PARSING_CDATA
XML_ERROR_PARSING_TEXT
XML_ERROR_IDENTIFYING_TAG
XML_ERROR_PARSING_ATTRIBUTE
XML_ERROR_PARSING_ELEMENT
XML_ERROR_ELEMENT_MISMATCH
XML_ERROR_FILE_READ_ERROR
XML_ERROR_FILE_COULD_NOT_BE_OPENED
XML_ERROR_FILE_NOT_FOUND
XML_WRONG_ATTRIBUTE_TYPE
XML_NO_ATTRIBUTE
XML_SUCCESS
AacControl
AacControl2
AacControl3
AacControl4
AacControl5
SHA1 part of RCOM 2.3.0 11-Jun-2002
RtlDumpResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlDeleteResource
RtlInitializeResource
ntdll.dll
blframework
..\..\..\..\..\..\HostSharedSource\HssUtils\VerifyProcess.cpp
vector<T> too long
%s exception:
(%s,%u)
RegKey
..\..\..\..\utility\mcvariant\mc\McRegKey.cpp
Unable to open registry key for reading :%S, code: 0x%x
OutOfMemory
RegKeyIterator
..\..\..\..\utility\mcvariant\mc\McRegKeyIterator.cpp
Unexpected registry access error: 0x%x
Internal
String
..\..\..\..\utility\mcvariant\mc\McString.cpp
Illegal resize of fixed string
!(nPercent >= 100)
Unable to grow string
unexpected vsnprintf failure
invalid map/set<T> iterator
NotComDllGetInterface
VtpValidationControl2
VtpValidationControl
..\..\blapiserverstub.cpp
invalid string position
string too long
list<T> too long
RegOpenKeyTransactedW
..\..\blclientcache.cpp
map/set<T> too long
..\..\blframework.cpp
..\..\blruntimemgr.cpp
SetConfigOverride
BLFrameworkSetAlternateLogStrategy
GetBLFrameworkFactory
FreeBLFrameworkFactory
..\..\blapistub.cpp
..\..\RegistryMonitor.cpp
Unexpected result(%d) from WaitForMultipleObjects
Invalid type conversion attempt
Invalid parameter
Invalid parameter: Participant name prefix cannot be 0 length.
BLAlloc
BLFree
BLSubscribeEvent
BLUnsubscribeEvent
BLPostEvent
bad allocation
Invalid condition
deque<T> too long
RSDSr} 3
D:\BUILD_921779\BUILD\ENS_ResultsDir\Release_wchar_native64\blframework.pdb
??RLogEvent@LogUtils@@QEAAAEBU01@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@0UVarArgs@1@@Z
??RLogEvent@LogUtils@@QEAAAEBU01@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@PEBDUVarArgs@1@@Z
??RLogEvent@LogUtils@@QEAAAEAU01@K@Z
??0LogEvent@LogUtils@@QEAA@PEBDHW4Severity@1@0PEAUILogManager@1@W4LoggingMode@1@_N@Z
?getLogManager@@YAPEAUILogManager@LogUtils@@XZ
UuidCreate
RpcStringFreeW
UuidToStringW
RPCRT4.dll
InitializeCriticalSection
GetVersionExW
LeaveCriticalSection
GetProcAddress
EnterCriticalSection
LoadLibraryA
DeleteCriticalSection
MultiByteToWideChar
GetLastError
GetCurrentDirectoryW
CloseHandle
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
OutputDebugStringW
GetCurrentProcessId
lstrlenA
GetModuleHandleW
WaitForSingleObject
CreateEventW
SetDllDirectoryW
GetFileAttributesW
SetEvent
WaitForMultipleObjects
GetCurrentThreadId
GetModuleHandleExW
LocalFree
LocalAlloc
LoadLibraryW
SetLastError
DeviceIoControl
CreateFileW
QueryDosDeviceW
GetLogicalDriveStringsW
ReadFile
SetFilePointer
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
GetFileAttributesExW
GetSystemWindowsDirectoryW
VirtualProtect
IsBadReadPtr
TerminateProcess
GetCurrentProcess
WriteFile
DebugBreak
GetSystemInfo
ResetEvent
GetSystemTimeAsFileTime
CreateMutexW
ReleaseMutex
KERNEL32.dll
wsprintfW
USER32.dll
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegNotifyChangeKeyValue
TraceEvent
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
ADVAPI32.dll
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBV01@@Z
memmove
_vsnprintf_s
_vsnwprintf_s
strchr
_vsnprintf
_purecall
malloc
wcsncat
wcsrchr
_wcsicmp
swprintf_s
_beginthreadex
memcpy
memset
memcmp
wcsncpy_s
_gmtime64_s
wcsftime
_time64
_i64tow_s
??0exception@std@@QEAA@AEBQEBDH@Z
MSVCR100.dll
?terminate@@YAXXZ
__C_specific_handler
_unlock
__dllonexit
_onexit
__CxxFrameHandler3
_malloc_crt
_initterm
_initterm_e
_encoded_null
_amsg_exit
__CppXcptFilter
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?endl@std@@YAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AEAV21@@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1_Container_base12@std@@QEAA@XZ
MSVCP100.dll
CertFreeCertificateContext
CertCreateCertificateContext
CryptVerifyMessageSignature
CertCloseStore
CertAddEncodedCertificateToStore
CertOpenStore
CryptDecodeObjectEx
CRYPT32.dll
PathFindFileNameW
wnsprintfW
SHLWAPI.dll
WinVerifyTrust
WINTRUST.dll
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetTickCount
RaiseException
_wcsdup
_CxxThrowException
blframework.dll
??0BlAllocator@blframework@@QEAA@AEBU01@@Z
??0BlAllocator@blframework@@QEAA@XZ
??0BlObject@blframework@@QEAA@AEBV01@@Z
??0BlObject@blframework@@QEAA@XZ
??0IServerGlobalCallbacks@blframework@@QEAA@AEBV01@@Z
??0IServerGlobalCallbacks@blframework@@QEAA@XZ
??1BlAllocator@blframework@@UEAA@XZ
??1BlObject@blframework@@UEAA@XZ
??4BlAllocator@blframework@@QEAAAEAU01@AEBU01@@Z
??4BlObject@blframework@@QEAAAEAV01@AEBV01@@Z
??4IServerGlobalCallbacks@blframework@@QEAAAEAV01@AEBV01@@Z
??_7BlAllocator@blframework@@6B@
??_7BlObject@blframework@@6B@
??_7IServerGlobalCallbacks@blframework@@6B@
?AddRef@BlObject@blframework@@UEAAXXZ
?Alloc@BlObject@blframework@@UEBAPEAX_K@Z
?AllocChars@BlObject@blframework@@UEAAPEAD_K@Z
?AllocWideChars@BlObject@blframework@@UEAAPEA_W_K@Z
?AssignAllocator@BlObject@blframework@@UEAAXPEAUIBLAllocator@2@@Z
?BLCheckClientLockState@blframework@@YAJAEA_N@Z
?BLGetClientEndPointId@blframework@@YAJPEAPEB_W@Z
?BLGetClientInfo@blframework@@YAJPEAPEAUMcVariant@@@Z
?BLGetClientToken@blframework@@YAJPEAPEAX@Z
?BLImpersonateClient@blframework@@YAJXZ
?BLIsClientUnLocked@blframework@@YA_NXZ
?BLObjectInitializeInterface@blframework@@YAJPEB_W@Z
?BLObjectInquireEx@blframework@@YAJPEBDPEBUMcVariant@@PEAPEAU2@@Z
?BLObjectRegisterInterface@blframework@@YAJPEAVBlObject@1@PEB_W@Z
?BLObjectUnRegisterInterface@blframework@@YAJPEB_W@Z
?BLObjectUninitializeInterface@blframework@@YAJPEB_W@Z
?BLRevertToSelf@blframework@@YAJXZ
?BLServerCleanUp@blframework@@YAXH@Z
?BLServerInit@blframework@@YAJPEB_WPEAKPEAVIServerGlobalCallbacks@1@H@Z
?BLServerStart@blframework@@YAJXZ
?BLServerStop@blframework@@YAJXZ
?CreateBLErrorsInstance@blframework@@YAPEAVIBLErrors@1@PEBUMcVariant@@@Z
?DeleteBLErrorsInstance@blframework@@YAXPEAVIBLErrors@1@@Z
?Free@BlObject@blframework@@UEBAXPEAX@Z
?FreeMcVariant@BlObject@blframework@@UEBAJPEAUMcVariant@@@Z
?GetAlloc@BlObject@blframework@@UEBAP6APEAX_K@ZXZ
?GetAllocT@BlAllocator@blframework@@UEAAP6APEAX_K@ZXZ
?GetBOName@BlObject@blframework@@UEAAPEB_WXZ
?GetBusinessObjectContract@BlObject@blframework@@UEAAXPEB_WPEAPEAUMcVariant@@AEAVIBLErrors@2@@Z
?GetFree@BlObject@blframework@@UEBAP6AXPEAX@ZXZ
?GetFreeT@BlAllocator@blframework@@UEAAP6AXPEAX@ZXZ
?GetPropertiesEx@BlObject@blframework@@UEAAXPEB_WPEBUMcVariant@@PEAPEAU3@AEAVIBLErrors@2@@Z
?InitInstance@BlObject@blframework@@UEAAJPEBUMcVariant@@@Z
?InvokeMethod@BlObject@blframework@@UEAAXPEBDPEBUMcVariant@@PEAPEAU3@AEAVIBLErrors@2@@Z
?IsActionAllowedForUserType@BlObject@blframework@@UEAAJW4tagEP_USER_TYPE@2@PEB_WPEAH@Z
?IsInitialized@BlObject@blframework@@UEAA_NXZ
?Lock@BlObject@blframework@@UEAAXXZ
?NotifyStateChange@BlObject@blframework@@UEAAJW4BLStateChange@2@H@Z
?Release@BlObject@blframework@@UEAAXXZ
?SendMsgUnauth@BlObject@blframework@@UEAAXPEBUMcVariant@@PEAPEAU3@AEAVIBLErrors@2@@Z
?SetAllocators@BlAllocator@blframework@@UEAAXP6APEAX_K@ZP6AXPEAX@Z@Z
?SetNewDeleteImpl@BlAllocator@blframework@@UEAAXXZ
?SetNullImpl@BlAllocator@blframework@@UEAAXXZ
?SetPropertiesBeginEx@BlObject@blframework@@UEAAXPEA_KAEAVIBLErrors@2@@Z
?SetPropertiesEndEx@BlObject@blframework@@UEAAXPEA_K_NAEAVIBLErrors@2@@Z
?SetPropertiesEx@BlObject@blframework@@UEAAXPEB_WPEBUMcVariant@@1AEAVIBLErrors@2@@Z
?TriggerAction@IServerGlobalCallbacks@blframework@@UEAAJPEB_W0PEBUMcVariant@@PEAPEAU3@PEAUIBLObject@2@@Z
?UninitInstance@BlObject@blframework@@UEAAJPEBUMcVariant@@@Z
?Unlock@BlObject@blframework@@UEAAXXZ
BLAlloc
BLFrameworkCleanUp
BLFrameworkInit
BLFree
BLGetBusinessObjectContract
BLGetBusinessObjectsNameList
BLGetBusinessObjectsNameListEx
BLGetConfig
BLGetLastError
BLGetObjectHandle
BLGetObjectHandleOption
BLGetPropertiesEx
BLInvokeMethod
BLPostEvent
BLReleaseObjectHandle
BLSetConfig
BLSetInquireCallbackEx
BLSetObjectHandleOption
BLSetPropertiesBeginEx
BLSetPropertiesCancelEx
BLSetPropertiesEndEx
BLSetPropertiesEx
BLSubscribeEvent
BLUnsubscribeEvent
microsoft1-0+
$Microsoft Root Certificate Authority0
060125232232Z
170125233232Z0y1
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
microsoft1-0+
$Microsoft Root Certificate Authority
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0v
JT8j#7
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
160324000000Z
180324235959Z0
956301
Folsom1
FM1-1101
1900 Prairie City Rd.1
Intel Corporation1
Intel Corporation0
?jjR2[(
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
Washington1
Redmond1
Microsoft Corporation1>0<
5Microsoft Development Root Certificate Authority 20140
140528164346Z
390528165148Z0
Washington1
Redmond1
Microsoft Corporation1>0<
5Microsoft Development Root Certificate Authority 20140
+ky;_m
HuNrf-
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160801000000Z
190801235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
#{$/R
CGQ cp
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
140305000000Z
170304235959Z0
Oregon1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
Engineering1
McAfee, Inc.0
EYZ QW
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
g}X\bP
microsoft1-0+
$Microsoft Root Certificate Authority0
010509231922Z
210509232813Z0_1
microsoft1-0+
$Microsoft Root Certificate Authority0
8 %m|g
IB{E3O
Greater Manchester1
Salford1
COMODO CA Limited1!0
COMODO Code Signing CA 20
160712000000Z
190708235959Z0
95054-18381
Santa Clara1#0!
2821 Mission College Blvd.1
McAfee, Inc.1
McAfee, Inc.0
}Nv-0n
https://secure.comodo.net/CPS0A
0http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
0http://crt.comodoca.com/COMODOCodeSigningCA2.crt0$
http://ocsp.comodoca.com0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100706204023Z
250706205023Z0y1
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Windows PCA 20100
Bm:P[H
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
[D#c%6wo
microsoft1-0+
$Microsoft Root Certificate Authority0
160211232409Z
210509232813Z0
Washington1
Redmond1
Microsoft Corporation1+0)
"Microsoft Windows Verification PCA0
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
M~S-Ogs",
0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
970110070000Z
201231070000Z0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
McAfee Inc1
McAfee External CA v10
121026155005Z
141026155006Z0
Beaverton1$0"
Gary_Weber@mcafee.com1
Engineering1
McAfee, Inc.1
McAfee Internal0
www.mcafee.com0
,https://pki.mcafee.com/pki/McAfee_CA_CPS.pdf0
9http://pki.mcafee.com/pki/McAfee%20External%20CA%20v1.crl0Y
Hhttp://dalapppki2.corp.nai.org:447/McAfee%20External%20CA%20v1_delta.crl0
Symantec Corporation1 0
Symantec Trust Network1B0@
9Symantec Class 3 Extended Validation Code Signing CA - G20
150417000000Z
160416235959Z0
Delaware1
Private Organization1
23067411
Oregon1
Beaverton1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
US-Delaware-23067410
http://sw.symcb.com/sw.crl0f
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sw.symcd.com0'
http://sw1.symcb.com/sw.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20110
110322220528Z
360322221304Z0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20110
?W@9!$V
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160816000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
110906000000Z
141008235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
_Dvlmf
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
MSFT1200
)Microsoft Authenticode(tm) Root Authority0
950101080001Z
991231235959Z0P1
MSFT1200
)Microsoft Authenticode(tm) Root Authority0
)Microsoft Authenticode(tm) Root Authority0r
MSFT1200
)Microsoft Authenticode(tm) Root Authority
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160721000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
u1H/P\
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
050921000000Z
061008235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
McAfee Inc1
McAfee Root CA0
100316001238Z
220316001238Z051
McAfee Inc1
McAfee External CA v10
,https://pki.mcafee.com/pki/McAfee_CA_CPS.pdf0F
5http://pki.mcafee.com/pki/McAfee%20Root%20CA%20v1.crl0
(e&$w*x
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
070907000000Z
081009235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
151221000000Z
170304235959Z0x1
Oregon1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0f
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
z10VqQ
McAfee Inc1
McAfee External CA v10
141121161734Z
171121161734Z0?1
pki@mcafee.com1
McAfee Legacy Signing0
Hhttp://dalapppki2.corp.nai.org:447/McAfee%20External%20CA%20v1_delta.crl0
#{("U!un
Redmond1
Microsoft Corporation1+0)
"Copyright (c) 1999 Microsoft Corp.1806
/Microsoft Windows Verification Intermediate PCA0
031217014213Z
050217015213Z0z1
Washington1
Redmond1
Microsoft Corporation1$0"
Microsoft Windows Publisher0
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
8http://crl.microsoft.com/pki/crl/products/WindowsPCA.crl0
microsoft1-0+
$Microsoft Root Certificate Authority0
050915215541Z
160315220541Z0
Washington1
Redmond1
Microsoft Corporation1+0)
"Microsoft Windows Verification PCA0
microsoft1-0+
$Microsoft Root Certificate Authority
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Verification Intermediate PCA0
051011232457Z
070111233457Z0
Washington1
Redmond1
Microsoft Corporation1.0,
%Microsoft Windows Component Publisher0
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
7http://crl.microsoft.com/pki/crl/products/WinIntPCA.crl0U
9http://www.microsoft.com/pki/certs/MicrosoftWinIntPCA.crt0
4https://www.microsoft.com/pki/ssl/cps/WindowsPCA.htm0f
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
111019184142Z
261019185142Z0
Washington1
Redmond1
Microsoft Corporation1.0,
%Microsoft Windows Production PCA 20110
i %(\6
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
060907000000Z
071009235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
080913000000Z
111009235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
150929000000Z
180928235959Z0
California1
Santa Clara1
McAfee, Inc.1
Engineering, Consumer1
McAfee, Inc.0
8B'[pd#
http://sf.symcb.com/sf.crl0f
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
Washington1
Redmond1
Microsoft Corporation1+0)
"Microsoft Windows Verification PCA0
071018220904Z
081218221904Z0p1
Washington1
Redmond1
Microsoft Corporation1
Microsoft Windows0
4http://crl.microsoft.com/pki/crl/products/WinPCA.crl
4http://www.microsoft.com/pki/crl/products/WinPCA.crl0R
6http://www.microsoft.com/pki/certs/MicrosoftWinPCA.crt0
V>XKrSR
microsoft1-0+
$Microsoft Root Certificate Authority0
100831221932Z
200831222932Z0y1
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
`Ge`@N
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100623215724Z
350623220401Z0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
"D e4iL
n)n!!A&
[;depf
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
160405000000Z
190405235959Z0
950541
Santa Clara1
FM1-1101"0
2200 Mission College Blvd1
Intel Corporation1
ISecG Enterprise1
Intel Corporation0
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
070822223102Z
120825070000Z0y1
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
Il/$>e
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
111006000000Z
131231235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
_Dvlmf
https://www.verisign.com/rpa0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0u
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
>%9#g
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
160324000000Z
180324235959Z0
956301
Folsom1
FM1-1101
1900 Prairie City Rd.1
Intel Corporation1
Intel Corporation0
?jjR2[(
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160801000000Z
190801235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
#{$/R
CGQ cp
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
140305000000Z
170304235959Z0
Oregon1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
Engineering1
McAfee, Inc.0
EYZ QW
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
g}X\bP
IB{E3O
Greater Manchester1
Salford1
COMODO CA Limited1!0
COMODO Code Signing CA 20
160712000000Z
190708235959Z0
95054-18381
Santa Clara1#0!
2821 Mission College Blvd.1
McAfee, Inc.1
McAfee, Inc.0
}Nv-0n
https://secure.comodo.net/CPS0A
0http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
0http://crt.comodoca.com/COMODOCodeSigningCA2.crt0$
http://ocsp.comodoca.com0
Symantec Corporation1 0
Symantec Trust Network1B0@
9Symantec Class 3 Extended Validation Code Signing CA - G20
150417000000Z
160416235959Z0
Delaware1
Private Organization1
23067411
Oregon1
Beaverton1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
US-Delaware-23067410
http://sw.symcb.com/sw.crl0f
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sw.symcd.com0'
http://sw1.symcb.com/sw.crt0
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160816000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
110906000000Z
141008235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
_Dvlmf
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160721000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
u1H/P\
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
050921000000Z
061008235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
070907000000Z
081009235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
151221000000Z
170304235959Z0x1
Oregon1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0f
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
z10VqQ
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
060907000000Z
071009235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
080913000000Z
111009235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
150929000000Z
180928235959Z0
California1
Santa Clara1
McAfee, Inc.1
Engineering, Consumer1
McAfee, Inc.0
8B'[pd#
http://sf.symcb.com/sf.crl0f
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
160405000000Z
190405235959Z0
950541
Santa Clara1
FM1-1101"0
2200 Mission College Blvd1
Intel Corporation1
ISecG Enterprise1
Intel Corporation0
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
111006000000Z
131231235959Z0
California1
Santa Clara1
McAfee, Inc.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
McAfee, Inc.0
_Dvlmf
https://www.verisign.com/rpa0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0u
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
>%9#g
AQLwH'
.?AVtype_info@@
.?AVHostCommonLogger@LogUtils@@
.?AVexception@std@@
.?AVbad_alloc@std@@
.?AVCMcString@@
.?AVCMcBufString@@
.?AV?$CMcFixedString@$0EA@@@
.?AVCMcException@@
.?AVCMcRegKeyException@@
.?AVCMcOutOfMemoryException@@
.?AVCMcRegKeyIteratorException@@
.?AVCMcStringException@@
.?AVCMcInternalException@@
.?AVBlObject@blframework@@
.?AUBlAllocator@blframework@@
.?AUIBLObject@blframework@@
.?AUIBLAllocator@blframework@@
.?AVCBLServerCleanUp@blapi@blframework@@
.?AUIBLApi@blapi@blframework@@
.?AVCBLGetBusinessObjectContract@blapi@blframework@@
.?AVCBLSetPropertiesCancelEx@blapi@blframework@@
.?AVCBLSetPropertiesEndEx@blapi@blframework@@
.?AVCBLSetPropertiesBeginEx@blapi@blframework@@
.?AVCBLSetInquireCallbackEx@blapi@blframework@@
.?AVCBLPostEvent@blapi@blframework@@
.?AVCBLSetConfig@blapi@blframework@@
.?AVCBLGetConfig@blapi@blframework@@
.?AVCBLGetBusinessObjectsNameList3@blapi@blframework@@
.?AVCBLGetBusinessObjectsNameList2@blapi@blframework@@
.?AVCBLGetLastError@blapi@blframework@@
.?AVBLUnsubscribeEvent@blapi@blframework@@
.?AVBLSubscribeEvent@blapi@blframework@@
.?AVCBLSetObjectHandleOption@blapi@blframework@@
.?AVCBLInvokeMethod@blapi@blframework@@
.?AVCBLSetPropertiesEx@blapi@blframework@@
.?AVCBLGetPropertiesEx@blapi@blframework@@
.?AVCBLReleaseObjectHandle@blapi@blframework@@
.?AVCBLGetObjectHandle@blapi@blframework@@
.?AVCBLClientApiStub@blframework@@
.?AVCBLApiStub@blframework@@
.?AVCBLErrorIterator@blframework@@
.?AVCBLErrors@blframework@@
.?AVCBLError@blframework@@
.?AVIBLErrors@blframework@@
.?AVIBLErrorIterator@blframework@@
.?AVIBLError@blframework@@
.?AV?$_Ref_count@VBLInquireCallback@blframework@@@tr1@std@@
.?AV?$_Ref_count@VBLEventCallbackInfo@blframework@@@tr1@std@@
.?AV_Ref_count_base@tr1@std@@
.?AV?$_Ref_count@VCBLObjectHandle@blframework@@@tr1@std@@
.?AVIServerGlobalCallbacks@blframework@@
.?AVCBLObjectUnRegisterInterface@blapi@blframework@@
.?AVCBLObjectRegisterInterface@blapi@blframework@@
.?AVCBLServerInit@blapi@blframework@@
.?AVCBLServerApiStub@blframework@@
.?AVCBLDisconnect@blapi@blframework@@
.?AVCBLConnect@blapi@blframework@@
.?AVCBLObjectInquireEx@blapi@blframework@@
.?AVCBLGetClientInfo@blapi@blframework@@
.?AVCBLGetClientToken@blapi@blframework@@
.?AVCBLGetClientEndPointId@blapi@blframework@@
.?AVCBLCheckClientLockState@blapi@blframework@@
.?AVCBLRevertToSelf@blapi@blframework@@
.?AVCBLImpersonateClient@blapi@blframework@@
.?AVCBLObjectUninitializeInterface@blapi@blframework@@
.?AVCBLObjectInitializeInterface@blapi@blframework@@
.?AVCBLServerStop@blapi@blframework@@
.?AVCBLServerStart@blapi@blframework@@
.?AVConfigDataProvider@@
.?AVIConfigDataProvider@@
.?AVCRegistryMonitor@blframework@@
.?AVlogic_error@std@@
.?AV?$CMtQueue@PEAVAMessage@McVariantHelper@@@@
.?AVParticipant@Messaging@@
.?AVPublisher@Messaging@@
.PEAUMcvIllegalOperationException@McVariantHelper@@
.?AVCSyncEvent@@
.?AVCSyncBase@@
.?AVCSyncMutex@@
.?AVCSyncCriticalSection@@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
2b)J?6`
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160721000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
u1H/P\
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!0 0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
http://www.mcafee.com 0
="[8cz
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
190222095959Z0#
c[VZ(3
q/fV<L
=\IHgCy
TD\(Gvve
meFD6/
3NYG6 ,
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160816000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
http://www.mcafee.com 0
20190222100008Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G2
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
170102000000Z
280401235959Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G20
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-50
\Z^ k;
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
190222100008Z0/
/1(0&0$0"
nNUBnkR
!This program cannot be run in DOS mode.
RichHq
`.rdata
@.data
@.reloc
SSSSVPh
SVWjH3
SVWjH3
u<9X t7
D$HSVW
D$ 9\$Hu
D$`QRP
D$(9D$D
D$HSVW
D$ PWV
D$pSVW
L$ QVW
tA8Y5u6
D$,PQV
N8WRPQ
t!WSGWP
N PR@PQ
9\$Dt&
9\$Dt&
(;~(uB
K(;J(t
S(;W(u
t@SWjHj
SVWjH3
t_f93tZ
SVWjH3
t`f97t[
tYf97tT
@ QWAQP
D$HSVW
|$89|$(u
D$ ;L$
RRPQRh
tgjHQV
D$ SVW
9t$(rS
t jHSV
t jHSV
t jHSW
69V8u69WHt
t*9P8u%
9w(v<jH
tgjHQV
tXf9 tS
t jHSV
t jHSV
t jHSW
69V8u69WHt
t*9P8u%
D$@SVW
t^f9 tY
t^f9 tY
tcjHWS
t6;^Lu1
t^f9;tY
D$ PQV
tcf97t^
t.jHSV
tRjHSV
t)9X8uB9^Ht
t69Y8u1
tNjHSV
tC9^Ht
t79Y8u2
FHG;|$
D$<9\$
FHG;;r
tef97t`
FHG;;r
D$(SVW
^P9^@u
^P9^@u
T$lRWP
9t$$tW
9q<v 9A<s
D$(SVW
D$49D$0
D$8PSh
L$@Qhh
D$@PSh
T$@RWh
t2Ht Hu<S
D$$9D$d
T$$9T$d
T$$9T$du
D$$9D$du
L$,QSQ
L$PQSQ
D$,PSQ
D$PPSQ
D$,PSQ
D$PPSQ
T$,RSQ
T$PRSQ
|$89\$@
D$LWPQ
D$TShH
L$TShH
\$d9|$@
\$d;\$@
T$@SR:
D$PSVW
D$(PVhP
D$,RPV
D$(Ph\
T$$QRV
D$(PWh
;0u Rj
T$<RVP
GT_^[]
GT_^[]
GT_^[]
GT_^[]
GT_^[]
CisbMs
SetWaitableTimerEx
invalid string position
string too long
Invalid parameter
Aleady init
invalid map/set<T> iterator
list<T> too long
map/set<T> too long
Invalid type conversion attempt
Invalid condition
deque<T> too long
bad allocation
Invalid parameter: Participant name prefix cannot be 0 length.
BLAlloc
BLFree
BLSubscribeEvent
BLUnsubscribeEvent
BLPostEvent
vector<T> too long
%s exception:
(%s,%u)
RegKey
..\..\mc\McRegKey.cpp
Unable to open registry key for reading :%S, code: 0x%x
OutOfMemory
RegValue
..\..\mc\McRegValue.cpp
Unable to read registry value :%S, code: 0x%x
Internal
String
..\..\mc\McString.cpp
Illegal resize of fixed string
!(nPercent >= 100)
Unable to grow string
unexpected vsnprintf failure
D:\BUILD_922082\BUILD\ENS_ResultsDir\Release_wchar_native32\McVariantExport.pdb
UuidCreate
RpcStringFreeW
UuidToStringW
RPCRT4.dll
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
WriteFile
InitializeCriticalSection
LeaveCriticalSection
TerminateProcess
InterlockedExchange
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
DebugBreak
ExitThread
CloseHandle
CreateThread
GetLastError
GetProcAddress
GetModuleHandleA
SetEvent
ResetEvent
CreateEventW
SetErrorMode
FreeLibrary
WaitForSingleObject
WaitForMultipleObjectsEx
LoadLibraryW
CreateWaitableTimerW
WideCharToMultiByte
MultiByteToWideChar
WaitForMultipleObjects
CreateMutexW
ReleaseMutex
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
GetCurrentProcessId
MoveFileExW
CreateFileW
DeleteFileW
KERNEL32.dll
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
ADVAPI32.dll
CoUninitialize
CoInitializeEx
CoCreateInstance
ole32.dll
OLEAUT32.dll
memmove
malloc
memcpy_s
isspace
_vsnwprintf
_vsnprintf
iswdigit
_purecall
_gmtime64_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
wcsftime
_time64
_wcsicmp
wcsncpy_s
??0exception@std@@QAE@ABQBDH@Z
swscanf
_errno
_wtoi64
isprint
wcsrchr
_i64tow_s
strchr
MSVCR100.dll
?terminate@@YAXXZ
__CxxFrameHandler3
_unlock
__dllonexit
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??1_Container_base12@std@@QAE@XZ
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
MSVCP100.dll
EncodePointer
DecodePointer
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
memset
memcpy
_CxxThrowException
IsProcessorFeaturePresent
McVariantExport.dll
??0AMcVariant@McVariantHelper@@QAE@ABUMcVariant@@@Z
??0AMcVariant@McVariantHelper@@QAE@ABVAMcvReference@1@@Z
??0AMcVariant@McVariantHelper@@QAE@H@Z
??0AMcVariant@McVariantHelper@@QAE@N@Z
??0AMcVariant@McVariantHelper@@QAE@PBG@Z
??0AMcVariant@McVariantHelper@@QAE@PBUMcVariant@@@Z
??0AMcVariant@McVariantHelper@@QAE@PB_W@Z
??0AMcVariant@McVariantHelper@@QAE@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@H@Z
??0AMcVariant@McVariantHelper@@QAE@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@N@Z
??0AMcVariant@McVariantHelper@@QAE@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@PBG@Z
??0AMcVariant@McVariantHelper@@QAE@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@PB_W@Z
??0AMcVariant@McVariantHelper@@QAE@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@W4TypeCodes@McVariant@@@Z
??0AMcVariant@McVariantHelper@@QAE@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@_J@Z
??0AMcVariant@McVariantHelper@@QAE@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@_N@Z
??0AMcVariant@McVariantHelper@@QAE@W4TypeCodes@McVariant@@@Z
??0AMcVariant@McVariantHelper@@QAE@XZ
??0AMcVariant@McVariantHelper@@QAE@_J@Z
??0AMcVariant@McVariantHelper@@QAE@_N@Z
??0AMcVariantList@McVariantHelper@@QAE@ABV01@@Z
??0AMcVariantList@McVariantHelper@@QAE@PBUMcVariant@@@Z
??0AMcVariantList@McVariantHelper@@QAE@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??0AMcVariantList@McVariantHelper@@QAE@XZ
??0AMcVariantValue@McVariantHelper@@QAE@PBUMcVariant@@@Z
??0AMcvListPointer@McVariantHelper@@QAE@AAPAUMcVariant@@@Z
??0AMcvListReference@McVariantHelper@@QAE@PAUMcVariant@@@Z
??0AMcvListReference@McVariantHelper@@QAE@XZ
??0AMcvPointer@McVariantHelper@@QAE@AAPAUMcVariant@@@Z
??0AMcvReference@McVariantHelper@@IAE@XZ
??0AMcvReference@McVariantHelper@@QAE@PAUMcVariant@@@Z
??0AMcvariantName@McVariantHelper@@QAE@PBUMcVariant@@@Z
??0AMessage@McVariantHelper@@QAE@ABV01@@Z
??0AMessage@McVariantHelper@@QAE@PBUMcVariant@@@Z
??0AMessage@McVariantHelper@@QAE@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@0H@Z
??0AMessage@McVariantHelper@@QAE@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??0AProperty@BOProperty@McVariantHelper@@AAE@PAUMcVariant@@@Z
??0AProperty@BOProperty@McVariantHelper@@AAE@PAUMcVariant@@PAVPropertyBase@12@@Z
??0AProperty@BOProperty@McVariantHelper@@QAE@ABVNameValuePair@BasicUtils@2@@Z
??0AppendableWideString@@QAE@I@Z
??0AssignmentOperator@BOProperty@McVariantHelper@@QAE@ABV012@@Z
??0AssignmentOperator@BOProperty@McVariantHelper@@QAE@XZ
??0AutoExport@McVariantHelper@@QAE@ABUNodeRef@1@@Z
??0AutoPtr@McVariantHelper@@QAE@PAUMcVariant@@@Z
??0Broker@Messaging@@QAE@ABV01@@Z
??0Broker@Messaging@@QAE@XZ
??0Build@McVariantHelper@@QAE@PBUItemSpec@1@@Z
??0BuildFromList@McVariantHelper@@QAE@QBUItemSpec@1@I@Z
??0DataValidator@BOProperty@McVariantHelper@@QAE@ABV012@@Z
??0DataValidator@BOProperty@McVariantHelper@@QAE@XZ
??0IMcvDataSource@BOProperty@McVariantHelper@@QAE@ABV012@@Z
??0IMcvDataSource@BOProperty@McVariantHelper@@QAE@XZ
??0IPropertyContext@BOProperty@McVariantHelper@@QAE@ABV012@@Z
??0IPropertyContext@BOProperty@McVariantHelper@@QAE@XZ
??0IPropertyIterator@BOProperty@McVariantHelper@@QAE@ABV012@@Z
??0IPropertyIterator@BOProperty@McVariantHelper@@QAE@XZ
??0IProvider@Messaging@@QAE@ABV01@@Z
??0IProvider@Messaging@@QAE@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@P6AXABVAMessage@McVariantHelper@@AAV67@PAX@Z3@Z
??0IProvider@Messaging@@QAE@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@P6AXABVAMessage@McVariantHelper@@PAV67@PAX@Z3@Z
??0IPublisher@Messaging@@QAE@ABV01@@Z
??0IPublisher@Messaging@@QAE@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??0IPublisherSubscriber@Messaging@@QAE@ABV01@@Z
??0IPublisherSubscriber@Messaging@@QAE@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??0ISubscriber@Messaging@@QAE@ABV01@@Z
??0ISubscriber@Messaging@@QAE@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??0McVariantEventFilter@Events@McVariantHelper@@QAE@XZ
??0McVariantEventInfo@Events@McVariantHelper@@QAE@PBUMcVariant@@@Z
??0McVariantEventInfo@Events@McVariantHelper@@QAE@XZ
??0McvAny@McVariantHelper@@QAE@PB_WW4TypeCodes@McVariant@@PBX@Z
??0McvAny@McVariantHelperNative@@QAE@PB_WW4TypeCodes@McVariant@@PBX@Z
??0McvBase@McVariantHelper@@IAE@W4TypeCodes@McVariant@@PB_W@Z
??0McvBase@McVariantHelperNative@@IAE@W4TypeCodes@McVariant@@PB_W@Z
??0McvBool@McVariantHelper@@QAE@PB_W_N@Z
??0McvBool@McVariantHelperNative@@QAE@PB_W_N@Z
??0McvBuffer@McVariantHelper@@QAE@PB_WPBXH@Z
??0McvBuffer@McVariantHelperNative@@QAE@PB_WPBXH@Z
??0McvCast@McVariantHelper@@QAE@H@Z
??0McvCast@McVariantHelper@@QAE@N@Z
??0McvCast@McVariantHelper@@QAE@PAX@Z
??0McvCast@McVariantHelper@@QAE@PAXH@Z
??0McvCast@McVariantHelper@@QAE@PBD@Z
??0McvCast@McVariantHelper@@QAE@PB_W0@Z
??0McvCast@McVariantHelper@@QAE@PB_W@Z
??0McvCast@McVariantHelper@@QAE@PB_WH@Z
??0McvCast@McVariantHelper@@QAE@PB_WN@Z
??0McvCast@McVariantHelper@@QAE@PB_WPAX@Z
??0McvCast@McVariantHelper@@QAE@PB_WPAXH@Z
??0McvCast@McVariantHelper@@QAE@PB_WPBD@Z
??0McvCast@McVariantHelper@@QAE@PB_W_N@Z
??0McvCast@McVariantHelper@@QAE@_N@Z
??0McvConvertAny@McVariantHelper@@QAE@ABUMcVariant@@W4TypeCodes@2@@Z
??0McvConvertBool@McVariantHelper@@QAE@ABUMcVariant@@@Z
??0McvConvertBuffer@McVariantHelper@@QAE@ABUMcVariant@@@Z
??0McvConvertFloat@McVariantHelper@@QAE@ABUMcVariant@@@Z
??0McvConvertInt64@McVariantHelper@@QAE@ABUMcVariant@@@Z
??0McvConvertInt@McVariantHelper@@QAE@ABUMcVariant@@@Z
??0McvConvertRegister@McVariantHelper@@QAE@ABUMcVariant@@@Z
??0McvConvertString@McVariantHelper@@QAE@ABUMcVariant@@@Z
??0McvCopy@McVariantHelper@@QAE@PBUMcVariant@@@Z
??0McvCopyImproper@McVariantHelper@@QAE@PBUMcVariant@@@Z
??0McvCopyImproper@McVariantHelperNative@@QAE@PBUMcVariant@@@Z
??0McvFloat@McVariantHelper@@QAE@PB_WN@Z
??0McvFloat@McVariantHelperNative@@QAE@PB_WN@Z
??0McvInt64@McVariantHelper@@QAE@PB_W_J@Z
??0McvInt64@McVariantHelperNative@@QAE@PB_W_J@Z
??0McvInt@McVariantHelper@@QAE@PB_WH@Z
??0McvInt@McVariantHelperNative@@QAE@PB_WH@Z
??0McvList@McVariantHelper@@QAE@PB_WPAUMcvBase@1@@Z
??0McvList@McVariantHelperNative@@QAE@PB_WPAUMcvBase@1@@Z
??0McvListView@McVariantHelper@@QAE@H@Z
??0McvNull@McVariantHelper@@QAE@PB_W@Z
??0McvNull@McVariantHelperNative@@QAE@PB_W@Z
??0McvRef@McVariantHelper@@QAE@ABU01@@Z
??0McvRef@McVariantHelper@@QAE@PBUMcVariant@@@Z
??0McvRef@McVariantHelper@@QAE@XZ
??0McvRegister@McVariantHelper@@QAE@PB_WPAX@Z
??0McvRegister@McVariantHelperNative@@QAE@PB_WPAX@Z
??0McvString@McVariantHelper@@QAE@PB_W0H@Z
??0McvString@McVariantHelperNative@@QAE@PB_W0H@Z
??0McvStringFromUtf8@McVariantHelper@@QAE@PB_WPBD@Z
??0McvStringFromUtf8@McVariantHelperNative@@QAE@PB_WPBD@Z
??0McvStringView@McVariantHelper@@QAE@ABUString@McVariant@@@Z
??0McvStringView@McVariantHelper@@QAE@PB_W@Z
??0McvToAny@BasicUtils@McVariantHelper@@QAE@PAUMcVariant@@@Z
??0McvView@McVariantHelper@@QAE@PBUMcVariant@@@Z
??0McvZView@McVariantHelper@@QAE@PBUMcVariantZ@1@@Z
??0NameValuePair@BasicUtils@McVariantHelper@@QAE@ABV012@@Z
??0NameValuePair@BasicUtils@McVariantHelper@@QAE@PBUMcVariant@@@Z
??0NameValuePair@BasicUtils@McVariantHelper@@QAE@PB_W0@Z
??0NameValuePair@BasicUtils@McVariantHelper@@QAE@PB_WH@Z
??0NameValuePair@BasicUtils@McVariantHelper@@QAE@PB_WN@Z
??0NameValuePair@BasicUtils@McVariantHelper@@QAE@PB_WPAXI@Z
??0NameValuePair@BasicUtils@McVariantHelper@@QAE@PB_WPA_W@Z
??0NameValuePair@BasicUtils@McVariantHelper@@QAE@PB_W_J@Z
??0NameValuePair@BasicUtils@McVariantHelper@@QAE@PB_W_N@Z
??0Node@McVariantHelper@@QAE@PBUMcVariant@@@Z
??0Node@McVariantHelper@@QAE@PB_W@Z
??0Node@McVariantHelperNative@@QAE@PBUMcVariant@@@Z
??0Node@McVariantHelperNative@@QAE@PB_W@Z
??0NodeRef@McVariantHelper@@QAE@ABU01@@Z
??0NodeRef@McVariantHelper@@QAE@PAUNode@1@@Z
??0NodeRef@McVariantHelper@@QAE@PBUMcVariant@@@Z
??0NodeRef@McVariantHelper@@QAE@XZ
??0NodeRef@McVariantHelperNative@@QAE@ABU01@@Z
??0NodeRef@McVariantHelperNative@@QAE@PAUNode@1@@Z
??0NodeRef@McVariantHelperNative@@QAE@PBUMcVariant@@@Z
??0NodeRef@McVariantHelperNative@@QAE@XZ
??0Participant@Messaging@@QAE@ABV01@@Z
??0Participant@Messaging@@QAE@XZ
??0Path@McVariantHelper@@QAE@ABUPathElements@1@@Z
??0Path@McVariantHelper@@QAE@H@Z
??0Path@McVariantHelper@@QAE@PBUPathElements@1@@Z
??0Path@McVariantHelper@@QAE@PB_W@Z
??0Path@McVariantHelperNative@@QAE@ABUPathElements@1@@Z
??0Path@McVariantHelperNative@@QAE@H@Z
??0Path@McVariantHelperNative@@QAE@PBUPathElements@1@@Z
??0Path@McVariantHelperNative@@QAE@PB_W@Z
??0PathElement@McVariantHelper@@QAE@H@Z
??0PathElement@McVariantHelper@@QAE@PB_W@Z
??0PathElement@McVariantHelper@@QAE@XZ
??0PathElement@McVariantHelperNative@@QAE@H@Z
??0PathElement@McVariantHelperNative@@QAE@PB_W@Z
??0PathElement@McVariantHelperNative@@QAE@XZ
??0PathElements@McVariantHelper@@QAE@ABUPathElement@1@PBU01@@Z
??0PathElements@McVariantHelper@@QAE@PB_W@Z
??0PathElements@McVariantHelper@@QAE@XZ
??0PathElements@McVariantHelperNative@@QAE@ABUPathElement@1@PBU01@@Z
??0PathElements@McVariantHelperNative@@QAE@PB_W@Z
??0PathElements@McVariantHelperNative@@QAE@XZ
??0PropertyBase@BOProperty@McVariantHelper@@IAE@PAUMcVariant@@PAV012@@Z
??0PropertyBase@BOProperty@McVariantHelper@@IAE@PAUMcVariant@@_N@Z
??0PropertyBase@BOProperty@McVariantHelper@@IAE@XZ
??0PropertyContainer@BOProperty@McVariantHelper@@AAE@PAUMcVariant@@_N@Z
??0PropertyContainer@BOProperty@McVariantHelper@@IAE@PAUMcVariant@@@Z
??0PropertyContainer@BOProperty@McVariantHelper@@IAE@PAUMcVariant@@PAVPropertyBase@12@@Z
??0PropertyContainer@BOProperty@McVariantHelper@@QAE@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??0PropertyDB@BOProperty@McVariantHelper@@QAE@PAVIMcvDataSource@12@@Z
??0Provider@Messaging@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@P6AXABVAMessage@McVariantHelper@@AAV45@PAX@Z3@Z
??0Provider@Messaging@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@P6AXABVAMessage@McVariantHelper@@PAV45@PAX@Z3@Z
??0Publisher@Messaging@@QAE@ABV01@@Z
??0Publisher@Messaging@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0PublisherSubscriber@Messaging@@QAE@ABV01@@Z
??0PublisherSubscriber@Messaging@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0Subscriber@Messaging@@QAE@ABV01@@Z
??0Subscriber@Messaging@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0ValidatorFunctor@BOProperty@McVariantHelper@@QAE@ABV012@@Z
??0ValidatorFunctor@BOProperty@McVariantHelper@@QAE@XZ
??0Value@McVariantHelper@@QAE@H@Z
??0Value@McVariantHelper@@QAE@PAX@Z
??0Value@McVariantHelper@@QAE@PBUMcVariant@@@Z
??0Value@McVariantHelper@@QAE@PB_W@Z
??0Value@McVariantHelper@@QAE@_J@Z
??0Value@McVariantHelper@@QAE@_N@Z
??0Value@McVariantHelperNative@@QAE@H@Z
??0Value@McVariantHelperNative@@QAE@PAX@Z
??0Value@McVariantHelperNative@@QAE@PBUMcVariant@@@Z
??0Value@McVariantHelperNative@@QAE@PB_W@Z
??0Value@McVariantHelperNative@@QAE@_J@Z
??0Value@McVariantHelperNative@@QAE@_N@Z
??0XmlMcvConverter@McVariantHelper@@QAE@ABVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??0XmlMcvConverter@McVariantHelper@@QAE@XZ
??0XmlToMcvConverter@McVariantHelper@@QAE@ABVSmartWcharPtr@string_utils@endpoint@mcafee_com@@0@Z
??0xmlDataStore@BOProperty@McVariantHelper@@QAE@ABV012@@Z
??0xmlDataStore@BOProperty@McVariantHelper@@QAE@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@0@Z
??0xmlDataStore@BOProperty@McVariantHelper@@QAE@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??1AMcVariant@McVariantHelper@@QAE@XZ
??1AMcVariantList@McVariantHelper@@QAE@XZ
??1AMessage@McVariantHelper@@QAE@XZ
??1AProperty@BOProperty@McVariantHelper@@UAE@XZ
??1AppendableWideString@@QAE@XZ
??1AssignmentOperator@BOProperty@McVariantHelper@@UAE@XZ
??1AutoExport@McVariantHelper@@QAE@XZ
??1AutoPtr@McVariantHelper@@QAE@XZ
??1Broker@Messaging@@UAE@XZ
??1DataValidator@BOProperty@McVariantHelper@@UAE@XZ
??1IMcvDataSource@BOProperty@McVariantHelper@@UAE@XZ
??1IPropertyContext@BOProperty@McVariantHelper@@UAE@XZ
??1IPropertyIterator@BOProperty@McVariantHelper@@UAE@XZ
??1IProvider@Messaging@@UAE@XZ
??1IPublisher@Messaging@@UAE@XZ
??1IPublisherSubscriber@Messaging@@UAE@XZ
??1ISubscriber@Messaging@@UAE@XZ
??1McVariantEventFilter@Events@McVariantHelper@@QAE@XZ
??1McVariantEventInfo@Events@McVariantHelper@@QAE@XZ
??1McvAny@McVariantHelper@@QAE@XZ
??1McvAny@McVariantHelperNative@@QAE@XZ
??1McvBase@McVariantHelper@@QAE@XZ
??1McvBase@McVariantHelperNative@@QAE@XZ
??1McvBool@McVariantHelper@@QAE@XZ
??1McvBool@McVariantHelperNative@@QAE@XZ
??1McvBuffer@McVariantHelper@@QAE@XZ
??1McvBuffer@McVariantHelperNative@@QAE@XZ
??1McvCast@McVariantHelper@@QAE@XZ
??1McvConvertAny@McVariantHelper@@QAE@XZ
??1McvConvertBuffer@McVariantHelper@@QAE@XZ
??1McvConvertString@McVariantHelper@@QAE@XZ
??1McvCopy@McVariantHelper@@QAE@XZ
??1McvCopyImproper@McVariantHelper@@QAE@XZ
??1McvCopyImproper@McVariantHelperNative@@QAE@XZ
??1McvFloat@McVariantHelper@@QAE@XZ
??1McvFloat@McVariantHelperNative@@QAE@XZ
??1McvInt64@McVariantHelper@@QAE@XZ
??1McvInt64@McVariantHelperNative@@QAE@XZ
??1McvInt@McVariantHelper@@QAE@XZ
??1McvInt@McVariantHelperNative@@QAE@XZ
??1McvList@McVariantHelper@@QAE@XZ
??1McvList@McVariantHelperNative@@QAE@XZ
??1McvNull@McVariantHelper@@QAE@XZ
??1McvNull@McVariantHelperNative@@QAE@XZ
??1McvRef@McVariantHelper@@QAE@XZ
??1McvRegister@McVariantHelper@@QAE@XZ
??1McvRegister@McVariantHelperNative@@QAE@XZ
??1McvString@McVariantHelper@@QAE@XZ
??1McvString@McVariantHelperNative@@QAE@XZ
??1McvStringFromUtf8@McVariantHelper@@QAE@XZ
??1McvStringFromUtf8@McVariantHelperNative@@QAE@XZ
??1NameValuePair@BasicUtils@McVariantHelper@@QAE@XZ
??1Node@McVariantHelper@@QAE@XZ
??1Node@McVariantHelperNative@@QAE@XZ
??1NodeRef@McVariantHelper@@QAE@XZ
??1NodeRef@McVariantHelperNative@@QAE@XZ
??1Participant@Messaging@@UAE@XZ
??1PropertyBase@BOProperty@McVariantHelper@@UAE@XZ
??1PropertyContainer@BOProperty@McVariantHelper@@UAE@XZ
??1PropertyDB@BOProperty@McVariantHelper@@UAE@XZ
??1Provider@Messaging@@UAE@XZ
??1Publisher@Messaging@@UAE@XZ
??1PublisherSubscriber@Messaging@@UAE@XZ
??1Subscriber@Messaging@@UAE@XZ
??1ValidatorFunctor@BOProperty@McVariantHelper@@UAE@XZ
??1Value@McVariantHelper@@QAE@XZ
??1Value@McVariantHelperNative@@QAE@XZ
??1XmlMcvConverter@McVariantHelper@@QAE@XZ
??1XmlToMcvConverter@McVariantHelper@@QAE@XZ
??1xmlDataStore@BOProperty@McVariantHelper@@UAE@XZ
??2McvBase@McVariantHelper@@SAPAXI@Z
??2McvBase@McVariantHelper@@SAPAXIABUnothrow_t@std@@@Z
??2McvBase@McVariantHelperNative@@SAPAXI@Z
??2McvBase@McVariantHelperNative@@SAPAXIABUnothrow_t@std@@@Z
??3McvBase@McVariantHelper@@SAXPAX@Z
??3McvBase@McVariantHelper@@SAXPAXABUnothrow_t@std@@@Z
??3McvBase@McVariantHelperNative@@SAXPAX@Z
??3McvBase@McVariantHelperNative@@SAXPAXABUnothrow_t@std@@@Z
??4AMcVariant@McVariantHelper@@QAEAAV01@ABV01@@Z
??4AMcVariantList@McVariantHelper@@QAEAAV01@ABV01@@Z
??4AMcVariantList@McVariantHelper@@QAEAAV01@PBUMcVariant@@@Z
??4AMcVariantValue@McVariantHelper@@QAEAAV01@ABV01@@Z
??4AMcvListPointer@McVariantHelper@@QAEAAV01@ABV01@@Z
??4AMcvListReference@McVariantHelper@@QAEAAV01@ABV01@@Z
??4AMcvPointer@McVariantHelper@@QAEAAV01@ABV01@@Z
??4AMcvReference@McVariantHelper@@QAE?AV01@H@Z
??4AMcvReference@McVariantHelper@@QAE?AV01@N@Z
??4AMcvReference@McVariantHelper@@QAE?AV01@PBG@Z
??4AMcvReference@McVariantHelper@@QAE?AV01@PB_W@Z
??4AMcvReference@McVariantHelper@@QAE?AV01@_J@Z
??4AMcvReference@McVariantHelper@@QAE?AV01@_N@Z
??4AMcvReference@McVariantHelper@@QAEAAV01@ABV01@@Z
??4AMcvariantName@McVariantHelper@@QAEAAV01@ABV01@@Z
??4AMessage@McVariantHelper@@QAEAAV01@ABV01@@Z
??4AProperty@BOProperty@McVariantHelper@@QAEAAV012@ABV012@@Z
??4AppendableWideString@@QAEAAU0@ABU0@@Z
??4AssignmentOperator@BOProperty@McVariantHelper@@QAEAAV012@ABV012@@Z
??4Broker@Messaging@@QAEAAV01@ABV01@@Z
??4Build@McVariantHelper@@QAEAAU01@ABU01@@Z
??4BuildFromList@McVariantHelper@@QAEAAU01@ABU01@@Z
??4DataValidator@BOProperty@McVariantHelper@@QAEAAV012@ABV012@@Z
??4IBroker@Messaging@@QAEAAV01@ABV01@@Z
??4IMcvDataSource@BOProperty@McVariantHelper@@QAEAAV012@ABV012@@Z
??4IPropertyContext@BOProperty@McVariantHelper@@QAEAAV012@ABV012@@Z
??4IPropertyIterator@BOProperty@McVariantHelper@@QAEAAV012@ABV012@@Z
??4IProvider@Messaging@@QAEAAV01@ABV01@@Z
??4IPublisher@Messaging@@QAEAAV01@ABV01@@Z
??4IPublisherSubscriber@Messaging@@QAEAAV01@ABV01@@Z
??4ISubscriber@Messaging@@QAEAAV01@ABV01@@Z
??4ItemSpec@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McVariant@@QAEAAU0@ABU0@@Z
??4McVariantZ@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvAny@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvAny@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4McvBase@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvBase@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4McvBool@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvBool@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4McvBuffer@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvBuffer@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4McvConvertAny@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvConvertBase@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvConvertBool@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvConvertBuffer@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvConvertFloat@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvConvertInt64@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvConvertInt@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvConvertRegister@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvConvertString@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvCopy@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvCopyImproper@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvCopyImproper@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4McvFloat@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvFloat@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4McvIllegalOperationException@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvIllegalOperationException@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4McvInt64@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvInt64@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4McvInt@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvInt@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4McvList@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvList@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4McvListView@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvNull@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvNull@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4McvRef@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvRegister@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvRegister@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4McvString@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvString@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4McvStringFromUtf8@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvStringFromUtf8@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4McvStringView@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvToAny@BasicUtils@McVariantHelper@@QAEAAV012@ABV012@@Z
??4McvView@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvView@McVariantHelper@@QAEAAU01@PBUMcVariant@@@Z
??4McvZView@McVariantHelper@@QAEAAU01@ABU01@@Z
??4McvZView@McVariantHelper@@QAEAAU01@PBUMcVariantZ@1@@Z
??4NameValuePair@BasicUtils@McVariantHelper@@QAEAAV012@ABV012@@Z
??4Node@McVariantHelper@@QAEAAU01@ABU01@@Z
??4Node@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4NodeRef@McVariantHelper@@QAEAAU01@ABU01@@Z
??4NodeRef@McVariantHelper@@QAEAAU01@ABUValue@1@@Z
??4NodeRef@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4NodeRef@McVariantHelperNative@@QAEAAU01@ABUValue@1@@Z
??4Participant@Messaging@@QAEAAV01@ABV01@@Z
??4Path@McVariantHelper@@QAEAAU01@ABU01@@Z
??4Path@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4PathElement@McVariantHelper@@QAEAAU01@ABU01@@Z
??4PathElement@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4PathElements@McVariantHelper@@QAEAAU01@ABU01@@Z
??4PathElements@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4PropertyContainer@BOProperty@McVariantHelper@@QAEAAV012@ABV012@@Z
??4Publisher@Messaging@@QAEAAV01@ABV01@@Z
??4PublisherSubscriber@Messaging@@QAEAAV01@ABV01@@Z
??4Subscriber@Messaging@@QAEAAV01@ABV01@@Z
??4ValidatorFunctor@BOProperty@McVariantHelper@@QAEAAV012@ABV012@@Z
??4Value@McVariantHelper@@QAEAAU01@ABU01@@Z
??4Value@McVariantHelperNative@@QAEAAU01@ABU01@@Z
??4XmlMcvConverter@McVariantHelper@@QAEAAV01@ABV01@@Z
??4XmlToMcvConverter@McVariantHelper@@QAEAAV01@ABV01@@Z
??4xmlDataStore@BOProperty@McVariantHelper@@QAEAAV012@ABV012@@Z
??8AMcVariant@McVariantHelper@@QBE_NABV01@@Z
??8AMcVariantList@McVariantHelper@@QBE_NABV01@@Z
??8AMcVariantValue@McVariantHelper@@QBE_NAAUBuffer@McVariant@@@Z
??8AMcVariantValue@McVariantHelper@@QBE_NH@Z
??8AMcVariantValue@McVariantHelper@@QBE_NN@Z
??8AMcVariantValue@McVariantHelper@@QBE_NPBD@Z
??8AMcVariantValue@McVariantHelper@@QBE_NPBG@Z
??8AMcVariantValue@McVariantHelper@@QBE_NPB_W@Z
??8AMcVariantValue@McVariantHelper@@QBE_N_J@Z
??8AMcVariantValue@McVariantHelper@@QBE_N_N@Z
??8AMcvReference@McVariantHelper@@QBE_NABV01@@Z
??8AMcvariantName@McVariantHelper@@QBE_NPBD@Z
??8AMcvariantName@McVariantHelper@@QBE_NPBG@Z
??8AMcvariantName@McVariantHelper@@QBE_NPB_W@Z
??8AMessage@McVariantHelper@@QBE_NABV01@@Z
??8McvStringView@McVariantHelper@@QBE_NABU01@@Z
??8McvToAny@BasicUtils@McVariantHelper@@QBE_NABV012@@Z
??8NodeRef@McVariantHelper@@QAE_NABU01@@Z
??8NodeRef@McVariantHelperNative@@QAE_NABU01@@Z
??9McvStringView@McVariantHelper@@QBE_NABU01@@Z
??9McvToAny@BasicUtils@McVariantHelper@@QBE_NABV012@@Z
??AAMcvListReference@McVariantHelper@@QAE?AVAMcvReference@1@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??AAMcvReference@McVariantHelper@@QAE?AV01@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??AAMessage@McVariantHelper@@QAE?AVAMcvReference@1@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??AMcvRef@McVariantHelper@@QAE?AU01@H@Z
??AMcvRef@McVariantHelper@@QAE?AU01@PB_W@Z
??AMcvView@McVariantHelper@@QBE?AU01@H@Z
??AMcvView@McVariantHelper@@QBE?AU01@PB_W@Z
??AMcvZView@McVariantHelper@@QBE?AU01@H@Z
??AMcvZView@McVariantHelper@@QBE?AU01@PB_W@Z
??ANode@McVariantHelper@@QAE?AUNodeRef@1@PBUPathElements@1@@Z
??ANode@McVariantHelper@@QBE?AUNodeRef@1@PBUPathElements@1@@Z
??ANode@McVariantHelperNative@@QAE?AUNodeRef@1@PBUPathElements@1@@Z
??ANode@McVariantHelperNative@@QBE?AUNodeRef@1@PBUPathElements@1@@Z
??ANodeRef@McVariantHelper@@QAE?AU01@H@Z
??ANodeRef@McVariantHelper@@QAE?AU01@PB_W@Z
??ANodeRef@McVariantHelper@@QBE?AUMcvView@1@ABUPath@1@@Z
??ANodeRef@McVariantHelperNative@@QAE?AU01@H@Z
??ANodeRef@McVariantHelperNative@@QAE?AU01@PB_W@Z
??ANodeRef@McVariantHelperNative@@QBE?AUMcvView@McVariantHelper@@ABUPath@1@@Z
??APropertyContainer@BOProperty@McVariantHelper@@QBE?AVMcvToAny@BasicUtils@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??BAMcVariant@McVariantHelper@@QBEPAUMcVariant@@XZ
??BAMcVariantValue@McVariantHelper@@QBE?BVAMcvListReference@1@XZ
??BAMcVariantValue@McVariantHelper@@QBEHXZ
??BAMcVariantValue@McVariantHelper@@QBENXZ
??BAMcVariantValue@McVariantHelper@@QBEPAGXZ
??BAMcVariantValue@McVariantHelper@@QBEPA_WXZ
??BAMcVariantValue@McVariantHelper@@QBE_JXZ
??BAMcVariantValue@McVariantHelper@@QBE_NXZ
??BAMcvListReference@McVariantHelper@@QBEPAUMcVariant@@XZ
??BAMcvReference@McVariantHelper@@QBEPAUMcVariant@@XZ
??BAMcvariantName@McVariantHelper@@QBEPAGXZ
??BAMcvariantName@McVariantHelper@@QBEPA_WXZ
??BAMessage@McVariantHelper@@QBEPBUMcVariant@@XZ
??BAutoPtr@McVariantHelper@@QBEPAUMcVariant@@XZ
??BMcvCast@McVariantHelper@@QAEPAUMcVariant@@XZ
??BMcvConvertBase@McVariantHelper@@QAEPBUMcVariant@@XZ
??BMcvConvertBool@McVariantHelper@@QBE_NXZ
??BMcvConvertBuffer@McVariantHelper@@QBEABUBuffer@McVariant@@XZ
??BMcvConvertFloat@McVariantHelper@@QBENXZ
??BMcvConvertInt64@McVariantHelper@@QBE_JXZ
??BMcvConvertInt@McVariantHelper@@QBEHXZ
??BMcvConvertRegister@McVariantHelper@@QBEPAXXZ
??BMcvConvertString@McVariantHelper@@QBEABUString@McVariant@@XZ
??BMcvConvertString@McVariantHelper@@QBEPB_WXZ
??BMcvRef@McVariantHelper@@QAEPBUMcVariant@@XZ
??BMcvToAny@BasicUtils@McVariantHelper@@QBEHXZ
??BMcvToAny@BasicUtils@McVariantHelper@@QBENXZ
??BMcvToAny@BasicUtils@McVariantHelper@@QBEPAUMcVariant@@XZ
??BMcvToAny@BasicUtils@McVariantHelper@@QBEPA_WXZ
??BMcvToAny@BasicUtils@McVariantHelper@@QBE_JXZ
??BMcvToAny@BasicUtils@McVariantHelper@@QBE_NXZ
??BMcvView@McVariantHelper@@QBE?AUMcvStringView@1@XZ
??BMcvView@McVariantHelper@@QBEABUBuffer@McVariant@@XZ
??BMcvView@McVariantHelper@@QBEABUList@McVariant@@XZ
??BMcvView@McVariantHelper@@QBEHXZ
??BMcvView@McVariantHelper@@QBENXZ
??BMcvView@McVariantHelper@@QBEPAXXZ
??BMcvView@McVariantHelper@@QBEPBUMcVariant@@XZ
??BMcvView@McVariantHelper@@QBE_JXZ
??BMcvView@McVariantHelper@@QBE_NXZ
??BMcvZView@McVariantHelper@@QBE?AUBuffer@McVariant@@XZ
??BMcvZView@McVariantHelper@@QBE?AUMcvListView@1@XZ
??BMcvZView@McVariantHelper@@QBE?AUMcvStringView@1@XZ
??BMcvZView@McVariantHelper@@QBEHXZ
??BMcvZView@McVariantHelper@@QBENXZ
??BMcvZView@McVariantHelper@@QBEPAXXZ
??BMcvZView@McVariantHelper@@QBEPBUMcVariantZ@1@XZ
??BMcvZView@McVariantHelper@@QBE_NXZ
??BNameValuePair@BasicUtils@McVariantHelper@@QBEPAUMcVariant@@XZ
??BNodeRef@McVariantHelper@@QBE?AUMcvStringView@1@XZ
??BNodeRef@McVariantHelper@@QBE?AUMcvView@1@XZ
??BNodeRef@McVariantHelper@@QBEABUBuffer@McVariant@@XZ
??BNodeRef@McVariantHelper@@QBEABUList@McVariant@@XZ
??BNodeRef@McVariantHelper@@QBEHXZ
??BNodeRef@McVariantHelper@@QBENXZ
??BNodeRef@McVariantHelper@@QBEPAXXZ
??BNodeRef@McVariantHelper@@QBEPBUMcVariant@@XZ
??BNodeRef@McVariantHelper@@QBE_JXZ
??BNodeRef@McVariantHelper@@QBE_NXZ
??BNodeRef@McVariantHelperNative@@QBE?AUMcvStringView@McVariantHelper@@XZ
??BNodeRef@McVariantHelperNative@@QBE?AUMcvView@McVariantHelper@@XZ
??BNodeRef@McVariantHelperNative@@QBEABUBuffer@McVariant@@XZ
??BNodeRef@McVariantHelperNative@@QBEABUList@McVariant@@XZ
??BNodeRef@McVariantHelperNative@@QBEHXZ
??BNodeRef@McVariantHelperNative@@QBENXZ
??BNodeRef@McVariantHelperNative@@QBEPAXXZ
??BNodeRef@McVariantHelperNative@@QBEPBUMcVariant@@XZ
??BNodeRef@McVariantHelperNative@@QBE_NXZ
??CMcvView@McVariantHelper@@QBEPBUMcVariant@@XZ
??CMcvZView@McVariantHelper@@QBEPBUMcVariantZ@1@XZ
??RAMcvListReference@McVariantHelper@@QAE?AV01@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??RValidatorFunctor@BOProperty@McVariantHelper@@UAE_NABVAProperty@12@0ABVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??_7AProperty@BOProperty@McVariantHelper@@6B@
??_7AssignmentOperator@BOProperty@McVariantHelper@@6B@
??_7Broker@Messaging@@6B@
??_7DataValidator@BOProperty@McVariantHelper@@6B@
??_7IMcvDataSource@BOProperty@McVariantHelper@@6B@
??_7IPropertyContext@BOProperty@McVariantHelper@@6B@
??_7IPropertyIterator@BOProperty@McVariantHelper@@6B@
??_7IProvider@Messaging@@6B@
??_7IPublisher@Messaging@@6B@
??_7IPublisherSubscriber@Messaging@@6B@
??_7ISubscriber@Messaging@@6B@
??_7Participant@Messaging@@6B@
??_7PropertyBase@BOProperty@McVariantHelper@@6B@
??_7PropertyContainer@BOProperty@McVariantHelper@@6B@
??_7PropertyDB@BOProperty@McVariantHelper@@6B@
??_7Provider@Messaging@@6B@
??_7Publisher@Messaging@@6B@
??_7PublisherSubscriber@Messaging@@6B@
??_7Subscriber@Messaging@@6B@
??_7ValidatorFunctor@BOProperty@McVariantHelper@@6B@
??_7xmlDataStore@BOProperty@McVariantHelper@@6B@
??_FAppendableWideString@@QAEXXZ
??_FMcvBool@McVariantHelper@@QAEXXZ
??_FMcvBool@McVariantHelperNative@@QAEXXZ
??_FMcvBuffer@McVariantHelper@@QAEXXZ
??_FMcvBuffer@McVariantHelperNative@@QAEXXZ
??_FMcvFloat@McVariantHelper@@QAEXXZ
??_FMcvFloat@McVariantHelperNative@@QAEXXZ
??_FMcvInt64@McVariantHelper@@QAEXXZ
??_FMcvInt64@McVariantHelperNative@@QAEXXZ
??_FMcvInt@McVariantHelper@@QAEXXZ
??_FMcvInt@McVariantHelperNative@@QAEXXZ
??_FMcvList@McVariantHelper@@QAEXXZ
??_FMcvList@McVariantHelperNative@@QAEXXZ
??_FMcvNull@McVariantHelper@@QAEXXZ
??_FMcvNull@McVariantHelperNative@@QAEXXZ
??_FMcvRegister@McVariantHelper@@QAEXXZ
??_FMcvRegister@McVariantHelperNative@@QAEXXZ
??_FMcvString@McVariantHelper@@QAEXXZ
??_FMcvString@McVariantHelperNative@@QAEXXZ
??_FMcvStringFromUtf8@McVariantHelper@@QAEXXZ
??_FMcvStringFromUtf8@McVariantHelperNative@@QAEXXZ
??_FMcvView@McVariantHelper@@QAEXXZ
??_FMcvZView@McVariantHelper@@QAEXXZ
??_UMcvBase@McVariantHelper@@SAPAXI@Z
??_UMcvBase@McVariantHelper@@SAPAXIABUnothrow_t@std@@@Z
??_UMcvBase@McVariantHelperNative@@SAPAXI@Z
??_UMcvBase@McVariantHelperNative@@SAPAXIABUnothrow_t@std@@@Z
??_VMcvBase@McVariantHelper@@SAXPAX@Z
??_VMcvBase@McVariantHelper@@SAXPAXABUnothrow_t@std@@@Z
??_VMcvBase@McVariantHelperNative@@SAXPAX@Z
??_VMcvBase@McVariantHelperNative@@SAXPAXABUnothrow_t@std@@@Z
?AddRef@Node@McVariantHelper@@QAEXXZ
?AddRef@Node@McVariantHelperNative@@QAEXXZ
?Append@AppendableWideString@@QAAXPB_WZZ
?Append@AppendableWideString@@QAEX_W@Z
?Append@McvList@McVariantHelper@@QAEPAUMcvBase@2@PAU32@@Z
?Append@McvList@McVariantHelperNative@@QAEPAUMcvBase@2@PAU32@@Z
?Append@NodeRef@McVariantHelper@@QAEXU12@@Z
?Append@NodeRef@McVariantHelperNative@@QAEXU12@@Z
?AppendAttribute@McvBase@McVariantHelper@@QAEXPAU12@@Z
?AppendAttribute@McvBase@McVariantHelperNative@@QAEXPAU12@@Z
?AppendSpace@AppendableWideString@@QAEXI@Z
?AppendXml@AppendableWideString@@QAAXPB_WZZ
?AppendXml@AppendableWideString@@QAEX_W@Z
?AttributeValue@McvView@McVariantHelper@@QAE?AU12@PB_W@Z
?Attributes@McvView@McVariantHelper@@QBEABUList@McVariant@@XZ
?AttributesIndex@McVariantZ@McVariantHelper@@QBEPAU12@H@Z
?AttributesLen@McVariantZ@McVariantHelper@@QBEHXZ
?BLFramework@McVariantHelper@@YAPAUMcVariant@@PB_WP6APAXI@ZPAUAppendableWideString@@@Z
?BLFramework@McVariantHelper@@YAPA_WPBUMcVariant@@@Z
?Bool@McvView@McVariantHelper@@QBE_NXZ
?Bool@McvZView@McVariantHelper@@QBE_NXZ
?Bool@NodeRef@McVariantHelper@@QBE_NXZ
?Bool@NodeRef@McVariantHelperNative@@QBE_NXZ
?Buffer@McvView@McVariantHelper@@QBEABU0McVariant@@XZ
?Buffer@McvZView@McVariantHelper@@QBE?AU0McVariant@@XZ
?Buffer@NodeRef@McVariantHelper@@QBEABU0McVariant@@XZ
?Buffer@NodeRef@McVariantHelperNative@@QBEABU0McVariant@@XZ
?BuildMcVariant@Build@McVariantHelper@@QAEPAUMcVariant@@PADI@Z
?BuildMcVariantInPlace@Build@McVariantHelper@@QAEPAUMcVariant@@PAXIPAI@Z
?BuildMcVariantInPlace@McvBase@McVariantHelper@@QBEPAUMcVariant@@PAXIPAI@Z
?BuildMcVariantInPlace@McvBase@McVariantHelperNative@@QBEPAUMcVariant@@PAXIPAI@Z
?BuildNewMcVariant@Build@McVariantHelper@@QAEPAUMcVariant@@P6APAXI@Z@Z
?BuildNewMcVariant@McvBase@McVariantHelper@@QBEPAUMcVariant@@P6APAXI@Z@Z
?BuildNewMcVariant@McvBase@McVariantHelperNative@@QBEPAUMcVariant@@P6APAXI@Z@Z
?CalculateMcVariantSize@Build@McVariantHelper@@QAEIXZ
?Clear@AppendableWideString@@QAEXXZ
?ComplexMcv@McvToAny@BasicUtils@McVariantHelper@@2V123@A
?ComputeListSize@McvBase@McVariantHelper@@ABEHABUList@McVariant@@@Z
?ComputeListSize@McvBase@McVariantHelperNative@@ABEHABUList@McVariant@@@Z
?ComputeMcVariantSize@McvBase@McVariantHelper@@ABEHXZ
?ComputeMcVariantSize@McvBase@McVariantHelperNative@@ABEHXZ
?ConnectChildren@Node@McVariantHelper@@QAEXXZ
?ConnectChildren@Node@McVariantHelperNative@@QAEXXZ
?Copy@McVariantHelper@@YAXPAUMcVariant@@PBU2@_N2@Z
?CopyAttributes@Node@McVariantHelper@@QAEXPBUMcVariant@@@Z
?CopyAttributes@Node@McVariantHelperNative@@QAEXPBUMcVariant@@@Z
?CopyListPart@McvBase@McVariantHelper@@ABEXAAUList@McVariant@@ABU34@AAPAD@Z
?CopyListPart@McvBase@McVariantHelperNative@@ABEXAAUList@McVariant@@ABU34@AAPAD@Z
?CopyTo2@Build@McVariantHelper@@ABEPAUMcVariant@@PAXI@Z
?CopyTo2@McvBase@McVariantHelper@@ABEPAUMcVariant@@PAXH@Z
?CopyTo2@McvBase@McVariantHelperNative@@ABEPAUMcVariant@@PAXH@Z
?CopyTo@McvBase@McVariantHelper@@ABEPAUMcVariant@@AAPAD@Z
?CopyTo@McvBase@McVariantHelperNative@@ABEPAUMcVariant@@AAPAD@Z
?Count@Node@McVariantHelper@@QBEHXZ
?Count@Node@McVariantHelperNative@@QBEHXZ
?Count@NodeRef@McVariantHelper@@QBEHXZ
?Count@NodeRef@McVariantHelperNative@@QBEHXZ
?DecRef@Node@McVariantHelper@@QAEXXZ
?DecRef@Node@McVariantHelperNative@@QAEXXZ
?Delete@McVariantHelper@@YAXPAUMcVariant@@@Z
?Delete@McVariantHelper@@YAXPAUMcvBase@1@@Z
?Delete@McVariantHelper@@YAXPA_W@Z
?Delete@Node@McVariantHelper@@QAE_NABUPathElement@2@@Z
?Delete@Node@McVariantHelperNative@@QAE_NABUPathElement@2@@Z
?Delete@NodeRef@McVariantHelper@@QAE_NABUPathElement@2@@Z
?Delete@NodeRef@McVariantHelperNative@@QAE_NABUPathElement@2@@Z
?DeleteAll@NodeRef@McVariantHelper@@QAE_NXZ
?DeleteAll@NodeRef@McVariantHelperNative@@QAE_NXZ
?DeleteFirst@Node@McVariantHelper@@QAE_NXZ
?DeleteFirst@Node@McVariantHelperNative@@QAE_NXZ
?DeleteFirst@NodeRef@McVariantHelper@@QAE_NXZ
?DeleteFirst@NodeRef@McVariantHelperNative@@QAE_NXZ
?DeleteLast@Node@McVariantHelper@@QAE_NXZ
?DeleteLast@Node@McVariantHelperNative@@QAE_NXZ
?DeleteLast@NodeRef@McVariantHelper@@QAE_NXZ
?DeleteLast@NodeRef@McVariantHelperNative@@QAE_NXZ
?DestroyExistingValue@Node@McVariantHelper@@QAEXXZ
?DestroyExistingValue@Node@McVariantHelperNative@@QAEXXZ
?Equals@McvStringView@McVariantHelper@@QBE_NABU12@_N@Z
?Examine@ExamineBase@McVariantHelper@@YA?AW4Result@12@PBUMcVariant@@@Z
?Export@Node@McVariantHelper@@QBEPAUMcVariant@@P6APAXI@Z@Z
?Export@Node@McVariantHelperNative@@QBEPAUMcVariant@@P6APAXI@Z@Z
?Export@NodeRef@McVariantHelper@@QBEPAUMcVariant@@P6APAXI@Z@Z
?Export@NodeRef@McVariantHelperNative@@QBEPAUMcVariant@@P6APAXI@Z@Z
?ExportMcVariant@McVariantEventInfo@Events@McVariantHelper@@QAEPAUMcVariant@@P6APAXI@Z@Z
?FindItemInListWithName@McvView@McVariantHelper@@IBE?AU12@ABUList@McVariant@@PB_W@Z
?FindItemWithAttributeValue@McvView@McVariantHelper@@QAE?AU12@PB_W0@Z
?FindProperty@McVariantEventInfo@Events@McVariantHelper@@AAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?First@McvView@McVariantHelper@@QBE?AU12@XZ
?First@McvZView@McVariantHelper@@QBE?AU12@XZ
?First@Node@McVariantHelper@@QBE?AUNodeRef@2@XZ
?First@Node@McVariantHelperNative@@QBE?AUNodeRef@2@XZ
?First@NodeRef@McVariantHelper@@QAE?AU12@XZ
?First@NodeRef@McVariantHelperNative@@QAE?AU12@XZ
?Float@McvView@McVariantHelper@@QBENXZ
?Float@McvZView@McVariantHelper@@QBENXZ
?Float@NodeRef@McVariantHelper@@QBENXZ
?Float@NodeRef@McVariantHelperNative@@QBENXZ
?GetAllCustomData@McVariantEventInfo@Events@McVariantHelper@@QAEPAUMcVariant@@XZ
?GetAllData@McVariantEventInfo@Events@McVariantHelper@@QBEPBUMcVariant@@XZ
?GetCustomData@McVariantEventInfo@Events@McVariantHelper@@QAE?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@V4567@@Z
?GetCustomData@McVariantEventInfo@Events@McVariantHelper@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@AAH@Z
?GetCustomData@McVariantEventInfo@Events@McVariantHelper@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@AA_N@Z
?GetCustomData@McVariantEventInfo@Events@McVariantHelper@@QBEPAUMcvAny@3@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?GetEventDescription@McVariantEventInfo@Events@McVariantHelper@@QBE?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?GetEventDetails@McVariantEventInfo@Events@McVariantHelper@@QBEPAUMcVariant@@XZ
?GetEventID@McVariantEventInfo@Events@McVariantHelper@@QBEHXZ
?GetEventTimeStamp@McVariantEventInfo@Events@McVariantHelper@@QBE?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?GetMcVariant@McVariantEventFilter@Events@McVariantHelper@@QAEPAUMcVariant@@P6APAXI@Z@Z
?GetPublisherName@McVariantEventInfo@Events@McVariantHelper@@QBE?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?GetSeverity@McVariantEventInfo@Events@McVariantHelper@@QBEHXZ
?GetTaskName@McVariantEventInfo@Events@McVariantHelper@@QBE?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?GetTopicName@McVariantEventInfo@Events@McVariantHelper@@QBE?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?GetValue@McvAny@McVariantHelper@@QBEPBXXZ
?GetValue@McvAny@McVariantHelperNative@@QBEPBXXZ
?GetValue@McvBool@McVariantHelper@@QBE_NXZ
?GetValue@McvBool@McVariantHelperNative@@QBE_NXZ
?GetValue@McvBuffer@McVariantHelper@@QBEABUBuffer@McVariant@@XZ
?GetValue@McvBuffer@McVariantHelperNative@@QBEABUBuffer@McVariant@@XZ
?GetValue@McvFloat@McVariantHelper@@QBENXZ
?GetValue@McvFloat@McVariantHelperNative@@QBENXZ
?GetValue@McvInt64@McVariantHelper@@QBE_JXZ
?GetValue@McvInt64@McVariantHelperNative@@QBE_JXZ
?GetValue@McvInt@McVariantHelper@@QBEHXZ
?GetValue@McvInt@McVariantHelperNative@@QBEHXZ
?GetValue@McvRegister@McVariantHelper@@QBEPAXXZ
?GetValue@McvRegister@McVariantHelperNative@@QBEPAXXZ
?GetValue@McvString@McVariantHelper@@QBEABUString@McVariant@@XZ
?GetValue@McvString@McVariantHelperNative@@QBEABUString@McVariant@@XZ
?HasMandatoryFields@McVariantEventInfo@Events@McVariantHelper@@AAE_NXZ
?Impl@McvRef@McVariantHelper@@AAEAAUMcvRefImpl@2@XZ
?Initialize@McVariantEventInfo@Events@McVariantHelper@@AAEXXZ
?InsertBefore@Node@McVariantHelper@@QAEXABUPathElement@2@UNodeRef@2@@Z
?InsertBefore@Node@McVariantHelperNative@@QAEXABUPathElement@2@UNodeRef@2@@Z
?InsertBefore@NodeRef@McVariantHelper@@QAEXABUPathElement@2@U12@@Z
?InsertBefore@NodeRef@McVariantHelperNative@@QAEXABUPathElement@2@U12@@Z
?Int64@McvView@McVariantHelper@@QBE_JXZ
?Int64@NodeRef@McVariantHelper@@QBE_JXZ
?Int@McvView@McVariantHelper@@QBEHXZ
?Int@McvZView@McVariantHelper@@QBEHXZ
?Int@NodeRef@McVariantHelper@@QBEHXZ
?Int@NodeRef@McVariantHelperNative@@QBEHXZ
?IsBool@McvView@McVariantHelper@@QBE_NXZ
?IsBool@McvZView@McVariantHelper@@QBE_NXZ
?IsBool@NodeRef@McVariantHelper@@QBE_NXZ
?IsBool@NodeRef@McVariantHelperNative@@QBE_NXZ
?IsBuffer@McvView@McVariantHelper@@QBE_NXZ
?IsBuffer@McvZView@McVariantHelper@@QBE_NXZ
?IsBuffer@NodeRef@McVariantHelper@@QBE_NXZ
?IsBuffer@NodeRef@McVariantHelperNative@@QBE_NXZ
?IsDuplicateProperty@McVariantEventInfo@Events@McVariantHelper@@AAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?IsEmpty@McvList@McVariantHelper@@QBE_NXZ
?IsEmpty@McvList@McVariantHelperNative@@QBE_NXZ
?IsEmpty@McvStringView@McVariantHelper@@QBE_NXZ
?IsEqual@McVariantHelper@@YA_NPBUMcVariant@@0@Z
?IsFloat@McvView@McVariantHelper@@QBE_NXZ
?IsFloat@McvZView@McVariantHelper@@QBE_NXZ
?IsFloat@NodeRef@McVariantHelper@@QBE_NXZ
?IsFloat@NodeRef@McVariantHelperNative@@QBE_NXZ
?IsInt64@McvView@McVariantHelper@@QBE_NXZ
?IsInt64@NodeRef@McVariantHelper@@QBE_NXZ
?IsInt@McvView@McVariantHelper@@QBE_NXZ
?IsInt@McvZView@McVariantHelper@@QBE_NXZ
?IsInt@NodeRef@McVariantHelper@@QBE_NXZ
?IsInt@NodeRef@McVariantHelperNative@@QBE_NXZ
?IsList@McvView@McVariantHelper@@QBE_NXZ
?IsList@McvZView@McVariantHelper@@QBE_NXZ
?IsList@NodeRef@McVariantHelper@@QBE_NXZ
?IsList@NodeRef@McVariantHelperNative@@QBE_NXZ
?IsNull@McvView@McVariantHelper@@QBE_NXZ
?IsNull@NodeRef@McVariantHelper@@QBE_NXZ
?IsNull@NodeRef@McVariantHelperNative@@QBE_NXZ
?IsRegister@McvView@McVariantHelper@@QBE_NXZ
?IsRegister@McvZView@McVariantHelper@@QBE_NXZ
?IsRegister@NodeRef@McVariantHelper@@QBE_NXZ
?IsRegister@NodeRef@McVariantHelperNative@@QBE_NXZ
?IsString@McvView@McVariantHelper@@QBE_NXZ
?IsString@McvZView@McVariantHelper@@QBE_NXZ
?IsString@NodeRef@McVariantHelper@@QBE_NXZ
?IsString@NodeRef@McVariantHelperNative@@QBE_NXZ
?IsTheNull@McvView@McVariantHelper@@QBE_NXZ
?IsTheNull@McvZView@McVariantHelper@@QBE_NXZ
?IsValid@McvConvertBase@McVariantHelper@@QBE_NXZ
?IsValidInputEventMcVariant@McVariantEventInfo@Events@McVariantHelper@@AAE_NPBUMcVariant@@@Z
?Last@Node@McVariantHelper@@QBE?AUNodeRef@2@XZ
?Last@Node@McVariantHelperNative@@QBE?AUNodeRef@2@XZ
?Last@NodeRef@McVariantHelper@@QAE?AU12@XZ
?Last@NodeRef@McVariantHelperNative@@QAE?AU12@XZ
?LazyChildren@Node@McVariantHelper@@QAEAAUChildren@2@XZ
?LazyChildren@Node@McVariantHelperNative@@QAEAAUChildren@2@XZ
?Leaf@NodeRef@McVariantHelper@@QBEPBUMcVariant@@XZ
?Leaf@NodeRef@McVariantHelperNative@@QBEPBUMcVariant@@XZ
?Len@McvConvertString@McVariantHelper@@QBEHXZ
?List@McvView@McVariantHelper@@QBEABU0McVariant@@XZ
?List@NodeRef@McVariantHelper@@QBEABU0McVariant@@XZ
?List@NodeRef@McVariantHelperNative@@QBEABU0McVariant@@XZ
?ListValueSize@McvView@McVariantHelper@@QBEHXZ
?Lookup@NodeRef@McVariantHelper@@QBE?AU12@H@Z
?Lookup@NodeRef@McVariantHelper@@QBE?AU12@PB_W@Z
?Lookup@NodeRef@McVariantHelperNative@@QBE?AU12@H@Z
?Lookup@NodeRef@McVariantHelperNative@@QBE?AU12@PB_W@Z
?McVariantPrintDelete@McVariantHelper@@YAXPA_W@Z
?McVariantPrintNew@McVariantHelper@@YAPA_WPBUMcVariant@@_N@Z
?McVariantPrintNew@McVariantHelper@@YAPA_WPBUMcVariantZ@1@_N@Z
?Merge@McVariantHelper@@YAPAUMcVariant@@PBU2@0@Z
?Name@McvView@McVariantHelper@@QBE?AUMcvStringView@2@XZ
?Name@McvZView@McVariantHelper@@QBE?AUMcvStringView@2@XZ
?Name@Node@McVariantHelper@@QAEPB_WXZ
?Name@Node@McVariantHelperNative@@QAEPB_WXZ
?Name@NodeRef@McVariantHelper@@QBE?AUMcvStringView@2@XZ
?Name@NodeRef@McVariantHelperNative@@QBE?AUMcvStringView@McVariantHelper@@XZ
?NameLen@McVariantZ@McVariantHelper@@QBEHXZ
?NameSize@McvView@McVariantHelper@@QBEHXZ
?NameSize@McvZView@McVariantHelper@@QBEHXZ
?NameStr@McVariantZ@McVariantHelper@@QBEPA_WXZ
?NewBool@McVariantHelper@@YAPAUMcvBool@1@PB_W_N@Z
?NewBuffer@McVariantHelper@@YAPAUMcvBuffer@1@PB_WPBXH@Z
?NewCopy@McVariantHelper@@YAPAUMcVariant@@PBU2@P6APAXI@Z_N2@Z
?NewDom@McVariantHelper@@YAPAUMcVariant@@PB_WP6APAXI@ZPAUAppendableWideString@@@Z
?NewDom@McVariantHelper@@YAPA_WPBUMcVariant@@PA_W@Z
?NewEp10Config@McVariantHelper@@YAPAUMcVariant@@PB_WP6APAXI@ZPAUAppendableWideString@@@Z
?NewEp10Config@McVariantHelper@@YAPA_WPBUMcVariant@@@Z
?NewExtraNatural@McVariantHelper@@YAPAUMcVariant@@PB_WP6APAXI@ZPAUAppendableWideString@@@Z
?NewFloat@McVariantHelper@@YAPAUMcvFloat@1@PB_WN@Z
?NewInt64@McVariantHelper@@YAPAUMcvInt64@1@PB_W_J@Z
?NewInt@McVariantHelper@@YAPAUMcvInt@1@PB_WH@Z
?NewJson@McVariantHelper@@YAPAUMcVariant@@PB_W@Z
?NewJson@McVariantHelper@@YAPA_WPBUMcVariant@@@Z
?NewList@McVariantHelper@@YAPAUMcvList@1@PB_W@Z
?NewMcvCopyDeep@McVariantHelper@@YAPAUMcvBase@1@PBUMcVariant@@@Z
?NewNatural@McVariantHelper@@YAPAUMcVariant@@PB_WP6APAXI@ZPAUAppendableWideString@@@Z
?NewNatural@McVariantHelper@@YAPA_WPBUMcVariant@@PA_W@Z
?NewNull@McVariantHelper@@YAPAUMcvNull@1@PB_W@Z
?NewPlain@McVariantHelper@@YAPAUMcVariant@@PB_WP6APAXI@ZPAUAppendableWideString@@@Z
?NewRegister@McVariantHelper@@YAPAUMcvRegister@1@PB_WPAX@Z
?NewSimple@McVariantHelper@@YAPAUMcVariant@@PB_WP6APAXI@ZPAUAppendableWideString@@@Z
?NewSimple@McVariantHelper@@YAPA_WPBUMcVariant@@_N@Z
?NewString@McVariantHelper@@YAPAUMcvString@1@PB_W0H@Z
?NewYam@McVariantHelper@@YAPAUMcVariant@@PB_WP6APAXI@ZPAUAppendableWideString@@@Z
?NewYam@McVariantHelper@@YAPA_WPBUMcVariant@@_N@Z
?Next@McVariantZ@McVariantHelper@@QBEPAU12@XZ
?Next@McvView@McVariantHelper@@QBE?AU12@XZ
?Next@McvZView@McVariantHelper@@QBE?AU12@XZ
?NullMcv@McvToAny@BasicUtils@McVariantHelper@@2V123@A
?NullTerminate@AppendableWideString@@QAEXXZ
?OnAsyncMsgResponseCallbackfn@Publisher@Messaging@@CAXPBUMcVariant@@0PAI@Z
?OnMsgResponseCallbackfn@Publisher@Messaging@@CAXPBUMcVariant@@0PAI@Z
?OnReceiveMessageCallback@Subscriber@Messaging@@CAXPBUMcVariant@@0PAI@Z
?ReadFromRegistry@McVariantHelper@@YAHPAXPB_W1PAPAUMcVariant@@@Z
?Rebase@McVariantHelper@@YAXPAUMcVariant@@PBX1@Z
?RebaseFromZero@McVariantHelper@@YAXPAUMcVariant@@@Z
?RebaseToZero@McVariantHelper@@YAXPAUMcVariant@@@Z
?Register@McvView@McVariantHelper@@QBEPAXXZ
?Register@McvZView@McVariantHelper@@QBEPAXXZ
?Register@NodeRef@McVariantHelper@@QBEPAXXZ
?Register@NodeRef@McVariantHelperNative@@QBEPAXXZ
?ReserveCapacity@AppendableWideString@@AAEXI@Z
?Seed@Node@McVariantHelper@@QAEXPBUMcVariant@@@Z
?Seed@Node@McVariantHelperNative@@QAEXPBUMcVariant@@@Z
?SetAsBool@McvConvertBase@McVariantHelper@@IAEXABUMcVariant@@@Z
?SetAsBuffer@McvConvertBase@McVariantHelper@@IAEXABUMcVariant@@AAPA_W@Z
?SetAsFloat@McvConvertBase@McVariantHelper@@IAEXABUMcVariant@@@Z
?SetAsInt64@McvConvertBase@McVariantHelper@@IAEXABUMcVariant@@@Z
?SetAsInt@McvConvertBase@McVariantHelper@@IAEXABUMcVariant@@@Z
?SetAsNull@McvConvertBase@McVariantHelper@@IAEXABUMcVariant@@@Z
?SetAsRegister@McvConvertBase@McVariantHelper@@IAEXABUMcVariant@@@Z
?SetAsString@McvConvertBase@McVariantHelper@@IAEXABUMcVariant@@AAPA_W@Z
?SetCommon@McvConvertBase@McVariantHelper@@IAEXABUMcVariant@@@Z
?SetCustomData@McVariantEventFilter@Events@McVariantHelper@@QAE_NABVNameValuePair@BasicUtils@3@@Z
?SetCustomData@McVariantEventInfo@Events@McVariantHelper@@QAE_NABVNameValuePair@BasicUtils@3@@Z
?SetEventID@McVariantEventFilter@Events@McVariantHelper@@QAE_NH@Z
?SetEventInfo@McVariantEventInfo@Events@McVariantHelper@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@HH0_N@Z
?SetMcEventDetails@McVariantEventInfo@Events@McVariantHelper@@QAE_NPBUMcVariant@@@Z
?SetName@McVariantEventFilter@Events@McVariantHelper@@AAE_NXZ
?SetName@McvBase@McVariantHelper@@QAEXPBD@Z
?SetName@McvBase@McVariantHelper@@QAEXPB_W@Z
?SetName@McvBase@McVariantHelperNative@@QAEXPBD@Z
?SetName@McvBase@McVariantHelperNative@@QAEXPB_W@Z
?SetPublisher@McVariantEventFilter@Events@McVariantHelper@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?SetSeverity@McVariantEventFilter@Events@McVariantHelper@@QAE_NH@Z
?SetTaskName@McVariantEventInfo@Events@McVariantHelper@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?SetTopAttribute@NodeRef@McVariantHelper@@QAE_NABVNameValuePair@BasicUtils@2@@Z
?SetTopName@NodeRef@McVariantHelper@@QAEXPB_W@Z
?SetTopName@NodeRef@McVariantHelperNative@@QAEXPB_W@Z
?SetTopicName@McVariantEventFilter@Events@McVariantHelper@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?SetTopicName@McVariantEventInfo@Events@McVariantHelper@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?SetValue@McvAny@McVariantHelper@@QAEXPBX@Z
?SetValue@McvAny@McVariantHelperNative@@QAEXPBX@Z
?SetValue@McvBool@McVariantHelper@@QAEX_N@Z
?SetValue@McvBool@McVariantHelperNative@@QAEX_N@Z
?SetValue@McvBuffer@McVariantHelper@@QAEXPBXH@Z
?SetValue@McvBuffer@McVariantHelperNative@@QAEXPBXH@Z
?SetValue@McvFloat@McVariantHelper@@QAEXN@Z
?SetValue@McvFloat@McVariantHelperNative@@QAEXN@Z
?SetValue@McvInt64@McVariantHelper@@QAEX_J@Z
?SetValue@McvInt64@McVariantHelperNative@@QAEX_J@Z
?SetValue@McvInt@McVariantHelper@@QAEXH@Z
?SetValue@McvInt@McVariantHelperNative@@QAEXH@Z
?SetValue@McvList@McVariantHelper@@QAEXPAUMcvBase@2@@Z
?SetValue@McvList@McVariantHelperNative@@QAEXPAUMcvBase@2@@Z
?SetValue@McvRegister@McVariantHelper@@QAEXPAX@Z
?SetValue@McvRegister@McVariantHelperNative@@QAEXPAX@Z
?SetValue@McvString@McVariantHelper@@QAEXPB_WH@Z
?SetValue@McvString@McVariantHelperNative@@QAEXPB_WH@Z
?SetValue@McvStringFromUtf8@McVariantHelper@@QAEXPBD@Z
?SetValue@McvStringFromUtf8@McVariantHelperNative@@QAEXPBD@Z
?Size@McVariantZ@McVariantHelper@@QBEHXZ
?Size@McvView@McVariantHelper@@QBEHXZ
?Size@McvZView@McVariantHelper@@QBEHXZ
?Start@IProvider@Messaging@@QAE_NXZ
?Start@Provider@Messaging@@QAE_NXZ
?Stop@IProvider@Messaging@@QAE_NXZ
?Stop@Provider@Messaging@@QAE_NXZ
?String@McvView@McVariantHelper@@QBE?AUMcvStringView@2@XZ
?String@McvZView@McVariantHelper@@QBE?AUMcvStringView@2@XZ
?String@NodeRef@McVariantHelper@@QBE?AUMcvStringView@2@XZ
?String@NodeRef@McVariantHelperNative@@QBE?AUMcvStringView@McVariantHelper@@XZ
?TakeValue@McvString@McVariantHelper@@QAEXPA_WH@Z
?TakeValue@McvString@McVariantHelperNative@@QAEXPA_WH@Z
?TheNull@McvView@McVariantHelper@@KA?AUMcVariant@@XZ
?Type@McVariantZ@McVariantHelper@@QBEHXZ
?Type@McvView@McVariantHelper@@QBE?AW4TypeCodes@McVariant@@XZ
?Type@McvZView@McVariantHelper@@QBE?AW4TypeCodes@McVariant@@XZ
?Type@NodeRef@McVariantHelper@@QBE?AW4TypeCodes@McVariant@@XZ
?Type@NodeRef@McVariantHelperNative@@QBE?AW4TypeCodes@McVariant@@XZ
?TypeCodeFromString@McVariantHelper@@YA?BW4TypeCodes@McVariant@@PB_W@Z
?TypeCodeImage@McVariantHelper@@YAPB_WW4TypeCodes@McVariant@@@Z
?Validate@McVariantHelper@@YA_NPBUMcVariant@@@Z
?ValidateAtBase@McVariantHelper@@YA_NPBUMcVariant@@PBX@Z
?ValidateZero@McVariantHelper@@YA_NPBUMcVariant@@@Z
?ValueBool@McVariantZ@McVariantHelper@@QBE_NXZ
?ValueBufferBuf@McVariantZ@McVariantHelper@@QBEPAXXZ
?ValueBufferLen@McVariantZ@McVariantHelper@@QBEHXZ
?ValueFloat@McVariantZ@McVariantHelper@@QBENXZ
?ValueInt@McVariantZ@McVariantHelper@@QBEHXZ
?ValueListIndex@McVariantZ@McVariantHelper@@QBEPAU12@H@Z
?ValueListLen@McVariantZ@McVariantHelper@@QBEHXZ
?ValuePtr@McvView@McVariantHelper@@QBEPBXXZ
?ValuePtr@McvZView@McVariantHelper@@QBEPBXXZ
?ValueRegister@McVariantZ@McVariantHelper@@QBEPAXXZ
?ValueSize@McvView@McVariantHelper@@QBEHXZ
?ValueSize@McvZView@McVariantHelper@@QBEHXZ
?ValueStringLen@McVariantZ@McVariantHelper@@QBEHXZ
?ValueStringStr@McVariantZ@McVariantHelper@@QBEPA_WXZ
?View@NodeRef@McVariantHelper@@QBE?AUMcvView@2@ABUPath@2@@Z
?View@NodeRef@McVariantHelperNative@@QBE?AUMcvView@McVariantHelper@@ABUPath@2@@Z
?WriteToRegistry@McVariantHelper@@YAHPAXPB_W1PBUMcVariant@@@Z
?addAttribute@PropertyBase@BOProperty@McVariantHelper@@QAE_NABVNameValuePair@BasicUtils@3@@Z
?addData@AMessage@McVariantHelper@@QAEHABVAMcVariant@2@@Z
?addData@AMessage@McVariantHelper@@QAEHABVAMcVariantList@2@_N@Z
?addHeaderData@AMessage@McVariantHelper@@QAEHABVAMcVariant@2@@Z
?addHeaderData@AMessage@McVariantHelper@@QAEHABVAMcVariantList@2@_N@Z
?addRef@xmlDataStore@BOProperty@McVariantHelper@@UAEHXZ
?addSchema@XmlMcvConverter@McVariantHelper@@QAE_NABVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?addSchema@xmlDataStore@BOProperty@McVariantHelper@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?addSchemaBuffer@XmlMcvConverter@McVariantHelper@@QAE_NABVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?addTag@AMessage@McVariantHelper@@QAEXVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?append@PropertyContainer@BOProperty@McVariantHelper@@QAE_NABVAProperty@23@@Z
?append@PropertyContainer@BOProperty@McVariantHelper@@QAE_NABVNameValuePair@BasicUtils@3@@Z
?appendContainer@PropertyContainer@BOProperty@McVariantHelper@@QAE?AV?$SmartPtr@VPropertyContainer@BOProperty@McVariantHelper@@@23@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?appendNodeToAList@BasicUtils@McVariantHelper@@YAPAUMcVariant@@PAU3@@Z
?appendNodeToAList@BasicUtils@McVariantHelper@@YAPAUMcVariant@@PAUList@3@@Z
?appendNodeToAList@BasicUtils@McVariantHelper@@YA_NPAUList@McVariant@@PAU4@@Z
?appendNodeToAList@BasicUtils@McVariantHelper@@YA_NPAUMcVariant@@00@Z
?assign@AMcvListReference@McVariantHelper@@QAE_NABV12@@Z
?assign@AMcvReference@McVariantHelper@@QAE_NABV12@@Z
?assignData@PropertyContainer@BOProperty@McVariantHelper@@QAEHVSmartWcharPtr@string_utils@endpoint@mcafee_com@@PAUMcVariant@@AAVAssignmentOperator@23@@Z
?assignData@PropertyContainer@BOProperty@McVariantHelper@@QAEHVSmartWcharPtr@string_utils@endpoint@mcafee_com@@PAUMcVariant@@AAVValidatorFunctor@23@@Z
?assignName@AMcvReference@McVariantHelper@@QAE_NABV12@@Z
?assignValue@AMcvListReference@McVariantHelper@@QAE_NABV12@@Z
?assignValue@AMcvReference@McVariantHelper@@QAE_NABV12@@Z
?at@AMcvListReference@McVariantHelper@@QAE?AVAMcvReference@2@H@Z
?at@AMcvListReference@McVariantHelper@@QAE?AVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@I@Z
?at@AMcvListReference@McVariantHelper@@QBE?BVAMcvReference@2@H@Z
?at@AMcvListReference@McVariantHelper@@QBE?BVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@I@Z
?at@AMessage@McVariantHelper@@QAE?AVAMcvReference@2@H@Z
?at@AMessage@McVariantHelper@@QAE?AVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?at@AMessage@McVariantHelper@@QBE?BVAMcvReference@2@H@Z
?at@AMessage@McVariantHelper@@QBE?BVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?atL@AMcvListReference@McVariantHelper@@QAE?AV12@H@Z
?atL@AMcvListReference@McVariantHelper@@QAE?AV12@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@I@Z
?atL@AMcvListReference@McVariantHelper@@QBE?BV12@H@Z
?atL@AMcvListReference@McVariantHelper@@QBE?BV12@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@I@Z
?attribute@AMcvListReference@McVariantHelper@@QAE?AVAMcvReference@2@H@Z
?attribute@AMcvListReference@McVariantHelper@@QAE?AVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?attribute@AMcvListReference@McVariantHelper@@QBE?BVAMcvReference@2@H@Z
?attribute@AMcvListReference@McVariantHelper@@QBE?BVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?attribute@AMcvReference@McVariantHelper@@QAE?AV12@H@Z
?attribute@AMcvReference@McVariantHelper@@QAE?AV12@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?attribute@AMcvReference@McVariantHelper@@QBE?BV12@H@Z
?attribute@AMcvReference@McVariantHelper@@QBE?BV12@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?bDeInitialize@Participant@Messaging@@QAE_NXZ
?bInitialize@Participant@Messaging@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?bLoadBLFramework@Participant@Messaging@@AAE_NXZ
?bPost@IPublisher@Messaging@@QAE_NAAVAMessage@McVariantHelper@@ABVAMcVariantList@4@@Z
?bPost@IPublisherSubscriber@Messaging@@QAE_NAAVAMessage@McVariantHelper@@ABVAMcVariantList@4@@Z
?bPost@Publisher@Messaging@@QAE_NAAVAMessage@McVariantHelper@@ABVAMcVariantList@4@@Z
?bPost@PublisherSubscriber@Messaging@@QAE_NAAVAMessage@McVariantHelper@@ABVAMcVariantList@4@@Z
?bPostResponse@IProvider@Messaging@@QAE_NPAVAMessage@McVariantHelper@@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?bPostResponse@Provider@Messaging@@QAE_NPAVAMessage@McVariantHelper@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?bPublishMessage@Messaging@@YA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@AAVAMessage@McVariantHelper@@ABVAMcVariantList@7@@Z
?bRequest@IPublisher@Messaging@@QAE_NAAVAMessage@McVariantHelper@@PAPAV34@PAHABVAMcVariantList@4@PC_NJ@Z
?bRequest@IPublisherSubscriber@Messaging@@QAE_NAAVAMessage@McVariantHelper@@PAPAV34@PAHABVAMcVariantList@4@PC_NJ@Z
?bRequest@Publisher@Messaging@@QAE_NAAVAMessage@McVariantHelper@@PAPAV34@PAHABVAMcVariantList@4@PC_NJ@Z
?bRequest@PublisherSubscriber@Messaging@@QAE_NAAVAMessage@McVariantHelper@@PAPAV34@PAHABVAMcVariantList@4@PC_NJ@Z
?bSendNotification@Participant@Messaging@@AAE_NPB_W@Z
?bSendRequest@Messaging@@YA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@AAVAMessage@McVariantHelper@@PAPAV67@PAHABVAMcVariantList@7@PC_NJ@Z
?bSubscribe@IProvider@Messaging@@QAE_NABVAMcvListReference@McVariantHelper@@@Z
?bSubscribe@IProvider@Messaging@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?bSubscribe@IPublisherSubscriber@Messaging@@QAE_NABVAMcvListReference@McVariantHelper@@PAXP6AXABVAMessage@4@1@Z@Z
?bSubscribe@IPublisherSubscriber@Messaging@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@PAXP6AXABVAMessage@McVariantHelper@@1@Z@Z
?bSubscribe@ISubscriber@Messaging@@QAE_NABVAMcvListReference@McVariantHelper@@PAXP6AXABVAMessage@4@1@Z@Z
?bSubscribe@ISubscriber@Messaging@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@PAXP6AXABVAMessage@McVariantHelper@@1@Z@Z
?bSubscribe@Provider@Messaging@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?bSubscribe@Provider@Messaging@@QAE_NABVAMcvListReference@McVariantHelper@@@Z
?bSubscribe@PublisherSubscriber@Messaging@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PAXP6AXABVAMessage@McVariantHelper@@1@Z@Z
?bSubscribe@PublisherSubscriber@Messaging@@QAE_NABVAMcvListReference@McVariantHelper@@PAXP6AXABVAMessage@4@1@Z@Z
?bSubscribe@Subscriber@Messaging@@AAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABVAMcvListReference@McVariantHelper@@PAXP6AXABVAMessage@6@2@Z@Z
?bSubscribe@Subscriber@Messaging@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PAXP6AXABVAMessage@McVariantHelper@@1@Z@Z
?bSubscribe@Subscriber@Messaging@@QAE_NABVAMcvListReference@McVariantHelper@@PAXP6AXABVAMessage@4@1@Z@Z
?bUnloadBLFramework@Participant@Messaging@@AAE_NXZ
?bUnsubscribe@IProvider@Messaging@@QAE_NABVAMcvListReference@McVariantHelper@@@Z
?bUnsubscribe@IProvider@Messaging@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?bUnsubscribe@IPublisherSubscriber@Messaging@@QAE_NABVAMcvListReference@McVariantHelper@@@Z
?bUnsubscribe@IPublisherSubscriber@Messaging@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?bUnsubscribe@ISubscriber@Messaging@@QAE_NABVAMcvListReference@McVariantHelper@@@Z
?bUnsubscribe@ISubscriber@Messaging@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?bUnsubscribe@PublisherSubscriber@Messaging@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?bUnsubscribe@PublisherSubscriber@Messaging@@QAE_NABVAMcvListReference@McVariantHelper@@@Z
?bUnsubscribe@Subscriber@Messaging@@AAE_NPAX@Z
?bUnsubscribe@Subscriber@Messaging@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?bUnsubscribe@Subscriber@Messaging@@QAE_NABVAMcvListReference@McVariantHelper@@@Z
?bUnsubscribeAll@IPublisherSubscriber@Messaging@@QAE_NXZ
?bUnsubscribeAll@ISubscriber@Messaging@@QAE_NXZ
?bUnsubscribeAll@PublisherSubscriber@Messaging@@QAE_NXZ
?bUnsubscribeAll@Subscriber@Messaging@@QAE_NXZ
?bWaitForResponse@IPublisher@Messaging@@QAE_NPAXPAPAVAMessage@McVariantHelper@@PAHPC_NJ@Z
?bWaitForResponse@IPublisherSubscriber@Messaging@@QAE_NPAXPAPAVAMessage@McVariantHelper@@PAHPC_NJ@Z
?bWaitForResponse@Publisher@Messaging@@QAE_NPAXPAPAVAMessage@McVariantHelper@@PAHPC_NJ@Z
?bWaitForResponse@PublisherSubscriber@Messaging@@QAE_NPAXPAPAVAMessage@McVariantHelper@@PAHPC_NJ@Z
?body@AMessage@McVariantHelper@@QAE?AVAMcvListReference@2@XZ
?body@AMessage@McVariantHelper@@QBE?BVAMcvListReference@2@XZ
?buildMcVariantForTransport@BasicUtils@McVariantHelper@@YAPAUMcVariant@@PBU3@P6APAXI@Z@Z
?cStr@AMcvariantName@McVariantHelper@@QBEPB_WXZ
?clear@AMessage@McVariantHelper@@QAEXXZ
?clearMcVariant@BasicUtils@McVariantHelper@@YAXPAUMcVariant@@@Z
?clearValue@AMcvReference@McVariantHelper@@AAEXXZ
?clone@PropertyContainer@BOProperty@McVariantHelper@@QAEPAV123@XZ
?compare@AMcVariant@McVariantHelper@@QBEHABV12@@Z
?compare@AMcVariantValue@McVariantHelper@@QBEHPBD_N@Z
?compare@AMcVariantValue@McVariantHelper@@QBEHVSmartWcharPtr@string_utils@endpoint@mcafee_com@@_N@Z
?compare@AMcvReference@McVariantHelper@@QBEHABV12@@Z
?compare@AMcvariantName@McVariantHelper@@QBEHPBD_N@Z
?compare@AMcvariantName@McVariantHelper@@QBEHVSmartWcharPtr@string_utils@endpoint@mcafee_com@@_N@Z
?compare@AProperty@BOProperty@McVariantHelper@@QAEHABV123@@Z
?compare@PropertyContainer@BOProperty@McVariantHelper@@QBEHABV123@@Z
?compareAMcVariant@BasicUtils@McVariantHelper@@YAHPBUMcVariant@@0@Z
?compareMcVariant@BasicUtils@McVariantHelper@@YAHPBUMcVariant@@0@Z
?compareMcVariantDataType@BasicUtils@McVariantHelper@@YA_NPBUMcVariant@@0@Z
?compareMcVariantName@BasicUtils@McVariantHelper@@YAHPBUMcVariant@@0@Z
?compareMcVariantName@BasicUtils@McVariantHelper@@YAHPBUMcVariant@@PB_W@Z
?compareMcVariantValue@BasicUtils@McVariantHelper@@YAHPBUMcVariant@@0@Z
?compareSimpleMcVariant@BasicUtils@McVariantHelper@@YAHPBUMcVariant@@0@Z
?computeMcVariantSize@BasicUtils@McVariantHelper@@YAIPBUMcVariant@@@Z
?convert@XmlMcvConverter@McVariantHelper@@QAE?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@PAUMcVariant@@@Z
?convert@XmlMcvConverter@McVariantHelper@@QAEPAUMcVariant@@ABVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?convert@XmlMcvConverter@McVariantHelper@@QAE_NPAUMcVariant@@ABVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?convertFile@XmlMcvConverter@McVariantHelper@@QAEPAUMcVariant@@ABVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?convertFromAMessage@McVariantHelper@@YA_NPBUMcVariant@@PAPAU2@@Z
?convertToAMessage@McVariantHelper@@YA_NABVMcVariantEventInfo@Events@1@AAVAMessage@1@@Z
?copyAMcVariant@BasicUtils@McVariantHelper@@YA_NPAUMcVariant@@PBU3@@Z
?copyASimpleMcVariant@BasicUtils@McVariantHelper@@YA_NPAUMcVariant@@PBU3@@Z
?copyMcVariant2Buffer@BasicUtils@McVariantHelper@@YAIPBUMcVariant@@PAEPAI@Z
?copyMcVariant@BasicUtils@McVariantHelper@@YAPAUMcVariant@@PBU3@@Z
?copyMcVariant@BasicUtils@McVariantHelper@@YAXPAUMcVariant@@PBU3@@Z
?copyMcVariantName@BasicUtils@McVariantHelper@@YA_NPAUMcVariant@@PB_W@Z
?copyMcVariantValue@BasicUtils@McVariantHelper@@YA_NPAUMcVariant@@PBU3@@Z
?copyMcvAttributes@BasicUtils@McVariantHelper@@YA_NPAUMcVariant@@PBU3@@Z
?copyName@NameValuePair@BasicUtils@McVariantHelper@@AAEXPB_W@Z
?count@AMcvListReference@McVariantHelper@@QBEHXZ
?createIterator@PropertyContainer@BOProperty@McVariantHelper@@QAE?AV?$SmartPtr@VIPropertyIterator@BOProperty@McVariantHelper@@@23@XZ
?deleteNodeFromAList@BasicUtils@McVariantHelper@@YA_NPAUList@McVariant@@PAU4@1@Z
?deleteNodeFromAList@BasicUtils@McVariantHelper@@YA_NPAUList@McVariant@@PB_W@Z
?deleteNodeFromAList@BasicUtils@McVariantHelper@@YA_NPAUMcVariant@@00@Z
?deleteNodeFromAList@BasicUtils@McVariantHelper@@YA_NPAUMcVariant@@PB_W@Z
?empty@AMcvListReference@McVariantHelper@@QBE_NXZ
?empty@AMcvariantName@McVariantHelper@@QBE_NXZ
?erase@AMcvListReference@McVariantHelper@@QAEXXZ
?erase@AMcvListReference@McVariantHelper@@QAE_NABVAMcvReference@2@I@Z
?erase@AMcvListReference@McVariantHelper@@QAE_NH@Z
?erase@AMcvListReference@McVariantHelper@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?erase@AMcvReference@McVariantHelper@@QAEXXZ
?erase@PropertyContainer@BOProperty@McVariantHelper@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?eraseMcVariant@BasicUtils@McVariantHelper@@YAXPAUMcVariant@@@Z
?find@AMcvListReference@McVariantHelper@@QAE?AVAMcvReference@2@ABV32@I@Z
?find@AMcvListReference@McVariantHelper@@QAE?AVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@I@Z
?find@AMcvListReference@McVariantHelper@@QBE?BVAMcvReference@2@ABV32@I@Z
?find@AMcvListReference@McVariantHelper@@QBE?BVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@I@Z
?find@AMessage@McVariantHelper@@QAEHAAVAMcVariant@2@@Z
?find@PropertyContainer@BOProperty@McVariantHelper@@QAE?AV?$SmartPtr@VAProperty@BOProperty@McVariantHelper@@@23@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?findContainer@PropertyContainer@BOProperty@McVariantHelper@@QAE?AV?$SmartPtr@VPropertyContainer@BOProperty@McVariantHelper@@@23@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?findData@AMessage@McVariantHelper@@QBEHAAVAMcVariant@2@@Z
?findElementInAList@BasicUtils@McVariantHelper@@YAPAUMcVariant@@PBU3@0IPAPAU3@@Z
?findHeaderData@AMessage@McVariantHelper@@QBEHAAVAMcVariant@2@@Z
?findList@AMcvListReference@McVariantHelper@@QAE?AV12@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@I@Z
?findList@AMcvListReference@McVariantHelper@@QBE?BV12@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@I@Z
?findNode@AMcvListReference@McVariantHelper@@ABE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@IPAPAUMcVariant@@@Z
?findNodeInAList@BasicUtils@McVariantHelper@@YAPAUMcVariant@@PBU3@H@Z
?findNodeInAList@BasicUtils@McVariantHelper@@YAPAUMcVariant@@PBUList@3@H@Z
?findNodeInAList@BasicUtils@McVariantHelper@@YAPAUMcVariant@@PBUList@3@PB_W@Z
?findNodeInAList@BasicUtils@McVariantHelper@@YAPAUMcVariant@@PBUList@3@PB_WI@Z
?findNodeInAList@BasicUtils@McVariantHelper@@YA_NPBUList@McVariant@@PAU4@PAPAU4@@Z
?findNodeInAList@BasicUtils@McVariantHelper@@YA_NPBUMcVariant@@HPAPAU3@1@Z
?findNodeInAList@BasicUtils@McVariantHelper@@YA_NPBUMcVariant@@PAU3@PAPAU3@@Z
?findNodeInAList@BasicUtils@McVariantHelper@@YA_NPBUMcVariant@@PB_WPAPAU3@2@Z
?get@PropertyContainer@BOProperty@McVariantHelper@@QAE?AV?$SmartPtr@VAProperty@BOProperty@McVariantHelper@@@23@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?getAttribute@PropertyBase@BOProperty@McVariantHelper@@QBE?AVMcvToAny@BasicUtils@3@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?getBool@AMcVariantValue@McVariantHelper@@QBE_NXZ
?getBuffer@AMcVariantValue@McVariantHelper@@QBEABUBuffer@McVariant@@XZ
?getContainer@PropertyContainer@BOProperty@McVariantHelper@@QAE?AV?$SmartPtr@VPropertyContainer@BOProperty@McVariantHelper@@@23@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?getData@PropertyBase@BOProperty@McVariantHelper@@QBEPAUMcVariant@@XZ
?getFloat@AMcVariantValue@McVariantHelper@@QBENXZ
?getInt64@AMcVariantValue@McVariantHelper@@QBE_JXZ
?getInt@AMcVariantValue@McVariantHelper@@QBEHXZ
?getLastError@PropertyDB@BOProperty@McVariantHelper@@QAE?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?getLastError@XmlMcvConverter@McVariantHelper@@QAE?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?getLastError@XmlToMcvConverter@McVariantHelper@@QAE?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?getLastError@xmlDataStore@BOProperty@McVariantHelper@@UAE?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?getList@AMcVariantValue@McVariantHelper@@QBE?BVAMcvListReference@2@XZ
?getMcVariant@XmlToMcvConverter@McVariantHelper@@QAEPAUMcVariant@@ABVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?getMcVariant@XmlToMcvConverter@McVariantHelper@@QAEPAUMcVariant@@XZ
?getMcVariantCount@BasicUtils@McVariantHelper@@YAIPAUMcVariant@@@Z
?getName@PropertyBase@BOProperty@McVariantHelper@@QBE?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?getPathComponents@PropertyContainer@BOProperty@McVariantHelper@@ABE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@AAV?$vector@PAVXPathComponent@XPath@McVariantHelper@@V?$allocator@PAVXPathComponent@XPath@McVariantHelper@@@std@@@std@@@Z
?getRegister@AMcVariantValue@McVariantHelper@@QBEPAXXZ
?getSchema@XmlMcvConverter@McVariantHelper@@QAE?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?getString@AMcVariantValue@McVariantHelper@@QBE?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?getTags@AMessage@McVariantHelper@@QAE?AVAMcvListReference@2@XZ
?getType@McvToAny@BasicUtils@McVariantHelper@@QBE?AW4TypeCodes@McVariant@@XZ
?getValue@AProperty@BOProperty@McVariantHelper@@QBE?AVMcvToAny@BasicUtils@3@XZ
?hPostRequest@IPublisher@Messaging@@QAEPAXAAVAMessage@McVariantHelper@@ABVAMcVariantList@4@@Z
?hPostRequest@IPublisherSubscriber@Messaging@@QAEPAXAAVAMessage@McVariantHelper@@ABVAMcVariantList@4@@Z
?hPostRequest@Publisher@Messaging@@QAEPAXAAVAMessage@McVariantHelper@@ABVAMcVariantList@4@@Z
?hPostRequest@PublisherSubscriber@Messaging@@QAEPAXAAVAMessage@McVariantHelper@@ABVAMcVariantList@4@@Z
?header@AMessage@McVariantHelper@@QAE?AVAMcvListReference@2@XZ
?header@AMessage@McVariantHelper@@QBE?BVAMcvListReference@2@XZ
?iNumberOfOpenRequests@IPublisher@Messaging@@QAEHXZ
?iNumberOfOpenRequests@IPublisherSubscriber@Messaging@@QAEHXZ
?iNumberOfOpenRequests@Publisher@Messaging@@QAEHXZ
?iNumberOfOpenRequests@PublisherSubscriber@Messaging@@QAEHXZ
?init@AMcVariant@McVariantHelper@@AAEXXZ
?init@AMcVariantList@McVariantHelper@@AAEXXZ
?insert@AMcvListReference@McVariantHelper@@QAE_NABV12@H@Z
?insert@AMcvListReference@McVariantHelper@@QAE_NABV12@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?insert@AMcvListReference@McVariantHelper@@QAE_NABVAMcvReference@2@H@Z
?insert@AMcvListReference@McVariantHelper@@QAE_NABVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?insert@PropertyContainer@BOProperty@McVariantHelper@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@ABVAProperty@23@@Z
?insert@PropertyContainer@BOProperty@McVariantHelper@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@ABVNameValuePair@BasicUtils@3@@Z
?insertContainer@PropertyContainer@BOProperty@McVariantHelper@@QAE?AV?$SmartPtr@VPropertyContainer@BOProperty@McVariantHelper@@@23@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@0@Z
?insertNodeInAList@BasicUtils@McVariantHelper@@YA_NPAUMcVariant@@000@Z
?isBool@AMcVariantValue@McVariantHelper@@QBE_NXZ
?isBuffer@AMcVariantValue@McVariantHelper@@QBE_NXZ
?isFloat@AMcVariantValue@McVariantHelper@@QBE_NXZ
?isHeaderKey@AMessage@McVariantHelper@@SA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?isInt64@AMcVariantValue@McVariantHelper@@QBE_NXZ
?isInt@AMcVariantValue@McVariantHelper@@QBE_NXZ
?isList@AMcVariantValue@McVariantHelper@@QBE_NXZ
?isNewMessageFormat@McVariantHelper@@YAHPBUMcVariant@@@Z
?isNull@AMcVariantValue@McVariantHelper@@QBE_NXZ
?isNull@AMcvListReference@McVariantHelper@@QBE_NXZ
?isNull@AMcvReference@McVariantHelper@@QBE_NXZ
?isNull@AMcvariantName@McVariantHelper@@QBE_NXZ
?isRegister@AMcVariantValue@McVariantHelper@@QBE_NXZ
?isString@AMcVariantValue@McVariantHelper@@QBE_NXZ
?length@AMcvariantName@McVariantHelper@@QBEKXZ
?load@PropertyDB@BOProperty@McVariantHelper@@QAE_NXZ
?load@xmlDataStore@BOProperty@McVariantHelper@@UAEPAUMcVariant@@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?load@xmlDataStore@BOProperty@McVariantHelper@@UAEPAUMcVariant@@XZ
?m_csAllTokens@Publisher@Messaging@@0VCSyncCriticalSection@@A
?m_csBlfHandle@Participant@Messaging@@0VCSyncCriticalSection@@A
?m_hBLFramework@Participant@Messaging@@0PAUHINSTANCE__@@A
?m_iRefCount@Participant@Messaging@@0HA
?m_vecAllTokens@Publisher@Messaging@@0V?$vector@PAUResponseWaitToken@Publisher@Messaging@@V?$allocator@PAUResponseWaitToken@Publisher@Messaging@@@std@@@std@@A
?name@AMcvListReference@McVariantHelper@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?name@AMcvListReference@McVariantHelper@@QBE?BVAMcvariantName@2@XZ
?name@AMcvReference@McVariantHelper@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?name@AMcvReference@McVariantHelper@@QBE?BVAMcvariantName@2@XZ
?name@NameValuePair@BasicUtils@McVariantHelper@@QBEPA_WXZ
?notifyChange@PropertyBase@BOProperty@McVariantHelper@@MAEXPAUMcVariant@@0H@Z
?notifyChange@PropertyContainer@BOProperty@McVariantHelper@@MAEXPAUMcVariant@@0H@Z
?pc_init@PropertyContainer@BOProperty@McVariantHelper@@QAEXVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?popBack@AMcvListReference@McVariantHelper@@QAEXXZ
?popFront@AMcvListReference@McVariantHelper@@QAEXXZ
?prependNodeToAList@BasicUtils@McVariantHelper@@YAPAUMcVariant@@PAU3@@Z
?pushBack@AMcvListReference@McVariantHelper@@QAE_NABV12@@Z
?pushBack@AMcvListReference@McVariantHelper@@QAE_NABVAMcvReference@2@@Z
?pushFront@AMcvListReference@McVariantHelper@@QAE?AVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?pushFront@AMcvListReference@McVariantHelper@@QAE_NABV12@@Z
?pushFront@AMcvListReference@McVariantHelper@@QAE_NABVAMcvReference@2@@Z
?queryData@PropertyContainer@BOProperty@McVariantHelper@@QAEHVSmartWcharPtr@string_utils@endpoint@mcafee_com@@PAPAUMcVariant@@AAVDataValidator@23@_NP6APAXI@Z@Z
?queryData@PropertyContainer@BOProperty@McVariantHelper@@QBEHVSmartWcharPtr@string_utils@endpoint@mcafee_com@@PAPAUMcVariant@@_NP6APAXI@Z@Z
?release@AProperty@BOProperty@McVariantHelper@@SAXPAV123@@Z
?release@IPropertyIterator@BOProperty@McVariantHelper@@SAXPAV123@@Z
?release@PropertyContainer@BOProperty@McVariantHelper@@SAXPAV123@@Z
?releaseMcVariant@BasicUtils@McVariantHelper@@YAXPAUMcVariant@@@Z
?releaseMcVariant@xmlDataStore@BOProperty@McVariantHelper@@UAEXPAUMcVariant@@@Z
?releaseRef@xmlDataStore@BOProperty@McVariantHelper@@UAEHXZ
?reloadData@PropertyContainer@BOProperty@McVariantHelper@@IAEXXZ
?remove@PropertyContainer@BOProperty@McVariantHelper@@QAE_NAAV?$SmartPtr@VIPropertyIterator@BOProperty@McVariantHelper@@@23@@Z
?remove@PropertyContainer@BOProperty@McVariantHelper@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?removeAttribute@PropertyBase@BOProperty@McVariantHelper@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?removeContainer@PropertyContainer@BOProperty@McVariantHelper@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?sGetParticipantName@Participant@Messaging@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?save@PropertyDB@BOProperty@McVariantHelper@@QAE_NXZ
?save@xmlDataStore@BOProperty@McVariantHelper@@UAE_NPAUMcVariant@@@Z
?save@xmlDataStore@BOProperty@McVariantHelper@@UAE_NPAUMcVariant@@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?searchNode@PropertyContainer@BOProperty@McVariantHelper@@ABE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@PAPAUMcVariant@@11@Z
?seek@PropertyContainer@BOProperty@McVariantHelper@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?setAttribute@PropertyBase@BOProperty@McVariantHelper@@QAE_NABVNameValuePair@BasicUtils@3@@Z
?setValue@AProperty@BOProperty@McVariantHelper@@QAE_NABVNameValuePair@BasicUtils@3@@Z
?size@AMcvListReference@McVariantHelper@@QBEHXZ
?size@PropertyContainer@BOProperty@McVariantHelper@@QBEIXZ
?theNull@McvView@McVariantHelper@@1UMcVariant@@A
?theNull@McvZView@McVariantHelper@@0AAUMcVariantZ@2@A
?traverseAndAssign@PropertyContainer@BOProperty@McVariantHelper@@AAE_NPAUMcVariant@@0AAVValidatorFunctor@23@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?type@AMcVariantValue@McVariantHelper@@QBE?AW4TypeCodes@McVariant@@XZ
?type@AMcvReference@McVariantHelper@@QBE?AW4TypeCodes@McVariant@@XZ
?v@McvConvertBase@McVariantHelper@@QAEPBUMcVariant@@XZ
?validate@XmlMcvConverter@McVariantHelper@@QAE_NPAUMcVariant@@@Z
?validate@XmlMcvConverter@McVariantHelper@@QAE_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?value@AMcvReference@McVariantHelper@@QAEXH@Z
?value@AMcvReference@McVariantHelper@@QAEXN@Z
?value@AMcvReference@McVariantHelper@@QAEXPBG@Z
?value@AMcvReference@McVariantHelper@@QAEXPB_W@Z
?value@AMcvReference@McVariantHelper@@QAEX_J@Z
?value@AMcvReference@McVariantHelper@@QAEX_N@Z
?value@AMcvReference@McVariantHelper@@QBE?BVAMcVariantValue@2@XZ
?value@NameValuePair@BasicUtils@McVariantHelper@@QAE?AVMcvToAny@23@XZ
.?AVtype_info@@
.?AVAThread@EpHss@@
.?AVexception@std@@
.?AVbad_alloc@std@@
.?AVCSyncCriticalSection@@
.?AVCSyncBase@@
.?AVCSyncEvent@@
.?AVCSyncMutex@@
.?AVxmlDataStore@BOProperty@McVariantHelper@@
.?AVPropertyDB@BOProperty@McVariantHelper@@
.?AVIMcvDataSource@BOProperty@McVariantHelper@@
.?AVPropertyContext@BOProperty@McVariantHelper@@
.?AVDataValidator@BOProperty@McVariantHelper@@
.?AVAssignmentOperator@BOProperty@McVariantHelper@@
.?AVValidatorFunctor@BOProperty@McVariantHelper@@
.?AVPropertyIterator@BOProperty@McVariantHelper@@
.?AVIPropertyIterator@BOProperty@McVariantHelper@@
.?AVIPropertyContext@BOProperty@McVariantHelper@@
.?AVPropertyContainer@BOProperty@McVariantHelper@@
.?AVPropertyBase@BOProperty@McVariantHelper@@
.?AVAProperty@BOProperty@McVariantHelper@@
.?AVruntime_error@std@@
.?AVlogic_error@std@@
.PAUMcvIllegalOperationException@McVariantHelper@@
.PAUMcvIllegalOperationException@McVariantHelperNative@@
.?AVIProvider@Messaging@@
.?AVIPublisherSubscriber@Messaging@@
.?AVISubscriber@Messaging@@
.?AVIPublisher@Messaging@@
.?AVCAtlException@ATL@@
.?AV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@
.?AV?$_Iosb@H@std@@
.?AVios_base@std@@
.?AV?$basic_ios@_WU?$char_traits@_W@std@@@std@@
.?AV?$basic_istream@_WU?$char_traits@_W@std@@@std@@
.?AV?$basic_iostream@_WU?$char_traits@_W@std@@@std@@
.?AV?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@
.?AV?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@
.?AV?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@
.?AVCMcException@@
.?AV?$CMtQueue@PAVAMessage@McVariantHelper@@@@
.?AVProviderThread@Messaging@@
.?AVBroker@Messaging@@
.?AVProvider@Messaging@@
.?AVPublisherSubscriber@Messaging@@
.?AVSubscriber@Messaging@@
.?AVParticipant@Messaging@@
.?AVPublisher@Messaging@@
.?AVCMcString@@
.?AVCMcBufString@@
.?AV?$CMcFixedString@$0EA@@@
.?AVCMcRegKeyException@@
.?AVCMcOutOfMemoryException@@
.?AVCMcRegValueException@@
.?AVCMcStringException@@
.?AVCMcInternalException@@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
0[1r1x1
2&2=2J2o2
3*3J3T3k3u3
3P455V5q5
6(6;6X6t6
8@8_8}8
7(8I8R8t8z8
9"909L9R9[9f9s9
;2<I<i<
<;=J=q=
0#1[1p1v1
5*61666B6N6Z6a6
8(8,8084888<8h8y8
9 9D9`9v9
: :2:>:R:d:t:
;$;@;R;^;
="=.=J=
?$?D?`?r?~?
5<6B6G6R6_6
979v9{9
?"?V?g?
394H4V4
7L8Q8\8y8
?6?E?y?
2Q2V2a2v2
6(666x6
9/949A9Y9k9|9
444K4c4
565H5d5
868H8e8p8
9(9B9M9
1@2F2l4
;);8;F;s;
<1<L<{=
> >3>8>E>]>b>o>
; <6?H?_?
2G2M2F4X4s4
?)?;?o?
869E9r:
;L=P=T=X=\=`=d=h=l=
0(2,2024282<2@2D2H2V2e2
33494>4I4
7K8Q8V8a8
1*1K1n1s1~1
5u6\7n7v7
8)82878B8
9 9$9(9,9094989
:l;p;t;x;|;
=T>X>\>`>d>h>l>p>t>x>
>T?X?\?`?d?h?l?p?t?x?
939U9z9
<&<0<7<=<B<H<L<Y<b<g<r<
=8><>@>D>H>L>P>T>X>
?d?h?l?p?t?x?|?
d0h0l0p0t0x0|0
1p2t2x2|2
: :$:(:,:0:4:8:
:+;=;t;x;|;
1<2@2D2H2L2P2T2X2\2j2c3i3n3y3
4&4S4Y4^4i4
5-63686C6
;Q<W<\<g<
=<>^>x?~?
0 0%000X0
8!8&818
<;=A=F=Q=0>
0 3%3*353
6;7Q7p8
=6=H=]=
>%><>v?
0(0S0]0
263E3w324S4
8-848:8?8E8Y8b8g8
9`:=;H;v;
<8<f<x<
<(=V=g=
1)181F1
=&>7>U>
556g6m6t8
8/949?9T9Y9d9v9
;";2;7;B;W;\;g;
;&<5<j<+=
010V0e0
3V3\3d3w3~3
9*:V:e:
:8;k;u;
3 353T3z3
4D4`4u4
575S5r5
768H8d8q8~8
9!9'9/9@9G9M9R9X9l9u9z9
:(;F;i;
1,1f1u1
2(3R3j3
9):;:L:
;0;\;j;
8!8+80858:8?8D8I8N8S8X8c8h8n8x8
9"9,969@9I9
2"3]3d3
6&7]7u7
8 8e8s8
9!9&929;9x9
;/;E;U;
J0f0x0
9(9f9u9
;';`;l;
>->8>o>~>
333B3i3
5:5o5~5
:);;;y;
<#=)=1=I=Q=W=\=b=v=
=F>]>m>
041Y1n1
4 4$4^4
9 :B:{:
0J1f1k1v1
2N3[3k3x3
505f5u5
5C6P6Y6|6
6%7?7H8P8Z8d8
:/;>;m;
;#<*<6<M<
?A?P?W?b?y?
(0/0:0O0
0&181z1
2>2f2w2
4=5f5w5
<6<E<n<
?2?f?y?
0"0F0Y0
1&191~1
242D2Q2`2h2
869F9h9x9
2R3]3f3
7 727E7X7h7l7p7t7x7|7
939g9q9
|0d1h1l1p1t1x1|1
5$5<5@5D5H5L5P5T5z6
7.7,8084888<8@8D8H8L8
9X9]9l9{9
:-;6;M;T;Z;q;
222L2P2T2X2\2`2d2h2l2
4#4;4_4
6(6>6f6u6
< <<<w<
F1024282<2@2D2H2L2P243
4!4(4/464=4D4K4X4\4`4d4h4l4p4t4x4
8 8T8n8
:6:N:d:h:l:p:t:x:|:
>=?^?d?i?t?
;0V0{0
0#1)1.191L1R1W1b1u1{1
2&2A2f2
3 4F4{4
7=8C8H8S8
: ;>;I;
;)<:<j<
1'111,2U2|2
273U3[3`3m3
5$5I5}5
5P7V7[7h7
> >9>?>D>W>p>v>{>
5.5]5|5
6 6$6(696K667
:::@:R:X:
;4<P<b<h<
=b=l=|=
>-?[?h?
1:1f1u1
3G3U3i3
7I7O7T7_7
9Y9h9v9
:F:K:Z:u:
;$;2;7;@;E;K;R;W;\;e;j;p;x;};
;&<5<F<P<W<]<m<u<
>8>V>w>
?<?A?L?a?f?q?
1&282g2r2
3 3N3T3Y3d3
4&555_5h5
7$7;7h7|7
:6:E:\:
:6;D;|;
>%>V>h>|>
?#?<?D?Y?k?|?
30F0y0
2d3l3|3
4&414g4o4
555;5M5S5m5r5}5
7;8A8F8S8r8
9!9'9N9T9Y9f9
:f;l;q;|;
30363;3N3f3u3
71777<7G7
:9:P:a:i:}:
b0V1e1
767B8H8M8Z8
2%2Q2c2
3"4B4n4
<>=D=I=Y=v=
>6>H>b>k>s>y>
0F0N0j0
0&181W1
2%2-292F2N2
7"7(7:7@7E7
7.838>8v8
:):/:y:
=(>0>6>
3.34393J3`3f3k3|3
7<7B7G7X7v7
9/949?9V9e9
:#:/:::
<(<1<><
0G1!2(2
2>3y3&454
5?5R5[5a5y5
8%9,989O9
;#<S<a<s<
="=-=B=
>(>l>s>~>
>/?V?g?
7(7?7Y7a7j7
8*8?8G8W8
9(9`9t9
=(=K=S=\=
0)0F0i0
1 1(1N1
162C2Z2
9-:2:=:
;*;d;i;t;
1 1$1w1~1
172>2R2{2
3@3D3H3L3
5*6D6l6r6
7>8D8U8[8
8?9E9q9
:3:<:V:e:
;8;i;z;
;)<9<`<}<
===C=c=
C0R0g0o0
1(292A2[2
4@4Q4Y4
4J5Z5n5
767@7|7
8?8M8Z8_8
949:9N9f9~9
:(:9:V:c:{:
< <,<1<A<F<L<R<h<o<x<
=P=V=\=a=p=u=
=X>]>o>
? ?-?P?]?i?q?y?
0"0(0r0
0 1$1B1j1
>,>I>l>
5$5;5t5
6$6;6t6
7N899|9
1!1F1a1q1w1|1
2"2&2+212A2_2q2
3A3Q3\3e3o3y3
\2`2d2h2l2p2t2x2|2
24383<3@3D3H3L3P3T3X3\3`3d3h3
4 4$4(4,4044484<4
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<64;8;<;@;D;H;L;P;
4d:h:l:p:t:x:|:
:D?H?L?P?t?x?|?
2,2<2@2P2T2X2`2x2
3 3(3@3P3T3d3h3l3t3
4$44484H4L4P4T4\4t4
5,50585P5`5d5t5x5
6,6<6@6P6T6d6h6p6
7,707@7D7H7P7h7x7|7
848D8H8X8\8`8h8
9 9$94989@9X9h9l9|9
:(:,:0:4:8:@:X:\:t:
;(;8;<;@;H;`;p;t;|;
<(<,<4<L<\<`<p<t<
= =(=@=P=T=d=h=l=p=x=
>(>8><>L>P>T>\>t>
?(?8?<?L?P?T?X?`?x?
5 5(5,545<5D5X5`5d5l5t5|5
6$646<6X6t6x6
7 70787T7X7h7p7|7
888@8H8T8t8
9<9P9\9d9|9
:$:D:P:p:x:
;0;<;\;h;
<$<,<4<@<`<l<
=H=X=l=
>(>H>T>t>
?,?L?`?l?t?
0 0,0L0T0\0d0l0x0
1$101P1X1d1
2(2<2H2P2h2t2
383@3L3l3x3
4$404X4p4
5 5(545T5\5h5
6$606P6\6
7$7D7L7T7\7d7l7t7
888@8L8
9$909P9X9`9h9t9
:8:P:d:p:x:
;$;,;4;<;D;L;T;\;d;l;x;
<4<@<`<l<
=0=<=D=\=d=p=
>(>H>P>\>|>
?4?<?H?h?p?|?
0(00080D0d0p0
1<1D1L1X1x1
2 2@2H2P2\2|2
3$3,383`3h3p3x3
4(40484D4d4l4t4
5$5D5L5T5`5
6$6,646@6h6
7(70787D7d7l7x7
848<8H8h8p8|8
9(90989D9d9l9t9|9
:4:@:`:h:p:x:
; ;@;H;P;\;|;
< <(<4<T<`<
=$=,=4=@=`=h=t=
>$>,>4><>D>L>T>\>d>l>t>|>
?8?@?H?P?X?d?
0$0,040<0D0X0l0x0
1$1D1T1d1l1t1|1
2$2L2T2\2l2t2
3 3(3<3H3P3h3t3
4 4(444T4\4h4
5$5,545<5H5h5p5|5
6(606H6P6X6`6l6
7$7,747<7H7h7t7
8$808P8X8d8
90989@9L9l9t9
:<:H:h:p:x:
;$;,;4;<;D;L;T;\;d;l;t;|;
<,<8<X<h<p<x<
=,=8=@=X=`=l=
>0>8>D>d>l>x>
?,?4?<?D?P?p?|?
0$0,040<0D0L0X0
1(1H1P1\1|1
2<2H2h2p2|2
3$383D3L3d3l3t3|3
4(4H4P4X4`4l4
0(0D0`0|0
5$5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6H6P6X6`6h6|6
7 7$7(7,7074787<7@7D7H7L7P7T7t7
:$:H:t:
}t$bXW
]Ghu:o
yK}<G!h
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160721000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
u1H/P\
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!0 0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
http://www.mcafee.com 0
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
190222201837Z0#
sN[Z%k
gr0Ak2
%$ITD~
XM^j_qy
0:Fi!s
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160816000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
http://www.mcafee.com 0
o+,Uav
20190222201857Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G2
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
170102000000Z
280401235959Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G20
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-50
\Z^ k;
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
190222201857Z0/
/1(0&0$0"
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
$H9D$0w
$H9D$0w'
$H9D$0wS
$H9D$0w=
L$@9Ahu
H;D$Pw
H;D$Ps
H+D$PH
D$ H9D$Xs
D$HH9D$@u7H
H;D$Ps
H+D$PH
D$XH9D$ s
H;D$Xw
L$XH9H
H;D$`s
H+D$`H
H;D$Hs
L$HH9H
H9D$Hs
H9D$8r
HH;D$8w
H;D$(s
L$pH9A
H9D$Pw
HcD$@H
HcD$@H
HcD$DH;
HcD$DH;
H;D$Ps
H+D$PH
D$ H9D$Xs
D$HH9D$@u7H
H;D$Hs
L$HH9H
H9D$Hs
H9D$8r
H;D$8w
L$XH9H
H;D$`s
H+D$`H
H;D$(s
L$pH9A
D$<9D$8r
|$0"t|
|$0&tI
|$0'tX
D$49D$0r-
D$HH9D$@u
D$HH9D$@u
H9D$ tFH
D$ H9D$0
H9D$0u
H9D$Xu
H9D$Xu
H9D$Xu
H9D$Xu
fffffff
H9D$Pw
L$0H+A
H;D$8s
L$XH9H
H;D$`s
D$pH9D$`s
D$pH9D$`s
D$pH9D$`u
L$`H9H0u
L$hH9H0u
D$HH9D$@u
L$0H+A
H;D$8s
H9D$Pw
L$@H;A
H9D$Xu8H
H9D$Xu
H9D$Xu
H9D$ u!H
H9D$ u!H
H;D$ t%H
HcD$HH
@(9D$0s{H
HcD$hH
I(9H(t
I(9H(t
HcD$`H
I(9H(t
D$8H9D$0u
H;D$ t%H
w^HcD$$H
9D$,s,
H;D$0w
L$PH9A
L$(H9H
L$pH+A
H;D$xs
D$(H9D$xs.H
H+D$(H
L$pH9A
D$xH9D$
L$ H9H
L$(H9H
H9D$Pw
H9D$Pw
5HcD$0H
HcD$0H
HcD$ H
HcD$(H
9D$8s7
@(9D$<s7
wcHcD$ H
HcD$,HcL$(H
wpHcD$$H
HcD$ H
HcD$(H
tCHcD$(H
9D$,}-
HcT$,L
HcD$pH
0HcD$PH
HcD$(H
HcD$(H
D$ HcD$ H
D$P9D$ ~
HcD$pH
tOHcD$`H
t#HcD$`H
HcD$ H
wcHcD$ H
HcD$,HcL$(H
wpHcD$$H
HcD$ H
HcD$(H
tCHcD$(H
9D$,}-
HcT$,L
HcD$pH
0HcD$PH
HcD$(H
HcD$(H
D$ HcD$ H
D$P9D$ ~
HcD$(H
HcD$ H
HcD$$H
D$HHc@
HcD$ H
9D$ s2
HcD$ H
HcD$ H
HcD$$H
D$HHc@
HcD$ H
HcD$hH
D$09D$@u&L
D$09D$4u1H
HcD$ H
H;D$Hu
H;D$(t1H
D$HH9D$@u
D$8H9D$0u
D$8H9D$0u
D$HH9D$@u
D$8H9D$0u
D$8H9D$0t
D$ H9D$(u+H
D$8H9D$0u
HcD$dH
D$dHcD$dH
~ HcD$`3
t&HcD$ H
HcD$0H
9D$P}!HcD$PH
L$@H9H@u#H
D$0H9D$8t@H
H9D$ tFH
H9D$Xu
H9D$Xu
H9D$Pw
L$@H;A
H9D$Xu8H
H9D$Xu
H9D$Xu
H9D$ u!H
H9D$ u!H
UUUUUUU
9D$P}!HcD$PH
@(9D$ s`
D$0H9D$8t@H
H9D$ tFH
D$ H9D$0
H9D$0u
tEHcD$ Hk
HcT$ Hk
D$ HcD$$H
HcD$$H
whHcD$ H
IXH9HPu!H
D$<9D$@
9D$Ps(
9D$8s4
9D$8s:
9D$8s4
9D$Xsx
9D$(sA
D$ H9D$0v,H
D$0H9D$ r
9D$Ps<
D$ H9D$0v,H
D$0H9D$ r
H;ApsFH
H+D$(H;D$@s
H+D$8H
H+D$8H
H+D$8H
L$PH9Apw
L$PH9Aps
L$`H9Aps
L$`H9Aps
H9D$ u
H;D$@v2H
H+D$@H
D$0H9D$8tVH
9D$Pr#H
H9D$Xu
H9D$Xu
3333333
H9D$Pw
HcD$ H
HcD$0H
D$H9D$$s)
9D$ s@
9D$0s,
HcD$0H
D$P9D$ v
9D$(sC
HcD$ H
HcD$0H
HcD$ H
HcD$`H
D$09D$@u
9D$@s&
$HcD$8H
$r.HcD$PH
HcL$@H
$HcD$8H
HcL$@H
HcD$ H
HcD$ H
9D$(se
D$PHcD$PH
D$XH9D$0t
HcD$\H
D$@H9D$8u
&HcD$`H
$HcD$8H
HcD$8H
$HcD$8H
HcD$8H
w|HcD$ H
D$ 9D$0
D$8HcD$8H
D$8H9D$0u
D$ 9D$$
D$XH9D$Pt8H
D$ H9D$0
H9D$0u
H9D$xs^H
D$hH9D$`tVH
H9D$Xu
H9D$Xu
D$hH9D$`tVH
D$hH9D$`tVH
H9D$Xu
H9D$Xu
H+D$HH;D$ s
H9D$ w
H9D$ tFH
H;D$ s
D$XH9D$ s
H;D$Xs
H;D$ s
D$XH9D$ s
UUUUUUU
H9D$Pw
L$HH9H
L$HH9H
L$@H;A
H9D$Xu8H
H9D$Xu
H9D$Xu
H9D$ u!H
H9D$ u!H
D$H9D$X
|$|'w.HcD$|H
D$P9D$`
D$h9D$Ht
H9D$ tFH
L$0H+A
H;D$8s
fffffff
H9D$Pw
HcD$ H
|$ "tN
|$ .tT
|$ @t%
|$ [t?
|$ ]t8
|$ .t`
|$ @t1
|$ [tK
|$ ]tD
|$ .|P
|$ /~8
|$ [t*
|$ ]t#
|$ .t!
|$ [t
H;D$Hw
H9D$(s
H+D$HH;D$ s
H9D$ w
H;D$Xs
D$(9D$hs
D$09D$xs
D$09D$
D$(H9D$ s
D$@H9D$
H9D$ u
SVWATH
8A\_^[
WATAUH
0A]A\_
` AUAVAWH
A_A^A]
LcA<E3
..\..\mc\McString.cpp
Unsupported operation: A += A
..\..\mc\McString.cpp
Illegal string size 0
..\..\mc\McString.cpp
Illegal resize of fixed string
..\..\mc\McString.cpp
!(nPercent >= 100)
..\..\mc\McString.cpp
Unable to grow string
..\..\mc\McString.cpp
Unexpected failure converting wide to multibyte
..\..\mc\McString.cpp
Unexpected failure in obtaining length of multibyte string
..\..\mc\McString.cpp
unexpected vsnprintf failure
..\..\mc\McRegValue.cpp
..\..\mc\McRegValue.cpp
Unable to read registry value :%S, code: 0x%x
..\..\mc\McRegValue.cpp
Unable to read registry value :%S, code: 0x%x
..\..\mc\McRegValue.cpp
Unable to read registry value :%S, code: 0x%x
..\..\mc\McRegKey.cpp
Unable to open registry key for reading :%S, code: 0x%x
..\..\mc\McPath.cpp
Unable to deteriming cwd: %s
%s exception:
(%s,%u)
BLFree
Invalid parameter: Participant name prefix cannot be 0 length.
BLAlloc
BLSubscribeEvent
BLUnsubscribeEvent
BLPostEvent
Invalid parameter
Invalid parameter
Invalid parameter
Invalid type conversion attempt
Invalid parameter
Invalid parameter
Invalid parameter
Invalid parameter
Invalid parameter
Invalid parameter
Invalid type conversion attempt
Invalid type conversion attempt
Invalid type conversion attempt
Invalid type conversion attempt
Invalid type conversion attempt
Invalid parameter
Invalid parameter
Invalid parameter
Invalid condition
Invalid parameter
Invalid parameter
Aleady init
Invalid parameter
Invalid parameter
GetTickCount64
SetWaitableTimerEx
GetTickCount
ASSERT:
CisbMs
invalid string position
string too long
invalid map/set<T> iterator
list<T> too long
map/set<T> too long
deque<T> too long
bad allocation
Invalid type conversion attempt
vector<T> too long
RegKey
OutOfMemory
RegValue
Internal
String
D:\BUILD_921779\BUILD\ENS_ResultsDir\Release_wchar_native64\McVariantExport.pdb
UuidCreate
RpcStringFreeW
UuidToStringW
RPCRT4.dll
GetCurrentProcess
WriteFile
InitializeCriticalSection
LeaveCriticalSection
TerminateProcess
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
DebugBreak
ExitThread
CloseHandle
CreateThread
GetLastError
GetProcAddress
GetModuleHandleA
SetEvent
ResetEvent
CreateEventW
SetErrorMode
FreeLibrary
WaitForSingleObject
WaitForMultipleObjectsEx
LoadLibraryW
CreateWaitableTimerW
WideCharToMultiByte
MultiByteToWideChar
WaitForMultipleObjects
CreateMutexW
ReleaseMutex
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
GetCurrentProcessId
MoveFileExW
CreateFileW
DeleteFileW
KERNEL32.dll
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
ADVAPI32.dll
CoUninitialize
CoInitializeEx
CoCreateInstance
ole32.dll
OLEAUT32.dll
memmove
malloc
memcpy_s
isspace
_vsnwprintf
_vsnprintf
iswdigit
_purecall
_gmtime64_s
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBV01@@Z
wcsftime
_time64
_wcsicmp
wcsncpy_s
??0exception@std@@QEAA@AEBQEBDH@Z
swscanf
_errno
_wtoi64
isprint
wcsrchr
_i64tow_s
strchr
MSVCR100.dll
?terminate@@YAXXZ
__C_specific_handler
__CxxFrameHandler3
_unlock
__dllonexit
_onexit
_malloc_crt
_initterm
_initterm_e
_encoded_null
_amsg_exit
__CppXcptFilter
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Orphan_all@_Container_base12@std@@QEAAXXZ
??1_Container_base12@std@@QEAA@XZ
??0_Container_base12@std@@QEAA@XZ
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
MSVCP100.dll
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
memcmp
_CxxThrowException
McVariantExport.dll
??0AMcVariant@McVariantHelper@@QEAA@AEBUMcVariant@@@Z
??0AMcVariant@McVariantHelper@@QEAA@AEBVAMcvReference@1@@Z
??0AMcVariant@McVariantHelper@@QEAA@H@Z
??0AMcVariant@McVariantHelper@@QEAA@N@Z
??0AMcVariant@McVariantHelper@@QEAA@PEBG@Z
??0AMcVariant@McVariantHelper@@QEAA@PEBUMcVariant@@@Z
??0AMcVariant@McVariantHelper@@QEAA@PEB_W@Z
??0AMcVariant@McVariantHelper@@QEAA@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@H@Z
??0AMcVariant@McVariantHelper@@QEAA@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@N@Z
??0AMcVariant@McVariantHelper@@QEAA@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@PEBG@Z
??0AMcVariant@McVariantHelper@@QEAA@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@PEB_W@Z
??0AMcVariant@McVariantHelper@@QEAA@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@W4TypeCodes@McVariant@@@Z
??0AMcVariant@McVariantHelper@@QEAA@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@_J@Z
??0AMcVariant@McVariantHelper@@QEAA@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@_N@Z
??0AMcVariant@McVariantHelper@@QEAA@W4TypeCodes@McVariant@@@Z
??0AMcVariant@McVariantHelper@@QEAA@XZ
??0AMcVariant@McVariantHelper@@QEAA@_J@Z
??0AMcVariant@McVariantHelper@@QEAA@_N@Z
??0AMcVariantList@McVariantHelper@@QEAA@AEBV01@@Z
??0AMcVariantList@McVariantHelper@@QEAA@PEBUMcVariant@@@Z
??0AMcVariantList@McVariantHelper@@QEAA@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??0AMcVariantList@McVariantHelper@@QEAA@XZ
??0AMcVariantValue@McVariantHelper@@QEAA@PEBUMcVariant@@@Z
??0AMcvListPointer@McVariantHelper@@QEAA@AEAPEAUMcVariant@@@Z
??0AMcvListReference@McVariantHelper@@QEAA@PEAUMcVariant@@@Z
??0AMcvListReference@McVariantHelper@@QEAA@XZ
??0AMcvPointer@McVariantHelper@@QEAA@AEAPEAUMcVariant@@@Z
??0AMcvReference@McVariantHelper@@IEAA@XZ
??0AMcvReference@McVariantHelper@@QEAA@PEAUMcVariant@@@Z
??0AMcvariantName@McVariantHelper@@QEAA@PEBUMcVariant@@@Z
??0AMessage@McVariantHelper@@QEAA@AEBV01@@Z
??0AMessage@McVariantHelper@@QEAA@PEBUMcVariant@@@Z
??0AMessage@McVariantHelper@@QEAA@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@0H@Z
??0AMessage@McVariantHelper@@QEAA@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??0AProperty@BOProperty@McVariantHelper@@AEAA@PEAUMcVariant@@@Z
??0AProperty@BOProperty@McVariantHelper@@AEAA@PEAUMcVariant@@PEAVPropertyBase@12@@Z
??0AProperty@BOProperty@McVariantHelper@@QEAA@AEBVNameValuePair@BasicUtils@2@@Z
??0AppendableWideString@@QEAA@I@Z
??0AssignmentOperator@BOProperty@McVariantHelper@@QEAA@AEBV012@@Z
??0AssignmentOperator@BOProperty@McVariantHelper@@QEAA@XZ
??0AutoExport@McVariantHelper@@QEAA@AEBUNodeRef@1@@Z
??0AutoPtr@McVariantHelper@@QEAA@PEAUMcVariant@@@Z
??0Broker@Messaging@@QEAA@AEBV01@@Z
??0Broker@Messaging@@QEAA@XZ
??0Build@McVariantHelper@@QEAA@PEBUItemSpec@1@@Z
??0BuildFromList@McVariantHelper@@QEAA@QEBUItemSpec@1@I@Z
??0DataValidator@BOProperty@McVariantHelper@@QEAA@AEBV012@@Z
??0DataValidator@BOProperty@McVariantHelper@@QEAA@XZ
??0IMcvDataSource@BOProperty@McVariantHelper@@QEAA@AEBV012@@Z
??0IMcvDataSource@BOProperty@McVariantHelper@@QEAA@XZ
??0IPropertyContext@BOProperty@McVariantHelper@@QEAA@AEBV012@@Z
??0IPropertyContext@BOProperty@McVariantHelper@@QEAA@XZ
??0IPropertyIterator@BOProperty@McVariantHelper@@QEAA@AEBV012@@Z
??0IPropertyIterator@BOProperty@McVariantHelper@@QEAA@XZ
??0IProvider@Messaging@@QEAA@AEBV01@@Z
??0IProvider@Messaging@@QEAA@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@P6AXAEBVAMessage@McVariantHelper@@AEAV67@PEAX@Z3@Z
??0IProvider@Messaging@@QEAA@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@P6AXAEBVAMessage@McVariantHelper@@PEAV67@PEAX@Z3@Z
??0IPublisher@Messaging@@QEAA@AEBV01@@Z
??0IPublisher@Messaging@@QEAA@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??0IPublisherSubscriber@Messaging@@QEAA@AEBV01@@Z
??0IPublisherSubscriber@Messaging@@QEAA@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??0ISubscriber@Messaging@@QEAA@AEBV01@@Z
??0ISubscriber@Messaging@@QEAA@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??0McVariantEventFilter@Events@McVariantHelper@@QEAA@XZ
??0McVariantEventInfo@Events@McVariantHelper@@QEAA@PEBUMcVariant@@@Z
??0McVariantEventInfo@Events@McVariantHelper@@QEAA@XZ
??0McvAny@McVariantHelper@@QEAA@PEB_WW4TypeCodes@McVariant@@PEBX@Z
??0McvAny@McVariantHelperNative@@QEAA@PEB_WW4TypeCodes@McVariant@@PEBX@Z
??0McvBase@McVariantHelper@@IEAA@W4TypeCodes@McVariant@@PEB_W@Z
??0McvBase@McVariantHelperNative@@IEAA@W4TypeCodes@McVariant@@PEB_W@Z
??0McvBool@McVariantHelper@@QEAA@PEB_W_N@Z
??0McvBool@McVariantHelperNative@@QEAA@PEB_W_N@Z
??0McvBuffer@McVariantHelper@@QEAA@PEB_WPEBXH@Z
??0McvBuffer@McVariantHelperNative@@QEAA@PEB_WPEBXH@Z
??0McvCast@McVariantHelper@@QEAA@H@Z
??0McvCast@McVariantHelper@@QEAA@N@Z
??0McvCast@McVariantHelper@@QEAA@PEAX@Z
??0McvCast@McVariantHelper@@QEAA@PEAXH@Z
??0McvCast@McVariantHelper@@QEAA@PEBD@Z
??0McvCast@McVariantHelper@@QEAA@PEB_W0@Z
??0McvCast@McVariantHelper@@QEAA@PEB_W@Z
??0McvCast@McVariantHelper@@QEAA@PEB_WH@Z
??0McvCast@McVariantHelper@@QEAA@PEB_WN@Z
??0McvCast@McVariantHelper@@QEAA@PEB_WPEAX@Z
??0McvCast@McVariantHelper@@QEAA@PEB_WPEAXH@Z
??0McvCast@McVariantHelper@@QEAA@PEB_WPEBD@Z
??0McvCast@McVariantHelper@@QEAA@PEB_W_N@Z
??0McvCast@McVariantHelper@@QEAA@_N@Z
??0McvConvertAny@McVariantHelper@@QEAA@AEBUMcVariant@@W4TypeCodes@2@@Z
??0McvConvertBool@McVariantHelper@@QEAA@AEBUMcVariant@@@Z
??0McvConvertBuffer@McVariantHelper@@QEAA@AEBUMcVariant@@@Z
??0McvConvertFloat@McVariantHelper@@QEAA@AEBUMcVariant@@@Z
??0McvConvertInt64@McVariantHelper@@QEAA@AEBUMcVariant@@@Z
??0McvConvertInt@McVariantHelper@@QEAA@AEBUMcVariant@@@Z
??0McvConvertRegister@McVariantHelper@@QEAA@AEBUMcVariant@@@Z
??0McvConvertString@McVariantHelper@@QEAA@AEBUMcVariant@@@Z
??0McvCopy@McVariantHelper@@QEAA@PEBUMcVariant@@@Z
??0McvCopyImproper@McVariantHelper@@QEAA@PEBUMcVariant@@@Z
??0McvCopyImproper@McVariantHelperNative@@QEAA@PEBUMcVariant@@@Z
??0McvFloat@McVariantHelper@@QEAA@PEB_WN@Z
??0McvFloat@McVariantHelperNative@@QEAA@PEB_WN@Z
??0McvInt64@McVariantHelper@@QEAA@PEB_W_J@Z
??0McvInt64@McVariantHelperNative@@QEAA@PEB_W_J@Z
??0McvInt@McVariantHelper@@QEAA@PEB_WH@Z
??0McvInt@McVariantHelperNative@@QEAA@PEB_WH@Z
??0McvList@McVariantHelper@@QEAA@PEB_WPEAUMcvBase@1@@Z
??0McvList@McVariantHelperNative@@QEAA@PEB_WPEAUMcvBase@1@@Z
??0McvListView@McVariantHelper@@QEAA@H@Z
??0McvNull@McVariantHelper@@QEAA@PEB_W@Z
??0McvNull@McVariantHelperNative@@QEAA@PEB_W@Z
??0McvRef@McVariantHelper@@QEAA@AEBU01@@Z
??0McvRef@McVariantHelper@@QEAA@PEBUMcVariant@@@Z
??0McvRef@McVariantHelper@@QEAA@XZ
??0McvRegister@McVariantHelper@@QEAA@PEB_WPEAX@Z
??0McvRegister@McVariantHelperNative@@QEAA@PEB_WPEAX@Z
??0McvString@McVariantHelper@@QEAA@PEB_W0H@Z
??0McvString@McVariantHelperNative@@QEAA@PEB_W0H@Z
??0McvStringFromUtf8@McVariantHelper@@QEAA@PEB_WPEBD@Z
??0McvStringFromUtf8@McVariantHelperNative@@QEAA@PEB_WPEBD@Z
??0McvStringView@McVariantHelper@@QEAA@AEBUString@McVariant@@@Z
??0McvStringView@McVariantHelper@@QEAA@PEB_W@Z
??0McvToAny@BasicUtils@McVariantHelper@@QEAA@PEAUMcVariant@@@Z
??0McvView@McVariantHelper@@QEAA@PEBUMcVariant@@@Z
??0McvZView@McVariantHelper@@QEAA@PEBUMcVariantZ@1@@Z
??0NameValuePair@BasicUtils@McVariantHelper@@QEAA@AEBV012@@Z
??0NameValuePair@BasicUtils@McVariantHelper@@QEAA@PEBUMcVariant@@@Z
??0NameValuePair@BasicUtils@McVariantHelper@@QEAA@PEB_W0@Z
??0NameValuePair@BasicUtils@McVariantHelper@@QEAA@PEB_WH@Z
??0NameValuePair@BasicUtils@McVariantHelper@@QEAA@PEB_WN@Z
??0NameValuePair@BasicUtils@McVariantHelper@@QEAA@PEB_WPEAXI@Z
??0NameValuePair@BasicUtils@McVariantHelper@@QEAA@PEB_WPEA_W@Z
??0NameValuePair@BasicUtils@McVariantHelper@@QEAA@PEB_W_J@Z
??0NameValuePair@BasicUtils@McVariantHelper@@QEAA@PEB_W_N@Z
??0Node@McVariantHelper@@QEAA@PEBUMcVariant@@@Z
??0Node@McVariantHelper@@QEAA@PEB_W@Z
??0Node@McVariantHelperNative@@QEAA@PEBUMcVariant@@@Z
??0Node@McVariantHelperNative@@QEAA@PEB_W@Z
??0NodeRef@McVariantHelper@@QEAA@AEBU01@@Z
??0NodeRef@McVariantHelper@@QEAA@PEAUNode@1@@Z
??0NodeRef@McVariantHelper@@QEAA@PEBUMcVariant@@@Z
??0NodeRef@McVariantHelper@@QEAA@XZ
??0NodeRef@McVariantHelperNative@@QEAA@AEBU01@@Z
??0NodeRef@McVariantHelperNative@@QEAA@PEAUNode@1@@Z
??0NodeRef@McVariantHelperNative@@QEAA@PEBUMcVariant@@@Z
??0NodeRef@McVariantHelperNative@@QEAA@XZ
??0Participant@Messaging@@QEAA@AEBV01@@Z
??0Participant@Messaging@@QEAA@XZ
??0Path@McVariantHelper@@QEAA@AEBUPathElements@1@@Z
??0Path@McVariantHelper@@QEAA@H@Z
??0Path@McVariantHelper@@QEAA@PEBUPathElements@1@@Z
??0Path@McVariantHelper@@QEAA@PEB_W@Z
??0Path@McVariantHelperNative@@QEAA@AEBUPathElements@1@@Z
??0Path@McVariantHelperNative@@QEAA@H@Z
??0Path@McVariantHelperNative@@QEAA@PEBUPathElements@1@@Z
??0Path@McVariantHelperNative@@QEAA@PEB_W@Z
??0PathElement@McVariantHelper@@QEAA@H@Z
??0PathElement@McVariantHelper@@QEAA@PEB_W@Z
??0PathElement@McVariantHelper@@QEAA@XZ
??0PathElement@McVariantHelperNative@@QEAA@H@Z
??0PathElement@McVariantHelperNative@@QEAA@PEB_W@Z
??0PathElement@McVariantHelperNative@@QEAA@XZ
??0PathElements@McVariantHelper@@QEAA@AEBUPathElement@1@PEBU01@@Z
??0PathElements@McVariantHelper@@QEAA@PEB_W@Z
??0PathElements@McVariantHelper@@QEAA@XZ
??0PathElements@McVariantHelperNative@@QEAA@AEBUPathElement@1@PEBU01@@Z
??0PathElements@McVariantHelperNative@@QEAA@PEB_W@Z
??0PathElements@McVariantHelperNative@@QEAA@XZ
??0PropertyBase@BOProperty@McVariantHelper@@IEAA@PEAUMcVariant@@PEAV012@@Z
??0PropertyBase@BOProperty@McVariantHelper@@IEAA@PEAUMcVariant@@_N@Z
??0PropertyBase@BOProperty@McVariantHelper@@IEAA@XZ
??0PropertyContainer@BOProperty@McVariantHelper@@AEAA@PEAUMcVariant@@_N@Z
??0PropertyContainer@BOProperty@McVariantHelper@@IEAA@PEAUMcVariant@@@Z
??0PropertyContainer@BOProperty@McVariantHelper@@IEAA@PEAUMcVariant@@PEAVPropertyBase@12@@Z
??0PropertyContainer@BOProperty@McVariantHelper@@QEAA@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??0PropertyDB@BOProperty@McVariantHelper@@QEAA@PEAVIMcvDataSource@12@@Z
??0Provider@Messaging@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@P6AXAEBVAMessage@McVariantHelper@@AEAV45@PEAX@Z3@Z
??0Provider@Messaging@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@P6AXAEBVAMessage@McVariantHelper@@PEAV45@PEAX@Z3@Z
??0Publisher@Messaging@@QEAA@AEBV01@@Z
??0Publisher@Messaging@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0PublisherSubscriber@Messaging@@QEAA@AEBV01@@Z
??0PublisherSubscriber@Messaging@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0Subscriber@Messaging@@QEAA@AEBV01@@Z
??0Subscriber@Messaging@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0ValidatorFunctor@BOProperty@McVariantHelper@@QEAA@AEBV012@@Z
??0ValidatorFunctor@BOProperty@McVariantHelper@@QEAA@XZ
??0Value@McVariantHelper@@QEAA@H@Z
??0Value@McVariantHelper@@QEAA@PEAX@Z
??0Value@McVariantHelper@@QEAA@PEBUMcVariant@@@Z
??0Value@McVariantHelper@@QEAA@PEB_W@Z
??0Value@McVariantHelper@@QEAA@_J@Z
??0Value@McVariantHelper@@QEAA@_N@Z
??0Value@McVariantHelperNative@@QEAA@H@Z
??0Value@McVariantHelperNative@@QEAA@PEAX@Z
??0Value@McVariantHelperNative@@QEAA@PEBUMcVariant@@@Z
??0Value@McVariantHelperNative@@QEAA@PEB_W@Z
??0Value@McVariantHelperNative@@QEAA@_J@Z
??0Value@McVariantHelperNative@@QEAA@_N@Z
??0XmlMcvConverter@McVariantHelper@@QEAA@AEBVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??0XmlMcvConverter@McVariantHelper@@QEAA@XZ
??0XmlToMcvConverter@McVariantHelper@@QEAA@AEBVSmartWcharPtr@string_utils@endpoint@mcafee_com@@0@Z
??0xmlDataStore@BOProperty@McVariantHelper@@QEAA@AEBV012@@Z
??0xmlDataStore@BOProperty@McVariantHelper@@QEAA@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@0@Z
??0xmlDataStore@BOProperty@McVariantHelper@@QEAA@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??1AMcVariant@McVariantHelper@@QEAA@XZ
??1AMcVariantList@McVariantHelper@@QEAA@XZ
??1AMessage@McVariantHelper@@QEAA@XZ
??1AProperty@BOProperty@McVariantHelper@@UEAA@XZ
??1AppendableWideString@@QEAA@XZ
??1AssignmentOperator@BOProperty@McVariantHelper@@UEAA@XZ
??1AutoExport@McVariantHelper@@QEAA@XZ
??1AutoPtr@McVariantHelper@@QEAA@XZ
??1Broker@Messaging@@UEAA@XZ
??1DataValidator@BOProperty@McVariantHelper@@UEAA@XZ
??1IMcvDataSource@BOProperty@McVariantHelper@@UEAA@XZ
??1IPropertyContext@BOProperty@McVariantHelper@@UEAA@XZ
??1IPropertyIterator@BOProperty@McVariantHelper@@UEAA@XZ
??1IProvider@Messaging@@UEAA@XZ
??1IPublisher@Messaging@@UEAA@XZ
??1IPublisherSubscriber@Messaging@@UEAA@XZ
??1ISubscriber@Messaging@@UEAA@XZ
??1McVariantEventFilter@Events@McVariantHelper@@QEAA@XZ
??1McVariantEventInfo@Events@McVariantHelper@@QEAA@XZ
??1McvAny@McVariantHelper@@QEAA@XZ
??1McvAny@McVariantHelperNative@@QEAA@XZ
??1McvBase@McVariantHelper@@QEAA@XZ
??1McvBase@McVariantHelperNative@@QEAA@XZ
??1McvBool@McVariantHelper@@QEAA@XZ
??1McvBool@McVariantHelperNative@@QEAA@XZ
??1McvBuffer@McVariantHelper@@QEAA@XZ
??1McvBuffer@McVariantHelperNative@@QEAA@XZ
??1McvCast@McVariantHelper@@QEAA@XZ
??1McvConvertAny@McVariantHelper@@QEAA@XZ
??1McvConvertBuffer@McVariantHelper@@QEAA@XZ
??1McvConvertString@McVariantHelper@@QEAA@XZ
??1McvCopy@McVariantHelper@@QEAA@XZ
??1McvCopyImproper@McVariantHelper@@QEAA@XZ
??1McvCopyImproper@McVariantHelperNative@@QEAA@XZ
??1McvFloat@McVariantHelper@@QEAA@XZ
??1McvFloat@McVariantHelperNative@@QEAA@XZ
??1McvInt64@McVariantHelper@@QEAA@XZ
??1McvInt64@McVariantHelperNative@@QEAA@XZ
??1McvInt@McVariantHelper@@QEAA@XZ
??1McvInt@McVariantHelperNative@@QEAA@XZ
??1McvList@McVariantHelper@@QEAA@XZ
??1McvList@McVariantHelperNative@@QEAA@XZ
??1McvNull@McVariantHelper@@QEAA@XZ
??1McvNull@McVariantHelperNative@@QEAA@XZ
??1McvRef@McVariantHelper@@QEAA@XZ
??1McvRegister@McVariantHelper@@QEAA@XZ
??1McvRegister@McVariantHelperNative@@QEAA@XZ
??1McvString@McVariantHelper@@QEAA@XZ
??1McvString@McVariantHelperNative@@QEAA@XZ
??1McvStringFromUtf8@McVariantHelper@@QEAA@XZ
??1McvStringFromUtf8@McVariantHelperNative@@QEAA@XZ
??1NameValuePair@BasicUtils@McVariantHelper@@QEAA@XZ
??1Node@McVariantHelper@@QEAA@XZ
??1Node@McVariantHelperNative@@QEAA@XZ
??1NodeRef@McVariantHelper@@QEAA@XZ
??1NodeRef@McVariantHelperNative@@QEAA@XZ
??1Participant@Messaging@@UEAA@XZ
??1PropertyBase@BOProperty@McVariantHelper@@UEAA@XZ
??1PropertyContainer@BOProperty@McVariantHelper@@UEAA@XZ
??1PropertyDB@BOProperty@McVariantHelper@@UEAA@XZ
??1Provider@Messaging@@UEAA@XZ
??1Publisher@Messaging@@UEAA@XZ
??1PublisherSubscriber@Messaging@@UEAA@XZ
??1Subscriber@Messaging@@UEAA@XZ
??1ValidatorFunctor@BOProperty@McVariantHelper@@UEAA@XZ
??1Value@McVariantHelper@@QEAA@XZ
??1Value@McVariantHelperNative@@QEAA@XZ
??1XmlMcvConverter@McVariantHelper@@QEAA@XZ
??1XmlToMcvConverter@McVariantHelper@@QEAA@XZ
??1xmlDataStore@BOProperty@McVariantHelper@@UEAA@XZ
??2McvBase@McVariantHelper@@SAPEAX_K@Z
??2McvBase@McVariantHelper@@SAPEAX_KAEBUnothrow_t@std@@@Z
??2McvBase@McVariantHelperNative@@SAPEAX_K@Z
??2McvBase@McVariantHelperNative@@SAPEAX_KAEBUnothrow_t@std@@@Z
??3McvBase@McVariantHelper@@SAXPEAX@Z
??3McvBase@McVariantHelper@@SAXPEAXAEBUnothrow_t@std@@@Z
??3McvBase@McVariantHelperNative@@SAXPEAX@Z
??3McvBase@McVariantHelperNative@@SAXPEAXAEBUnothrow_t@std@@@Z
??4AMcVariant@McVariantHelper@@QEAAAEAV01@AEBV01@@Z
??4AMcVariantList@McVariantHelper@@QEAAAEAV01@AEBV01@@Z
??4AMcVariantList@McVariantHelper@@QEAAAEAV01@PEBUMcVariant@@@Z
??4AMcVariantValue@McVariantHelper@@QEAAAEAV01@AEBV01@@Z
??4AMcvListPointer@McVariantHelper@@QEAAAEAV01@AEBV01@@Z
??4AMcvListReference@McVariantHelper@@QEAAAEAV01@AEBV01@@Z
??4AMcvPointer@McVariantHelper@@QEAAAEAV01@AEBV01@@Z
??4AMcvReference@McVariantHelper@@QEAA?AV01@H@Z
??4AMcvReference@McVariantHelper@@QEAA?AV01@N@Z
??4AMcvReference@McVariantHelper@@QEAA?AV01@PEBG@Z
??4AMcvReference@McVariantHelper@@QEAA?AV01@PEB_W@Z
??4AMcvReference@McVariantHelper@@QEAA?AV01@_J@Z
??4AMcvReference@McVariantHelper@@QEAA?AV01@_N@Z
??4AMcvReference@McVariantHelper@@QEAAAEAV01@AEBV01@@Z
??4AMcvariantName@McVariantHelper@@QEAAAEAV01@AEBV01@@Z
??4AMessage@McVariantHelper@@QEAAAEAV01@AEBV01@@Z
??4AProperty@BOProperty@McVariantHelper@@QEAAAEAV012@AEBV012@@Z
??4AppendableWideString@@QEAAAEAU0@AEBU0@@Z
??4AssignmentOperator@BOProperty@McVariantHelper@@QEAAAEAV012@AEBV012@@Z
??4Broker@Messaging@@QEAAAEAV01@AEBV01@@Z
??4Build@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4BuildFromList@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4DataValidator@BOProperty@McVariantHelper@@QEAAAEAV012@AEBV012@@Z
??4IBroker@Messaging@@QEAAAEAV01@AEBV01@@Z
??4IMcvDataSource@BOProperty@McVariantHelper@@QEAAAEAV012@AEBV012@@Z
??4IPropertyContext@BOProperty@McVariantHelper@@QEAAAEAV012@AEBV012@@Z
??4IPropertyIterator@BOProperty@McVariantHelper@@QEAAAEAV012@AEBV012@@Z
??4IProvider@Messaging@@QEAAAEAV01@AEBV01@@Z
??4IPublisher@Messaging@@QEAAAEAV01@AEBV01@@Z
??4IPublisherSubscriber@Messaging@@QEAAAEAV01@AEBV01@@Z
??4ISubscriber@Messaging@@QEAAAEAV01@AEBV01@@Z
??4ItemSpec@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McVariant@@QEAAAEAU0@AEBU0@@Z
??4McVariantZ@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvAny@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvAny@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4McvBase@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvBase@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4McvBool@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvBool@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4McvBuffer@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvBuffer@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4McvConvertAny@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvConvertBase@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvConvertBool@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvConvertBuffer@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvConvertFloat@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvConvertInt64@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvConvertInt@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvConvertRegister@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvConvertString@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvCopy@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvCopyImproper@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvCopyImproper@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4McvFloat@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvFloat@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4McvIllegalOperationException@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvIllegalOperationException@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4McvInt64@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvInt64@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4McvInt@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvInt@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4McvList@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvList@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4McvListView@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvNull@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvNull@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4McvRef@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvRegister@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvRegister@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4McvString@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvString@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4McvStringFromUtf8@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvStringFromUtf8@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4McvStringView@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvToAny@BasicUtils@McVariantHelper@@QEAAAEAV012@AEBV012@@Z
??4McvView@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvView@McVariantHelper@@QEAAAEAU01@PEBUMcVariant@@@Z
??4McvZView@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4McvZView@McVariantHelper@@QEAAAEAU01@PEBUMcVariantZ@1@@Z
??4NameValuePair@BasicUtils@McVariantHelper@@QEAAAEAV012@AEBV012@@Z
??4Node@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4Node@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4NodeRef@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4NodeRef@McVariantHelper@@QEAAAEAU01@AEBUValue@1@@Z
??4NodeRef@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4NodeRef@McVariantHelperNative@@QEAAAEAU01@AEBUValue@1@@Z
??4Participant@Messaging@@QEAAAEAV01@AEBV01@@Z
??4Path@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4Path@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4PathElement@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4PathElement@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4PathElements@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4PathElements@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4PropertyContainer@BOProperty@McVariantHelper@@QEAAAEAV012@AEBV012@@Z
??4Publisher@Messaging@@QEAAAEAV01@AEBV01@@Z
??4PublisherSubscriber@Messaging@@QEAAAEAV01@AEBV01@@Z
??4Subscriber@Messaging@@QEAAAEAV01@AEBV01@@Z
??4ValidatorFunctor@BOProperty@McVariantHelper@@QEAAAEAV012@AEBV012@@Z
??4Value@McVariantHelper@@QEAAAEAU01@AEBU01@@Z
??4Value@McVariantHelperNative@@QEAAAEAU01@AEBU01@@Z
??4XmlMcvConverter@McVariantHelper@@QEAAAEAV01@AEBV01@@Z
??4XmlToMcvConverter@McVariantHelper@@QEAAAEAV01@AEBV01@@Z
??4xmlDataStore@BOProperty@McVariantHelper@@QEAAAEAV012@AEBV012@@Z
??8AMcVariant@McVariantHelper@@QEBA_NAEBV01@@Z
??8AMcVariantList@McVariantHelper@@QEBA_NAEBV01@@Z
??8AMcVariantValue@McVariantHelper@@QEBA_NAEAUBuffer@McVariant@@@Z
??8AMcVariantValue@McVariantHelper@@QEBA_NH@Z
??8AMcVariantValue@McVariantHelper@@QEBA_NN@Z
??8AMcVariantValue@McVariantHelper@@QEBA_NPEBD@Z
??8AMcVariantValue@McVariantHelper@@QEBA_NPEBG@Z
??8AMcVariantValue@McVariantHelper@@QEBA_NPEB_W@Z
??8AMcVariantValue@McVariantHelper@@QEBA_N_J@Z
??8AMcVariantValue@McVariantHelper@@QEBA_N_N@Z
??8AMcvReference@McVariantHelper@@QEBA_NAEBV01@@Z
??8AMcvariantName@McVariantHelper@@QEBA_NPEBD@Z
??8AMcvariantName@McVariantHelper@@QEBA_NPEBG@Z
??8AMcvariantName@McVariantHelper@@QEBA_NPEB_W@Z
??8AMessage@McVariantHelper@@QEBA_NAEBV01@@Z
??8McvStringView@McVariantHelper@@QEBA_NAEBU01@@Z
??8McvToAny@BasicUtils@McVariantHelper@@QEBA_NAEBV012@@Z
??8NodeRef@McVariantHelper@@QEAA_NAEBU01@@Z
??8NodeRef@McVariantHelperNative@@QEAA_NAEBU01@@Z
??9McvStringView@McVariantHelper@@QEBA_NAEBU01@@Z
??9McvToAny@BasicUtils@McVariantHelper@@QEBA_NAEBV012@@Z
??AAMcvListReference@McVariantHelper@@QEAA?AVAMcvReference@1@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??AAMcvReference@McVariantHelper@@QEAA?AV01@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??AAMessage@McVariantHelper@@QEAA?AVAMcvReference@1@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??AMcvRef@McVariantHelper@@QEAA?AU01@H@Z
??AMcvRef@McVariantHelper@@QEAA?AU01@PEB_W@Z
??AMcvView@McVariantHelper@@QEBA?AU01@H@Z
??AMcvView@McVariantHelper@@QEBA?AU01@PEB_W@Z
??AMcvZView@McVariantHelper@@QEBA?AU01@H@Z
??AMcvZView@McVariantHelper@@QEBA?AU01@PEB_W@Z
??ANode@McVariantHelper@@QEAA?AUNodeRef@1@PEBUPathElements@1@@Z
??ANode@McVariantHelper@@QEBA?AUNodeRef@1@PEBUPathElements@1@@Z
??ANode@McVariantHelperNative@@QEAA?AUNodeRef@1@PEBUPathElements@1@@Z
??ANode@McVariantHelperNative@@QEBA?AUNodeRef@1@PEBUPathElements@1@@Z
??ANodeRef@McVariantHelper@@QEAA?AU01@H@Z
??ANodeRef@McVariantHelper@@QEAA?AU01@PEB_W@Z
??ANodeRef@McVariantHelper@@QEBA?AUMcvView@1@AEBUPath@1@@Z
??ANodeRef@McVariantHelperNative@@QEAA?AU01@H@Z
??ANodeRef@McVariantHelperNative@@QEAA?AU01@PEB_W@Z
??ANodeRef@McVariantHelperNative@@QEBA?AUMcvView@McVariantHelper@@AEBUPath@1@@Z
??APropertyContainer@BOProperty@McVariantHelper@@QEBA?AVMcvToAny@BasicUtils@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??BAMcVariant@McVariantHelper@@QEBAPEAUMcVariant@@XZ
??BAMcVariantValue@McVariantHelper@@QEBA?BVAMcvListReference@1@XZ
??BAMcVariantValue@McVariantHelper@@QEBAHXZ
??BAMcVariantValue@McVariantHelper@@QEBANXZ
??BAMcVariantValue@McVariantHelper@@QEBAPEAGXZ
??BAMcVariantValue@McVariantHelper@@QEBAPEA_WXZ
??BAMcVariantValue@McVariantHelper@@QEBA_JXZ
??BAMcVariantValue@McVariantHelper@@QEBA_NXZ
??BAMcvListReference@McVariantHelper@@QEBAPEAUMcVariant@@XZ
??BAMcvReference@McVariantHelper@@QEBAPEAUMcVariant@@XZ
??BAMcvariantName@McVariantHelper@@QEBAPEAGXZ
??BAMcvariantName@McVariantHelper@@QEBAPEA_WXZ
??BAMessage@McVariantHelper@@QEBAPEBUMcVariant@@XZ
??BAutoPtr@McVariantHelper@@QEBAPEAUMcVariant@@XZ
??BMcvCast@McVariantHelper@@QEAAPEAUMcVariant@@XZ
??BMcvConvertBase@McVariantHelper@@QEAAPEBUMcVariant@@XZ
??BMcvConvertBool@McVariantHelper@@QEBA_NXZ
??BMcvConvertBuffer@McVariantHelper@@QEBAAEBUBuffer@McVariant@@XZ
??BMcvConvertFloat@McVariantHelper@@QEBANXZ
??BMcvConvertInt64@McVariantHelper@@QEBA_JXZ
??BMcvConvertInt@McVariantHelper@@QEBAHXZ
??BMcvConvertRegister@McVariantHelper@@QEBAPEAXXZ
??BMcvConvertString@McVariantHelper@@QEBAAEBUString@McVariant@@XZ
??BMcvConvertString@McVariantHelper@@QEBAPEB_WXZ
??BMcvRef@McVariantHelper@@QEAAPEBUMcVariant@@XZ
??BMcvToAny@BasicUtils@McVariantHelper@@QEBAHXZ
??BMcvToAny@BasicUtils@McVariantHelper@@QEBANXZ
??BMcvToAny@BasicUtils@McVariantHelper@@QEBAPEAUMcVariant@@XZ
??BMcvToAny@BasicUtils@McVariantHelper@@QEBAPEA_WXZ
??BMcvToAny@BasicUtils@McVariantHelper@@QEBA_JXZ
??BMcvToAny@BasicUtils@McVariantHelper@@QEBA_NXZ
??BMcvView@McVariantHelper@@QEBA?AUMcvStringView@1@XZ
??BMcvView@McVariantHelper@@QEBAAEBUBuffer@McVariant@@XZ
??BMcvView@McVariantHelper@@QEBAAEBUList@McVariant@@XZ
??BMcvView@McVariantHelper@@QEBAHXZ
??BMcvView@McVariantHelper@@QEBANXZ
??BMcvView@McVariantHelper@@QEBAPEAXXZ
??BMcvView@McVariantHelper@@QEBAPEBUMcVariant@@XZ
??BMcvView@McVariantHelper@@QEBA_JXZ
??BMcvView@McVariantHelper@@QEBA_NXZ
??BMcvZView@McVariantHelper@@QEBA?AUBuffer@McVariant@@XZ
??BMcvZView@McVariantHelper@@QEBA?AUMcvListView@1@XZ
??BMcvZView@McVariantHelper@@QEBA?AUMcvStringView@1@XZ
??BMcvZView@McVariantHelper@@QEBAHXZ
??BMcvZView@McVariantHelper@@QEBANXZ
??BMcvZView@McVariantHelper@@QEBAPEAXXZ
??BMcvZView@McVariantHelper@@QEBAPEBUMcVariantZ@1@XZ
??BMcvZView@McVariantHelper@@QEBA_NXZ
??BNameValuePair@BasicUtils@McVariantHelper@@QEBAPEAUMcVariant@@XZ
??BNodeRef@McVariantHelper@@QEBA?AUMcvStringView@1@XZ
??BNodeRef@McVariantHelper@@QEBA?AUMcvView@1@XZ
??BNodeRef@McVariantHelper@@QEBAAEBUBuffer@McVariant@@XZ
??BNodeRef@McVariantHelper@@QEBAAEBUList@McVariant@@XZ
??BNodeRef@McVariantHelper@@QEBAHXZ
??BNodeRef@McVariantHelper@@QEBANXZ
??BNodeRef@McVariantHelper@@QEBAPEAXXZ
??BNodeRef@McVariantHelper@@QEBAPEBUMcVariant@@XZ
??BNodeRef@McVariantHelper@@QEBA_JXZ
??BNodeRef@McVariantHelper@@QEBA_NXZ
??BNodeRef@McVariantHelperNative@@QEBA?AUMcvStringView@McVariantHelper@@XZ
??BNodeRef@McVariantHelperNative@@QEBA?AUMcvView@McVariantHelper@@XZ
??BNodeRef@McVariantHelperNative@@QEBAAEBUBuffer@McVariant@@XZ
??BNodeRef@McVariantHelperNative@@QEBAAEBUList@McVariant@@XZ
??BNodeRef@McVariantHelperNative@@QEBAHXZ
??BNodeRef@McVariantHelperNative@@QEBANXZ
??BNodeRef@McVariantHelperNative@@QEBAPEAXXZ
??BNodeRef@McVariantHelperNative@@QEBAPEBUMcVariant@@XZ
??BNodeRef@McVariantHelperNative@@QEBA_NXZ
??CMcvView@McVariantHelper@@QEBAPEBUMcVariant@@XZ
??CMcvZView@McVariantHelper@@QEBAPEBUMcVariantZ@1@XZ
??RAMcvListReference@McVariantHelper@@QEAA?AV01@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??RValidatorFunctor@BOProperty@McVariantHelper@@UEAA_NAEBVAProperty@12@0AEBVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
??_7AProperty@BOProperty@McVariantHelper@@6B@
??_7AssignmentOperator@BOProperty@McVariantHelper@@6B@
??_7Broker@Messaging@@6B@
??_7DataValidator@BOProperty@McVariantHelper@@6B@
??_7IMcvDataSource@BOProperty@McVariantHelper@@6B@
??_7IPropertyContext@BOProperty@McVariantHelper@@6B@
??_7IPropertyIterator@BOProperty@McVariantHelper@@6B@
??_7IProvider@Messaging@@6B@
??_7IPublisher@Messaging@@6B@
??_7IPublisherSubscriber@Messaging@@6B@
??_7ISubscriber@Messaging@@6B@
??_7Participant@Messaging@@6B@
??_7PropertyBase@BOProperty@McVariantHelper@@6B@
??_7PropertyContainer@BOProperty@McVariantHelper@@6B@
??_7PropertyDB@BOProperty@McVariantHelper@@6B@
??_7Provider@Messaging@@6B@
??_7Publisher@Messaging@@6B@
??_7PublisherSubscriber@Messaging@@6B@
??_7Subscriber@Messaging@@6B@
??_7ValidatorFunctor@BOProperty@McVariantHelper@@6B@
??_7xmlDataStore@BOProperty@McVariantHelper@@6B@
??_FAppendableWideString@@QEAAXXZ
??_FMcvBool@McVariantHelper@@QEAAXXZ
??_FMcvBool@McVariantHelperNative@@QEAAXXZ
??_FMcvBuffer@McVariantHelper@@QEAAXXZ
??_FMcvBuffer@McVariantHelperNative@@QEAAXXZ
??_FMcvFloat@McVariantHelper@@QEAAXXZ
??_FMcvFloat@McVariantHelperNative@@QEAAXXZ
??_FMcvInt64@McVariantHelper@@QEAAXXZ
??_FMcvInt64@McVariantHelperNative@@QEAAXXZ
??_FMcvInt@McVariantHelper@@QEAAXXZ
??_FMcvInt@McVariantHelperNative@@QEAAXXZ
??_FMcvList@McVariantHelper@@QEAAXXZ
??_FMcvList@McVariantHelperNative@@QEAAXXZ
??_FMcvNull@McVariantHelper@@QEAAXXZ
??_FMcvNull@McVariantHelperNative@@QEAAXXZ
??_FMcvRegister@McVariantHelper@@QEAAXXZ
??_FMcvRegister@McVariantHelperNative@@QEAAXXZ
??_FMcvString@McVariantHelper@@QEAAXXZ
??_FMcvString@McVariantHelperNative@@QEAAXXZ
??_FMcvStringFromUtf8@McVariantHelper@@QEAAXXZ
??_FMcvStringFromUtf8@McVariantHelperNative@@QEAAXXZ
??_FMcvView@McVariantHelper@@QEAAXXZ
??_FMcvZView@McVariantHelper@@QEAAXXZ
??_UMcvBase@McVariantHelper@@SAPEAX_K@Z
??_UMcvBase@McVariantHelper@@SAPEAX_KAEBUnothrow_t@std@@@Z
??_UMcvBase@McVariantHelperNative@@SAPEAX_K@Z
??_UMcvBase@McVariantHelperNative@@SAPEAX_KAEBUnothrow_t@std@@@Z
??_VMcvBase@McVariantHelper@@SAXPEAX@Z
??_VMcvBase@McVariantHelper@@SAXPEAXAEBUnothrow_t@std@@@Z
??_VMcvBase@McVariantHelperNative@@SAXPEAX@Z
??_VMcvBase@McVariantHelperNative@@SAXPEAXAEBUnothrow_t@std@@@Z
?AddRef@Node@McVariantHelper@@QEAAXXZ
?AddRef@Node@McVariantHelperNative@@QEAAXXZ
?Append@AppendableWideString@@QEAAXPEB_WZZ
?Append@AppendableWideString@@QEAAX_W@Z
?Append@McvList@McVariantHelper@@QEAAPEAUMcvBase@2@PEAU32@@Z
?Append@McvList@McVariantHelperNative@@QEAAPEAUMcvBase@2@PEAU32@@Z
?Append@NodeRef@McVariantHelper@@QEAAXU12@@Z
?Append@NodeRef@McVariantHelperNative@@QEAAXU12@@Z
?AppendAttribute@McvBase@McVariantHelper@@QEAAXPEAU12@@Z
?AppendAttribute@McvBase@McVariantHelperNative@@QEAAXPEAU12@@Z
?AppendSpace@AppendableWideString@@QEAAXI@Z
?AppendXml@AppendableWideString@@QEAAXPEB_WZZ
?AppendXml@AppendableWideString@@QEAAX_W@Z
?AttributeValue@McvView@McVariantHelper@@QEAA?AU12@PEB_W@Z
?Attributes@McvView@McVariantHelper@@QEBAAEBUList@McVariant@@XZ
?AttributesIndex@McVariantZ@McVariantHelper@@QEBAPEAU12@H@Z
?AttributesLen@McVariantZ@McVariantHelper@@QEBAHXZ
?BLFramework@McVariantHelper@@YAPEAUMcVariant@@PEB_WP6APEAX_K@ZPEAUAppendableWideString@@@Z
?BLFramework@McVariantHelper@@YAPEA_WPEBUMcVariant@@@Z
?Bool@McvView@McVariantHelper@@QEBA_NXZ
?Bool@McvZView@McVariantHelper@@QEBA_NXZ
?Bool@NodeRef@McVariantHelper@@QEBA_NXZ
?Bool@NodeRef@McVariantHelperNative@@QEBA_NXZ
?Buffer@McvView@McVariantHelper@@QEBAAEBU0McVariant@@XZ
?Buffer@McvZView@McVariantHelper@@QEBA?AU0McVariant@@XZ
?Buffer@NodeRef@McVariantHelper@@QEBAAEBU0McVariant@@XZ
?Buffer@NodeRef@McVariantHelperNative@@QEBAAEBU0McVariant@@XZ
?BuildMcVariant@Build@McVariantHelper@@QEAAPEAUMcVariant@@PEAD_K@Z
?BuildMcVariantInPlace@Build@McVariantHelper@@QEAAPEAUMcVariant@@PEAX_KPEA_K@Z
?BuildMcVariantInPlace@McvBase@McVariantHelper@@QEBAPEAUMcVariant@@PEAX_KPEA_K@Z
?BuildMcVariantInPlace@McvBase@McVariantHelperNative@@QEBAPEAUMcVariant@@PEAX_KPEA_K@Z
?BuildNewMcVariant@Build@McVariantHelper@@QEAAPEAUMcVariant@@P6APEAX_K@Z@Z
?BuildNewMcVariant@McvBase@McVariantHelper@@QEBAPEAUMcVariant@@P6APEAX_K@Z@Z
?BuildNewMcVariant@McvBase@McVariantHelperNative@@QEBAPEAUMcVariant@@P6APEAX_K@Z@Z
?CalculateMcVariantSize@Build@McVariantHelper@@QEAAIXZ
?Clear@AppendableWideString@@QEAAXXZ
?ComplexMcv@McvToAny@BasicUtils@McVariantHelper@@2V123@A
?ComputeListSize@McvBase@McVariantHelper@@AEBAHAEBUList@McVariant@@@Z
?ComputeListSize@McvBase@McVariantHelperNative@@AEBAHAEBUList@McVariant@@@Z
?ComputeMcVariantSize@McvBase@McVariantHelper@@AEBAHXZ
?ComputeMcVariantSize@McvBase@McVariantHelperNative@@AEBAHXZ
?ConnectChildren@Node@McVariantHelper@@QEAAXXZ
?ConnectChildren@Node@McVariantHelperNative@@QEAAXXZ
?Copy@McVariantHelper@@YAXPEAUMcVariant@@PEBU2@_N2@Z
?CopyAttributes@Node@McVariantHelper@@QEAAXPEBUMcVariant@@@Z
?CopyAttributes@Node@McVariantHelperNative@@QEAAXPEBUMcVariant@@@Z
?CopyListPart@McvBase@McVariantHelper@@AEBAXAEAUList@McVariant@@AEBU34@AEAPEAD@Z
?CopyListPart@McvBase@McVariantHelperNative@@AEBAXAEAUList@McVariant@@AEBU34@AEAPEAD@Z
?CopyTo2@Build@McVariantHelper@@AEBAPEAUMcVariant@@PEAXI@Z
?CopyTo2@McvBase@McVariantHelper@@AEBAPEAUMcVariant@@PEAXH@Z
?CopyTo2@McvBase@McVariantHelperNative@@AEBAPEAUMcVariant@@PEAXH@Z
?CopyTo@McvBase@McVariantHelper@@AEBAPEAUMcVariant@@AEAPEAD@Z
?CopyTo@McvBase@McVariantHelperNative@@AEBAPEAUMcVariant@@AEAPEAD@Z
?Count@Node@McVariantHelper@@QEBAHXZ
?Count@Node@McVariantHelperNative@@QEBAHXZ
?Count@NodeRef@McVariantHelper@@QEBAHXZ
?Count@NodeRef@McVariantHelperNative@@QEBAHXZ
?DecRef@Node@McVariantHelper@@QEAAXXZ
?DecRef@Node@McVariantHelperNative@@QEAAXXZ
?Delete@McVariantHelper@@YAXPEAUMcVariant@@@Z
?Delete@McVariantHelper@@YAXPEAUMcvBase@1@@Z
?Delete@McVariantHelper@@YAXPEA_W@Z
?Delete@Node@McVariantHelper@@QEAA_NAEBUPathElement@2@@Z
?Delete@Node@McVariantHelperNative@@QEAA_NAEBUPathElement@2@@Z
?Delete@NodeRef@McVariantHelper@@QEAA_NAEBUPathElement@2@@Z
?Delete@NodeRef@McVariantHelperNative@@QEAA_NAEBUPathElement@2@@Z
?DeleteAll@NodeRef@McVariantHelper@@QEAA_NXZ
?DeleteAll@NodeRef@McVariantHelperNative@@QEAA_NXZ
?DeleteFirst@Node@McVariantHelper@@QEAA_NXZ
?DeleteFirst@Node@McVariantHelperNative@@QEAA_NXZ
?DeleteFirst@NodeRef@McVariantHelper@@QEAA_NXZ
?DeleteFirst@NodeRef@McVariantHelperNative@@QEAA_NXZ
?DeleteLast@Node@McVariantHelper@@QEAA_NXZ
?DeleteLast@Node@McVariantHelperNative@@QEAA_NXZ
?DeleteLast@NodeRef@McVariantHelper@@QEAA_NXZ
?DeleteLast@NodeRef@McVariantHelperNative@@QEAA_NXZ
?DestroyExistingValue@Node@McVariantHelper@@QEAAXXZ
?DestroyExistingValue@Node@McVariantHelperNative@@QEAAXXZ
?Equals@McvStringView@McVariantHelper@@QEBA_NAEBU12@_N@Z
?Examine@ExamineBase@McVariantHelper@@YA?AW4Result@12@PEBUMcVariant@@@Z
?Export@Node@McVariantHelper@@QEBAPEAUMcVariant@@P6APEAX_K@Z@Z
?Export@Node@McVariantHelperNative@@QEBAPEAUMcVariant@@P6APEAX_K@Z@Z
?Export@NodeRef@McVariantHelper@@QEBAPEAUMcVariant@@P6APEAX_K@Z@Z
?Export@NodeRef@McVariantHelperNative@@QEBAPEAUMcVariant@@P6APEAX_K@Z@Z
?ExportMcVariant@McVariantEventInfo@Events@McVariantHelper@@QEAAPEAUMcVariant@@P6APEAX_K@Z@Z
?FindItemInListWithName@McvView@McVariantHelper@@IEBA?AU12@AEBUList@McVariant@@PEB_W@Z
?FindItemWithAttributeValue@McvView@McVariantHelper@@QEAA?AU12@PEB_W0@Z
?FindProperty@McVariantEventInfo@Events@McVariantHelper@@AEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?First@McvView@McVariantHelper@@QEBA?AU12@XZ
?First@McvZView@McVariantHelper@@QEBA?AU12@XZ
?First@Node@McVariantHelper@@QEBA?AUNodeRef@2@XZ
?First@Node@McVariantHelperNative@@QEBA?AUNodeRef@2@XZ
?First@NodeRef@McVariantHelper@@QEAA?AU12@XZ
?First@NodeRef@McVariantHelperNative@@QEAA?AU12@XZ
?Float@McvView@McVariantHelper@@QEBANXZ
?Float@McvZView@McVariantHelper@@QEBANXZ
?Float@NodeRef@McVariantHelper@@QEBANXZ
?Float@NodeRef@McVariantHelperNative@@QEBANXZ
?GetAllCustomData@McVariantEventInfo@Events@McVariantHelper@@QEAAPEAUMcVariant@@XZ
?GetAllData@McVariantEventInfo@Events@McVariantHelper@@QEBAPEBUMcVariant@@XZ
?GetCustomData@McVariantEventInfo@Events@McVariantHelper@@QEAA?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@V4567@@Z
?GetCustomData@McVariantEventInfo@Events@McVariantHelper@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@AEAH@Z
?GetCustomData@McVariantEventInfo@Events@McVariantHelper@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@AEA_N@Z
?GetCustomData@McVariantEventInfo@Events@McVariantHelper@@QEBAPEAUMcvAny@3@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?GetEventDescription@McVariantEventInfo@Events@McVariantHelper@@QEBA?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?GetEventDetails@McVariantEventInfo@Events@McVariantHelper@@QEBAPEAUMcVariant@@XZ
?GetEventID@McVariantEventInfo@Events@McVariantHelper@@QEBAHXZ
?GetEventTimeStamp@McVariantEventInfo@Events@McVariantHelper@@QEBA?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?GetMcVariant@McVariantEventFilter@Events@McVariantHelper@@QEAAPEAUMcVariant@@P6APEAX_K@Z@Z
?GetPublisherName@McVariantEventInfo@Events@McVariantHelper@@QEBA?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?GetSeverity@McVariantEventInfo@Events@McVariantHelper@@QEBAHXZ
?GetTaskName@McVariantEventInfo@Events@McVariantHelper@@QEBA?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?GetTopicName@McVariantEventInfo@Events@McVariantHelper@@QEBA?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?GetValue@McvAny@McVariantHelper@@QEBAPEBXXZ
?GetValue@McvAny@McVariantHelperNative@@QEBAPEBXXZ
?GetValue@McvBool@McVariantHelper@@QEBA_NXZ
?GetValue@McvBool@McVariantHelperNative@@QEBA_NXZ
?GetValue@McvBuffer@McVariantHelper@@QEBAAEBUBuffer@McVariant@@XZ
?GetValue@McvBuffer@McVariantHelperNative@@QEBAAEBUBuffer@McVariant@@XZ
?GetValue@McvFloat@McVariantHelper@@QEBANXZ
?GetValue@McvFloat@McVariantHelperNative@@QEBANXZ
?GetValue@McvInt64@McVariantHelper@@QEBA_JXZ
?GetValue@McvInt64@McVariantHelperNative@@QEBA_JXZ
?GetValue@McvInt@McVariantHelper@@QEBAHXZ
?GetValue@McvInt@McVariantHelperNative@@QEBAHXZ
?GetValue@McvRegister@McVariantHelper@@QEBAPEAXXZ
?GetValue@McvRegister@McVariantHelperNative@@QEBAPEAXXZ
?GetValue@McvString@McVariantHelper@@QEBAAEBUString@McVariant@@XZ
?GetValue@McvString@McVariantHelperNative@@QEBAAEBUString@McVariant@@XZ
?HasMandatoryFields@McVariantEventInfo@Events@McVariantHelper@@AEAA_NXZ
?Impl@McvRef@McVariantHelper@@AEAAAEAUMcvRefImpl@2@XZ
?Initialize@McVariantEventInfo@Events@McVariantHelper@@AEAAXXZ
?InsertBefore@Node@McVariantHelper@@QEAAXAEBUPathElement@2@UNodeRef@2@@Z
?InsertBefore@Node@McVariantHelperNative@@QEAAXAEBUPathElement@2@UNodeRef@2@@Z
?InsertBefore@NodeRef@McVariantHelper@@QEAAXAEBUPathElement@2@U12@@Z
?InsertBefore@NodeRef@McVariantHelperNative@@QEAAXAEBUPathElement@2@U12@@Z
?Int64@McvView@McVariantHelper@@QEBA_JXZ
?Int64@NodeRef@McVariantHelper@@QEBA_JXZ
?Int@McvView@McVariantHelper@@QEBAHXZ
?Int@McvZView@McVariantHelper@@QEBAHXZ
?Int@NodeRef@McVariantHelper@@QEBAHXZ
?Int@NodeRef@McVariantHelperNative@@QEBAHXZ
?IsBool@McvView@McVariantHelper@@QEBA_NXZ
?IsBool@McvZView@McVariantHelper@@QEBA_NXZ
?IsBool@NodeRef@McVariantHelper@@QEBA_NXZ
?IsBool@NodeRef@McVariantHelperNative@@QEBA_NXZ
?IsBuffer@McvView@McVariantHelper@@QEBA_NXZ
?IsBuffer@McvZView@McVariantHelper@@QEBA_NXZ
?IsBuffer@NodeRef@McVariantHelper@@QEBA_NXZ
?IsBuffer@NodeRef@McVariantHelperNative@@QEBA_NXZ
?IsDuplicateProperty@McVariantEventInfo@Events@McVariantHelper@@AEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?IsEmpty@McvList@McVariantHelper@@QEBA_NXZ
?IsEmpty@McvList@McVariantHelperNative@@QEBA_NXZ
?IsEmpty@McvStringView@McVariantHelper@@QEBA_NXZ
?IsEqual@McVariantHelper@@YA_NPEBUMcVariant@@0@Z
?IsFloat@McvView@McVariantHelper@@QEBA_NXZ
?IsFloat@McvZView@McVariantHelper@@QEBA_NXZ
?IsFloat@NodeRef@McVariantHelper@@QEBA_NXZ
?IsFloat@NodeRef@McVariantHelperNative@@QEBA_NXZ
?IsInt64@McvView@McVariantHelper@@QEBA_NXZ
?IsInt64@NodeRef@McVariantHelper@@QEBA_NXZ
?IsInt@McvView@McVariantHelper@@QEBA_NXZ
?IsInt@McvZView@McVariantHelper@@QEBA_NXZ
?IsInt@NodeRef@McVariantHelper@@QEBA_NXZ
?IsInt@NodeRef@McVariantHelperNative@@QEBA_NXZ
?IsList@McvView@McVariantHelper@@QEBA_NXZ
?IsList@McvZView@McVariantHelper@@QEBA_NXZ
?IsList@NodeRef@McVariantHelper@@QEBA_NXZ
?IsList@NodeRef@McVariantHelperNative@@QEBA_NXZ
?IsNull@McvView@McVariantHelper@@QEBA_NXZ
?IsNull@NodeRef@McVariantHelper@@QEBA_NXZ
?IsNull@NodeRef@McVariantHelperNative@@QEBA_NXZ
?IsRegister@McvView@McVariantHelper@@QEBA_NXZ
?IsRegister@McvZView@McVariantHelper@@QEBA_NXZ
?IsRegister@NodeRef@McVariantHelper@@QEBA_NXZ
?IsRegister@NodeRef@McVariantHelperNative@@QEBA_NXZ
?IsString@McvView@McVariantHelper@@QEBA_NXZ
?IsString@McvZView@McVariantHelper@@QEBA_NXZ
?IsString@NodeRef@McVariantHelper@@QEBA_NXZ
?IsString@NodeRef@McVariantHelperNative@@QEBA_NXZ
?IsTheNull@McvView@McVariantHelper@@QEBA_NXZ
?IsTheNull@McvZView@McVariantHelper@@QEBA_NXZ
?IsValid@McvConvertBase@McVariantHelper@@QEBA_NXZ
?IsValidInputEventMcVariant@McVariantEventInfo@Events@McVariantHelper@@AEAA_NPEBUMcVariant@@@Z
?Last@Node@McVariantHelper@@QEBA?AUNodeRef@2@XZ
?Last@Node@McVariantHelperNative@@QEBA?AUNodeRef@2@XZ
?Last@NodeRef@McVariantHelper@@QEAA?AU12@XZ
?Last@NodeRef@McVariantHelperNative@@QEAA?AU12@XZ
?LazyChildren@Node@McVariantHelper@@QEAAAEAUChildren@2@XZ
?LazyChildren@Node@McVariantHelperNative@@QEAAAEAUChildren@2@XZ
?Leaf@NodeRef@McVariantHelper@@QEBAPEBUMcVariant@@XZ
?Leaf@NodeRef@McVariantHelperNative@@QEBAPEBUMcVariant@@XZ
?Len@McvConvertString@McVariantHelper@@QEBAHXZ
?List@McvView@McVariantHelper@@QEBAAEBU0McVariant@@XZ
?List@NodeRef@McVariantHelper@@QEBAAEBU0McVariant@@XZ
?List@NodeRef@McVariantHelperNative@@QEBAAEBU0McVariant@@XZ
?ListValueSize@McvView@McVariantHelper@@QEBAHXZ
?Lookup@NodeRef@McVariantHelper@@QEBA?AU12@H@Z
?Lookup@NodeRef@McVariantHelper@@QEBA?AU12@PEB_W@Z
?Lookup@NodeRef@McVariantHelperNative@@QEBA?AU12@H@Z
?Lookup@NodeRef@McVariantHelperNative@@QEBA?AU12@PEB_W@Z
?McVariantPrintDelete@McVariantHelper@@YAXPEA_W@Z
?McVariantPrintNew@McVariantHelper@@YAPEA_WPEBUMcVariant@@_N@Z
?McVariantPrintNew@McVariantHelper@@YAPEA_WPEBUMcVariantZ@1@_N@Z
?Merge@McVariantHelper@@YAPEAUMcVariant@@PEBU2@0@Z
?Name@McvView@McVariantHelper@@QEBA?AUMcvStringView@2@XZ
?Name@McvZView@McVariantHelper@@QEBA?AUMcvStringView@2@XZ
?Name@Node@McVariantHelper@@QEAAPEB_WXZ
?Name@Node@McVariantHelperNative@@QEAAPEB_WXZ
?Name@NodeRef@McVariantHelper@@QEBA?AUMcvStringView@2@XZ
?Name@NodeRef@McVariantHelperNative@@QEBA?AUMcvStringView@McVariantHelper@@XZ
?NameLen@McVariantZ@McVariantHelper@@QEBAHXZ
?NameSize@McvView@McVariantHelper@@QEBAHXZ
?NameSize@McvZView@McVariantHelper@@QEBAHXZ
?NameStr@McVariantZ@McVariantHelper@@QEBAPEA_WXZ
?NewBool@McVariantHelper@@YAPEAUMcvBool@1@PEB_W_N@Z
?NewBuffer@McVariantHelper@@YAPEAUMcvBuffer@1@PEB_WPEBXH@Z
?NewCopy@McVariantHelper@@YAPEAUMcVariant@@PEBU2@P6APEAX_K@Z_N3@Z
?NewDom@McVariantHelper@@YAPEAUMcVariant@@PEB_WP6APEAX_K@ZPEAUAppendableWideString@@@Z
?NewDom@McVariantHelper@@YAPEA_WPEBUMcVariant@@PEA_W@Z
?NewEp10Config@McVariantHelper@@YAPEAUMcVariant@@PEB_WP6APEAX_K@ZPEAUAppendableWideString@@@Z
?NewEp10Config@McVariantHelper@@YAPEA_WPEBUMcVariant@@@Z
?NewExtraNatural@McVariantHelper@@YAPEAUMcVariant@@PEB_WP6APEAX_K@ZPEAUAppendableWideString@@@Z
?NewFloat@McVariantHelper@@YAPEAUMcvFloat@1@PEB_WN@Z
?NewInt64@McVariantHelper@@YAPEAUMcvInt64@1@PEB_W_J@Z
?NewInt@McVariantHelper@@YAPEAUMcvInt@1@PEB_WH@Z
?NewJson@McVariantHelper@@YAPEAUMcVariant@@PEB_W@Z
?NewJson@McVariantHelper@@YAPEA_WPEBUMcVariant@@@Z
?NewList@McVariantHelper@@YAPEAUMcvList@1@PEB_W@Z
?NewMcvCopyDeep@McVariantHelper@@YAPEAUMcvBase@1@PEBUMcVariant@@@Z
?NewNatural@McVariantHelper@@YAPEAUMcVariant@@PEB_WP6APEAX_K@ZPEAUAppendableWideString@@@Z
?NewNatural@McVariantHelper@@YAPEA_WPEBUMcVariant@@PEA_W@Z
?NewNull@McVariantHelper@@YAPEAUMcvNull@1@PEB_W@Z
?NewPlain@McVariantHelper@@YAPEAUMcVariant@@PEB_WP6APEAX_K@ZPEAUAppendableWideString@@@Z
?NewRegister@McVariantHelper@@YAPEAUMcvRegister@1@PEB_WPEAX@Z
?NewSimple@McVariantHelper@@YAPEAUMcVariant@@PEB_WP6APEAX_K@ZPEAUAppendableWideString@@@Z
?NewSimple@McVariantHelper@@YAPEA_WPEBUMcVariant@@_N@Z
?NewString@McVariantHelper@@YAPEAUMcvString@1@PEB_W0H@Z
?NewYam@McVariantHelper@@YAPEAUMcVariant@@PEB_WP6APEAX_K@ZPEAUAppendableWideString@@@Z
?NewYam@McVariantHelper@@YAPEA_WPEBUMcVariant@@_N@Z
?Next@McVariantZ@McVariantHelper@@QEBAPEAU12@XZ
?Next@McvView@McVariantHelper@@QEBA?AU12@XZ
?Next@McvZView@McVariantHelper@@QEBA?AU12@XZ
?NullMcv@McvToAny@BasicUtils@McVariantHelper@@2V123@A
?NullTerminate@AppendableWideString@@QEAAXXZ
?OnAsyncMsgResponseCallbackfn@Publisher@Messaging@@CAXPEBUMcVariant@@0PEAI@Z
?OnMsgResponseCallbackfn@Publisher@Messaging@@CAXPEBUMcVariant@@0PEAI@Z
?OnReceiveMessageCallback@Subscriber@Messaging@@CAXPEBUMcVariant@@0PEAI@Z
?ReadFromRegistry@McVariantHelper@@YAHPEAXPEB_W1PEAPEAUMcVariant@@@Z
?Rebase@McVariantHelper@@YAXPEAUMcVariant@@PEBX1@Z
?RebaseFromZero@McVariantHelper@@YAXPEAUMcVariant@@@Z
?RebaseToZero@McVariantHelper@@YAXPEAUMcVariant@@@Z
?Register@McvView@McVariantHelper@@QEBAPEAXXZ
?Register@McvZView@McVariantHelper@@QEBAPEAXXZ
?Register@NodeRef@McVariantHelper@@QEBAPEAXXZ
?Register@NodeRef@McVariantHelperNative@@QEBAPEAXXZ
?ReserveCapacity@AppendableWideString@@AEAAXI@Z
?Seed@Node@McVariantHelper@@QEAAXPEBUMcVariant@@@Z
?Seed@Node@McVariantHelperNative@@QEAAXPEBUMcVariant@@@Z
?SetAsBool@McvConvertBase@McVariantHelper@@IEAAXAEBUMcVariant@@@Z
?SetAsBuffer@McvConvertBase@McVariantHelper@@IEAAXAEBUMcVariant@@AEAPEA_W@Z
?SetAsFloat@McvConvertBase@McVariantHelper@@IEAAXAEBUMcVariant@@@Z
?SetAsInt64@McvConvertBase@McVariantHelper@@IEAAXAEBUMcVariant@@@Z
?SetAsInt@McvConvertBase@McVariantHelper@@IEAAXAEBUMcVariant@@@Z
?SetAsNull@McvConvertBase@McVariantHelper@@IEAAXAEBUMcVariant@@@Z
?SetAsRegister@McvConvertBase@McVariantHelper@@IEAAXAEBUMcVariant@@@Z
?SetAsString@McvConvertBase@McVariantHelper@@IEAAXAEBUMcVariant@@AEAPEA_W@Z
?SetCommon@McvConvertBase@McVariantHelper@@IEAAXAEBUMcVariant@@@Z
?SetCustomData@McVariantEventFilter@Events@McVariantHelper@@QEAA_NAEBVNameValuePair@BasicUtils@3@@Z
?SetCustomData@McVariantEventInfo@Events@McVariantHelper@@QEAA_NAEBVNameValuePair@BasicUtils@3@@Z
?SetEventID@McVariantEventFilter@Events@McVariantHelper@@QEAA_NH@Z
?SetEventInfo@McVariantEventInfo@Events@McVariantHelper@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@HH0_N@Z
?SetMcEventDetails@McVariantEventInfo@Events@McVariantHelper@@QEAA_NPEBUMcVariant@@@Z
?SetName@McVariantEventFilter@Events@McVariantHelper@@AEAA_NXZ
?SetName@McvBase@McVariantHelper@@QEAAXPEBD@Z
?SetName@McvBase@McVariantHelper@@QEAAXPEB_W@Z
?SetName@McvBase@McVariantHelperNative@@QEAAXPEBD@Z
?SetName@McvBase@McVariantHelperNative@@QEAAXPEB_W@Z
?SetPublisher@McVariantEventFilter@Events@McVariantHelper@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?SetSeverity@McVariantEventFilter@Events@McVariantHelper@@QEAA_NH@Z
?SetTaskName@McVariantEventInfo@Events@McVariantHelper@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?SetTopAttribute@NodeRef@McVariantHelper@@QEAA_NAEBVNameValuePair@BasicUtils@2@@Z
?SetTopName@NodeRef@McVariantHelper@@QEAAXPEB_W@Z
?SetTopName@NodeRef@McVariantHelperNative@@QEAAXPEB_W@Z
?SetTopicName@McVariantEventFilter@Events@McVariantHelper@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?SetTopicName@McVariantEventInfo@Events@McVariantHelper@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?SetValue@McvAny@McVariantHelper@@QEAAXPEBX@Z
?SetValue@McvAny@McVariantHelperNative@@QEAAXPEBX@Z
?SetValue@McvBool@McVariantHelper@@QEAAX_N@Z
?SetValue@McvBool@McVariantHelperNative@@QEAAX_N@Z
?SetValue@McvBuffer@McVariantHelper@@QEAAXPEBXH@Z
?SetValue@McvBuffer@McVariantHelperNative@@QEAAXPEBXH@Z
?SetValue@McvFloat@McVariantHelper@@QEAAXN@Z
?SetValue@McvFloat@McVariantHelperNative@@QEAAXN@Z
?SetValue@McvInt64@McVariantHelper@@QEAAX_J@Z
?SetValue@McvInt64@McVariantHelperNative@@QEAAX_J@Z
?SetValue@McvInt@McVariantHelper@@QEAAXH@Z
?SetValue@McvInt@McVariantHelperNative@@QEAAXH@Z
?SetValue@McvList@McVariantHelper@@QEAAXPEAUMcvBase@2@@Z
?SetValue@McvList@McVariantHelperNative@@QEAAXPEAUMcvBase@2@@Z
?SetValue@McvRegister@McVariantHelper@@QEAAXPEAX@Z
?SetValue@McvRegister@McVariantHelperNative@@QEAAXPEAX@Z
?SetValue@McvString@McVariantHelper@@QEAAXPEB_WH@Z
?SetValue@McvString@McVariantHelperNative@@QEAAXPEB_WH@Z
?SetValue@McvStringFromUtf8@McVariantHelper@@QEAAXPEBD@Z
?SetValue@McvStringFromUtf8@McVariantHelperNative@@QEAAXPEBD@Z
?Size@McVariantZ@McVariantHelper@@QEBAHXZ
?Size@McvView@McVariantHelper@@QEBAHXZ
?Size@McvZView@McVariantHelper@@QEBAHXZ
?Start@IProvider@Messaging@@QEAA_NXZ
?Start@Provider@Messaging@@QEAA_NXZ
?Stop@IProvider@Messaging@@QEAA_NXZ
?Stop@Provider@Messaging@@QEAA_NXZ
?String@McvView@McVariantHelper@@QEBA?AUMcvStringView@2@XZ
?String@McvZView@McVariantHelper@@QEBA?AUMcvStringView@2@XZ
?String@NodeRef@McVariantHelper@@QEBA?AUMcvStringView@2@XZ
?String@NodeRef@McVariantHelperNative@@QEBA?AUMcvStringView@McVariantHelper@@XZ
?TakeValue@McvString@McVariantHelper@@QEAAXPEA_WH@Z
?TakeValue@McvString@McVariantHelperNative@@QEAAXPEA_WH@Z
?TheNull@McvView@McVariantHelper@@KA?AUMcVariant@@XZ
?Type@McVariantZ@McVariantHelper@@QEBAHXZ
?Type@McvView@McVariantHelper@@QEBA?AW4TypeCodes@McVariant@@XZ
?Type@McvZView@McVariantHelper@@QEBA?AW4TypeCodes@McVariant@@XZ
?Type@NodeRef@McVariantHelper@@QEBA?AW4TypeCodes@McVariant@@XZ
?Type@NodeRef@McVariantHelperNative@@QEBA?AW4TypeCodes@McVariant@@XZ
?TypeCodeFromString@McVariantHelper@@YA?BW4TypeCodes@McVariant@@PEB_W@Z
?TypeCodeImage@McVariantHelper@@YAPEB_WW4TypeCodes@McVariant@@@Z
?Validate@McVariantHelper@@YA_NPEBUMcVariant@@@Z
?ValidateAtBase@McVariantHelper@@YA_NPEBUMcVariant@@PEBX@Z
?ValidateZero@McVariantHelper@@YA_NPEBUMcVariant@@@Z
?ValueBool@McVariantZ@McVariantHelper@@QEBA_NXZ
?ValueBufferBuf@McVariantZ@McVariantHelper@@QEBAPEAXXZ
?ValueBufferLen@McVariantZ@McVariantHelper@@QEBAHXZ
?ValueFloat@McVariantZ@McVariantHelper@@QEBANXZ
?ValueInt@McVariantZ@McVariantHelper@@QEBAHXZ
?ValueListIndex@McVariantZ@McVariantHelper@@QEBAPEAU12@H@Z
?ValueListLen@McVariantZ@McVariantHelper@@QEBAHXZ
?ValuePtr@McvView@McVariantHelper@@QEBAPEBXXZ
?ValuePtr@McvZView@McVariantHelper@@QEBAPEBXXZ
?ValueRegister@McVariantZ@McVariantHelper@@QEBAPEAXXZ
?ValueSize@McvView@McVariantHelper@@QEBAHXZ
?ValueSize@McvZView@McVariantHelper@@QEBAHXZ
?ValueStringLen@McVariantZ@McVariantHelper@@QEBAHXZ
?ValueStringStr@McVariantZ@McVariantHelper@@QEBAPEA_WXZ
?View@NodeRef@McVariantHelper@@QEBA?AUMcvView@2@AEBUPath@2@@Z
?View@NodeRef@McVariantHelperNative@@QEBA?AUMcvView@McVariantHelper@@AEBUPath@2@@Z
?WriteToRegistry@McVariantHelper@@YAHPEAXPEB_W1PEBUMcVariant@@@Z
?addAttribute@PropertyBase@BOProperty@McVariantHelper@@QEAA_NAEBVNameValuePair@BasicUtils@3@@Z
?addData@AMessage@McVariantHelper@@QEAAHAEBVAMcVariant@2@@Z
?addData@AMessage@McVariantHelper@@QEAAHAEBVAMcVariantList@2@_N@Z
?addHeaderData@AMessage@McVariantHelper@@QEAAHAEBVAMcVariant@2@@Z
?addHeaderData@AMessage@McVariantHelper@@QEAAHAEBVAMcVariantList@2@_N@Z
?addRef@xmlDataStore@BOProperty@McVariantHelper@@UEAAHXZ
?addSchema@XmlMcvConverter@McVariantHelper@@QEAA_NAEBVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?addSchema@xmlDataStore@BOProperty@McVariantHelper@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?addSchemaBuffer@XmlMcvConverter@McVariantHelper@@QEAA_NAEBVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?addTag@AMessage@McVariantHelper@@QEAAXVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?append@PropertyContainer@BOProperty@McVariantHelper@@QEAA_NAEBVAProperty@23@@Z
?append@PropertyContainer@BOProperty@McVariantHelper@@QEAA_NAEBVNameValuePair@BasicUtils@3@@Z
?appendContainer@PropertyContainer@BOProperty@McVariantHelper@@QEAA?AV?$SmartPtr@VPropertyContainer@BOProperty@McVariantHelper@@@23@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?appendNodeToAList@BasicUtils@McVariantHelper@@YAPEAUMcVariant@@PEAU3@@Z
?appendNodeToAList@BasicUtils@McVariantHelper@@YAPEAUMcVariant@@PEAUList@3@@Z
?appendNodeToAList@BasicUtils@McVariantHelper@@YA_NPEAUList@McVariant@@PEAU4@@Z
?appendNodeToAList@BasicUtils@McVariantHelper@@YA_NPEAUMcVariant@@00@Z
?assign@AMcvListReference@McVariantHelper@@QEAA_NAEBV12@@Z
?assign@AMcvReference@McVariantHelper@@QEAA_NAEBV12@@Z
?assignData@PropertyContainer@BOProperty@McVariantHelper@@QEAAHVSmartWcharPtr@string_utils@endpoint@mcafee_com@@PEAUMcVariant@@AEAVAssignmentOperator@23@@Z
?assignData@PropertyContainer@BOProperty@McVariantHelper@@QEAAHVSmartWcharPtr@string_utils@endpoint@mcafee_com@@PEAUMcVariant@@AEAVValidatorFunctor@23@@Z
?assignName@AMcvReference@McVariantHelper@@QEAA_NAEBV12@@Z
?assignValue@AMcvListReference@McVariantHelper@@QEAA_NAEBV12@@Z
?assignValue@AMcvReference@McVariantHelper@@QEAA_NAEBV12@@Z
?at@AMcvListReference@McVariantHelper@@QEAA?AVAMcvReference@2@H@Z
?at@AMcvListReference@McVariantHelper@@QEAA?AVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@I@Z
?at@AMcvListReference@McVariantHelper@@QEBA?BVAMcvReference@2@H@Z
?at@AMcvListReference@McVariantHelper@@QEBA?BVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@I@Z
?at@AMessage@McVariantHelper@@QEAA?AVAMcvReference@2@H@Z
?at@AMessage@McVariantHelper@@QEAA?AVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?at@AMessage@McVariantHelper@@QEBA?BVAMcvReference@2@H@Z
?at@AMessage@McVariantHelper@@QEBA?BVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?atL@AMcvListReference@McVariantHelper@@QEAA?AV12@H@Z
?atL@AMcvListReference@McVariantHelper@@QEAA?AV12@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@I@Z
?atL@AMcvListReference@McVariantHelper@@QEBA?BV12@H@Z
?atL@AMcvListReference@McVariantHelper@@QEBA?BV12@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@I@Z
?attribute@AMcvListReference@McVariantHelper@@QEAA?AVAMcvReference@2@H@Z
?attribute@AMcvListReference@McVariantHelper@@QEAA?AVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?attribute@AMcvListReference@McVariantHelper@@QEBA?BVAMcvReference@2@H@Z
?attribute@AMcvListReference@McVariantHelper@@QEBA?BVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?attribute@AMcvReference@McVariantHelper@@QEAA?AV12@H@Z
?attribute@AMcvReference@McVariantHelper@@QEAA?AV12@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?attribute@AMcvReference@McVariantHelper@@QEBA?BV12@H@Z
?attribute@AMcvReference@McVariantHelper@@QEBA?BV12@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?bDeInitialize@Participant@Messaging@@QEAA_NXZ
?bInitialize@Participant@Messaging@@QEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?bLoadBLFramework@Participant@Messaging@@AEAA_NXZ
?bPost@IPublisher@Messaging@@QEAA_NAEAVAMessage@McVariantHelper@@AEBVAMcVariantList@4@@Z
?bPost@IPublisherSubscriber@Messaging@@QEAA_NAEAVAMessage@McVariantHelper@@AEBVAMcVariantList@4@@Z
?bPost@Publisher@Messaging@@QEAA_NAEAVAMessage@McVariantHelper@@AEBVAMcVariantList@4@@Z
?bPost@PublisherSubscriber@Messaging@@QEAA_NAEAVAMessage@McVariantHelper@@AEBVAMcVariantList@4@@Z
?bPostResponse@IProvider@Messaging@@QEAA_NPEAVAMessage@McVariantHelper@@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?bPostResponse@Provider@Messaging@@QEAA_NPEAVAMessage@McVariantHelper@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?bPublishMessage@Messaging@@YA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@AEAVAMessage@McVariantHelper@@AEBVAMcVariantList@7@@Z
?bRequest@IPublisher@Messaging@@QEAA_NAEAVAMessage@McVariantHelper@@PEAPEAV34@PEAHAEBVAMcVariantList@4@PEC_NJ@Z
?bRequest@IPublisherSubscriber@Messaging@@QEAA_NAEAVAMessage@McVariantHelper@@PEAPEAV34@PEAHAEBVAMcVariantList@4@PEC_NJ@Z
?bRequest@Publisher@Messaging@@QEAA_NAEAVAMessage@McVariantHelper@@PEAPEAV34@PEAHAEBVAMcVariantList@4@PEC_NJ@Z
?bRequest@PublisherSubscriber@Messaging@@QEAA_NAEAVAMessage@McVariantHelper@@PEAPEAV34@PEAHAEBVAMcVariantList@4@PEC_NJ@Z
?bSendNotification@Participant@Messaging@@AEAA_NPEB_W@Z
?bSendRequest@Messaging@@YA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@AEAVAMessage@McVariantHelper@@PEAPEAV67@PEAHAEBVAMcVariantList@7@PEC_NJ@Z
?bSubscribe@IProvider@Messaging@@QEAA_NAEBVAMcvListReference@McVariantHelper@@@Z
?bSubscribe@IProvider@Messaging@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?bSubscribe@IPublisherSubscriber@Messaging@@QEAA_NAEBVAMcvListReference@McVariantHelper@@PEAXP6AXAEBVAMessage@4@1@Z@Z
?bSubscribe@IPublisherSubscriber@Messaging@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@PEAXP6AXAEBVAMessage@McVariantHelper@@1@Z@Z
?bSubscribe@ISubscriber@Messaging@@QEAA_NAEBVAMcvListReference@McVariantHelper@@PEAXP6AXAEBVAMessage@4@1@Z@Z
?bSubscribe@ISubscriber@Messaging@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@PEAXP6AXAEBVAMessage@McVariantHelper@@1@Z@Z
?bSubscribe@Provider@Messaging@@QEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?bSubscribe@Provider@Messaging@@QEAA_NAEBVAMcvListReference@McVariantHelper@@@Z
?bSubscribe@PublisherSubscriber@Messaging@@QEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEAXP6AXAEBVAMessage@McVariantHelper@@1@Z@Z
?bSubscribe@PublisherSubscriber@Messaging@@QEAA_NAEBVAMcvListReference@McVariantHelper@@PEAXP6AXAEBVAMessage@4@1@Z@Z
?bSubscribe@Subscriber@Messaging@@AEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBVAMcvListReference@McVariantHelper@@PEAXP6AXAEBVAMessage@6@2@Z@Z
?bSubscribe@Subscriber@Messaging@@QEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEAXP6AXAEBVAMessage@McVariantHelper@@1@Z@Z
?bSubscribe@Subscriber@Messaging@@QEAA_NAEBVAMcvListReference@McVariantHelper@@PEAXP6AXAEBVAMessage@4@1@Z@Z
?bUnloadBLFramework@Participant@Messaging@@AEAA_NXZ
?bUnsubscribe@IProvider@Messaging@@QEAA_NAEBVAMcvListReference@McVariantHelper@@@Z
?bUnsubscribe@IProvider@Messaging@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?bUnsubscribe@IPublisherSubscriber@Messaging@@QEAA_NAEBVAMcvListReference@McVariantHelper@@@Z
?bUnsubscribe@IPublisherSubscriber@Messaging@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?bUnsubscribe@ISubscriber@Messaging@@QEAA_NAEBVAMcvListReference@McVariantHelper@@@Z
?bUnsubscribe@ISubscriber@Messaging@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?bUnsubscribe@PublisherSubscriber@Messaging@@QEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?bUnsubscribe@PublisherSubscriber@Messaging@@QEAA_NAEBVAMcvListReference@McVariantHelper@@@Z
?bUnsubscribe@Subscriber@Messaging@@AEAA_NPEAX@Z
?bUnsubscribe@Subscriber@Messaging@@QEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?bUnsubscribe@Subscriber@Messaging@@QEAA_NAEBVAMcvListReference@McVariantHelper@@@Z
?bUnsubscribeAll@IPublisherSubscriber@Messaging@@QEAA_NXZ
?bUnsubscribeAll@ISubscriber@Messaging@@QEAA_NXZ
?bUnsubscribeAll@PublisherSubscriber@Messaging@@QEAA_NXZ
?bUnsubscribeAll@Subscriber@Messaging@@QEAA_NXZ
?bWaitForResponse@IPublisher@Messaging@@QEAA_NPEAXPEAPEAVAMessage@McVariantHelper@@PEAHPEC_NJ@Z
?bWaitForResponse@IPublisherSubscriber@Messaging@@QEAA_NPEAXPEAPEAVAMessage@McVariantHelper@@PEAHPEC_NJ@Z
?bWaitForResponse@Publisher@Messaging@@QEAA_NPEAXPEAPEAVAMessage@McVariantHelper@@PEAHPEC_NJ@Z
?bWaitForResponse@PublisherSubscriber@Messaging@@QEAA_NPEAXPEAPEAVAMessage@McVariantHelper@@PEAHPEC_NJ@Z
?body@AMessage@McVariantHelper@@QEAA?AVAMcvListReference@2@XZ
?body@AMessage@McVariantHelper@@QEBA?BVAMcvListReference@2@XZ
?buildMcVariantForTransport@BasicUtils@McVariantHelper@@YAPEAUMcVariant@@PEBU3@P6APEAX_K@Z@Z
?cStr@AMcvariantName@McVariantHelper@@QEBAPEB_WXZ
?clear@AMessage@McVariantHelper@@QEAAXXZ
?clearMcVariant@BasicUtils@McVariantHelper@@YAXPEAUMcVariant@@@Z
?clearValue@AMcvReference@McVariantHelper@@AEAAXXZ
?clone@PropertyContainer@BOProperty@McVariantHelper@@QEAAPEAV123@XZ
?compare@AMcVariant@McVariantHelper@@QEBAHAEBV12@@Z
?compare@AMcVariantValue@McVariantHelper@@QEBAHPEBD_N@Z
?compare@AMcVariantValue@McVariantHelper@@QEBAHVSmartWcharPtr@string_utils@endpoint@mcafee_com@@_N@Z
?compare@AMcvReference@McVariantHelper@@QEBAHAEBV12@@Z
?compare@AMcvariantName@McVariantHelper@@QEBAHPEBD_N@Z
?compare@AMcvariantName@McVariantHelper@@QEBAHVSmartWcharPtr@string_utils@endpoint@mcafee_com@@_N@Z
?compare@AProperty@BOProperty@McVariantHelper@@QEAAHAEBV123@@Z
?compare@PropertyContainer@BOProperty@McVariantHelper@@QEBAHAEBV123@@Z
?compareAMcVariant@BasicUtils@McVariantHelper@@YAHPEBUMcVariant@@0@Z
?compareMcVariant@BasicUtils@McVariantHelper@@YAHPEBUMcVariant@@0@Z
?compareMcVariantDataType@BasicUtils@McVariantHelper@@YA_NPEBUMcVariant@@0@Z
?compareMcVariantName@BasicUtils@McVariantHelper@@YAHPEBUMcVariant@@0@Z
?compareMcVariantName@BasicUtils@McVariantHelper@@YAHPEBUMcVariant@@PEB_W@Z
?compareMcVariantValue@BasicUtils@McVariantHelper@@YAHPEBUMcVariant@@0@Z
?compareSimpleMcVariant@BasicUtils@McVariantHelper@@YAHPEBUMcVariant@@0@Z
?computeMcVariantSize@BasicUtils@McVariantHelper@@YAIPEBUMcVariant@@@Z
?convert@XmlMcvConverter@McVariantHelper@@QEAA?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@PEAUMcVariant@@@Z
?convert@XmlMcvConverter@McVariantHelper@@QEAAPEAUMcVariant@@AEBVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?convert@XmlMcvConverter@McVariantHelper@@QEAA_NPEAUMcVariant@@AEBVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?convertFile@XmlMcvConverter@McVariantHelper@@QEAAPEAUMcVariant@@AEBVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?convertFromAMessage@McVariantHelper@@YA_NPEBUMcVariant@@PEAPEAU2@@Z
?convertToAMessage@McVariantHelper@@YA_NAEBVMcVariantEventInfo@Events@1@AEAVAMessage@1@@Z
?copyAMcVariant@BasicUtils@McVariantHelper@@YA_NPEAUMcVariant@@PEBU3@@Z
?copyASimpleMcVariant@BasicUtils@McVariantHelper@@YA_NPEAUMcVariant@@PEBU3@@Z
?copyMcVariant2Buffer@BasicUtils@McVariantHelper@@YAIPEBUMcVariant@@PEAEPEAI@Z
?copyMcVariant@BasicUtils@McVariantHelper@@YAPEAUMcVariant@@PEBU3@@Z
?copyMcVariant@BasicUtils@McVariantHelper@@YAXPEAUMcVariant@@PEBU3@@Z
?copyMcVariantName@BasicUtils@McVariantHelper@@YA_NPEAUMcVariant@@PEB_W@Z
?copyMcVariantValue@BasicUtils@McVariantHelper@@YA_NPEAUMcVariant@@PEBU3@@Z
?copyMcvAttributes@BasicUtils@McVariantHelper@@YA_NPEAUMcVariant@@PEBU3@@Z
?copyName@NameValuePair@BasicUtils@McVariantHelper@@AEAAXPEB_W@Z
?count@AMcvListReference@McVariantHelper@@QEBAHXZ
?createIterator@PropertyContainer@BOProperty@McVariantHelper@@QEAA?AV?$SmartPtr@VIPropertyIterator@BOProperty@McVariantHelper@@@23@XZ
?deleteNodeFromAList@BasicUtils@McVariantHelper@@YA_NPEAUList@McVariant@@PEAU4@1@Z
?deleteNodeFromAList@BasicUtils@McVariantHelper@@YA_NPEAUList@McVariant@@PEB_W@Z
?deleteNodeFromAList@BasicUtils@McVariantHelper@@YA_NPEAUMcVariant@@00@Z
?deleteNodeFromAList@BasicUtils@McVariantHelper@@YA_NPEAUMcVariant@@PEB_W@Z
?empty@AMcvListReference@McVariantHelper@@QEBA_NXZ
?empty@AMcvariantName@McVariantHelper@@QEBA_NXZ
?erase@AMcvListReference@McVariantHelper@@QEAAXXZ
?erase@AMcvListReference@McVariantHelper@@QEAA_NAEBVAMcvReference@2@I@Z
?erase@AMcvListReference@McVariantHelper@@QEAA_NH@Z
?erase@AMcvListReference@McVariantHelper@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?erase@AMcvReference@McVariantHelper@@QEAAXXZ
?erase@PropertyContainer@BOProperty@McVariantHelper@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?eraseMcVariant@BasicUtils@McVariantHelper@@YAXPEAUMcVariant@@@Z
?find@AMcvListReference@McVariantHelper@@QEAA?AVAMcvReference@2@AEBV32@I@Z
?find@AMcvListReference@McVariantHelper@@QEAA?AVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@I@Z
?find@AMcvListReference@McVariantHelper@@QEBA?BVAMcvReference@2@AEBV32@I@Z
?find@AMcvListReference@McVariantHelper@@QEBA?BVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@I@Z
?find@AMessage@McVariantHelper@@QEAAHAEAVAMcVariant@2@@Z
?find@PropertyContainer@BOProperty@McVariantHelper@@QEAA?AV?$SmartPtr@VAProperty@BOProperty@McVariantHelper@@@23@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?findContainer@PropertyContainer@BOProperty@McVariantHelper@@QEAA?AV?$SmartPtr@VPropertyContainer@BOProperty@McVariantHelper@@@23@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?findData@AMessage@McVariantHelper@@QEBAHAEAVAMcVariant@2@@Z
?findElementInAList@BasicUtils@McVariantHelper@@YAPEAUMcVariant@@PEBU3@0IPEAPEAU3@@Z
?findHeaderData@AMessage@McVariantHelper@@QEBAHAEAVAMcVariant@2@@Z
?findList@AMcvListReference@McVariantHelper@@QEAA?AV12@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@I@Z
?findList@AMcvListReference@McVariantHelper@@QEBA?BV12@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@I@Z
?findNode@AMcvListReference@McVariantHelper@@AEBA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@IPEAPEAUMcVariant@@@Z
?findNodeInAList@BasicUtils@McVariantHelper@@YAPEAUMcVariant@@PEBU3@H@Z
?findNodeInAList@BasicUtils@McVariantHelper@@YAPEAUMcVariant@@PEBUList@3@H@Z
?findNodeInAList@BasicUtils@McVariantHelper@@YAPEAUMcVariant@@PEBUList@3@PEB_W@Z
?findNodeInAList@BasicUtils@McVariantHelper@@YAPEAUMcVariant@@PEBUList@3@PEB_WI@Z
?findNodeInAList@BasicUtils@McVariantHelper@@YA_NPEBUList@McVariant@@PEAU4@PEAPEAU4@@Z
?findNodeInAList@BasicUtils@McVariantHelper@@YA_NPEBUMcVariant@@HPEAPEAU3@1@Z
?findNodeInAList@BasicUtils@McVariantHelper@@YA_NPEBUMcVariant@@PEAU3@PEAPEAU3@@Z
?findNodeInAList@BasicUtils@McVariantHelper@@YA_NPEBUMcVariant@@PEB_WPEAPEAU3@2@Z
?get@PropertyContainer@BOProperty@McVariantHelper@@QEAA?AV?$SmartPtr@VAProperty@BOProperty@McVariantHelper@@@23@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?getAttribute@PropertyBase@BOProperty@McVariantHelper@@QEBA?AVMcvToAny@BasicUtils@3@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?getBool@AMcVariantValue@McVariantHelper@@QEBA_NXZ
?getBuffer@AMcVariantValue@McVariantHelper@@QEBAAEBUBuffer@McVariant@@XZ
?getContainer@PropertyContainer@BOProperty@McVariantHelper@@QEAA?AV?$SmartPtr@VPropertyContainer@BOProperty@McVariantHelper@@@23@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?getData@PropertyBase@BOProperty@McVariantHelper@@QEBAPEAUMcVariant@@XZ
?getFloat@AMcVariantValue@McVariantHelper@@QEBANXZ
?getInt64@AMcVariantValue@McVariantHelper@@QEBA_JXZ
?getInt@AMcVariantValue@McVariantHelper@@QEBAHXZ
?getLastError@PropertyDB@BOProperty@McVariantHelper@@QEAA?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?getLastError@XmlMcvConverter@McVariantHelper@@QEAA?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?getLastError@XmlToMcvConverter@McVariantHelper@@QEAA?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?getLastError@xmlDataStore@BOProperty@McVariantHelper@@UEAA?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?getList@AMcVariantValue@McVariantHelper@@QEBA?BVAMcvListReference@2@XZ
?getMcVariant@XmlToMcvConverter@McVariantHelper@@QEAAPEAUMcVariant@@AEBVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?getMcVariant@XmlToMcvConverter@McVariantHelper@@QEAAPEAUMcVariant@@XZ
?getMcVariantCount@BasicUtils@McVariantHelper@@YAIPEAUMcVariant@@@Z
?getName@PropertyBase@BOProperty@McVariantHelper@@QEBA?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?getPathComponents@PropertyContainer@BOProperty@McVariantHelper@@AEBA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@AEAV?$vector@PEAVXPathComponent@XPath@McVariantHelper@@V?$allocator@PEAVXPathComponent@XPath@McVariantHelper@@@std@@@std@@@Z
?getRegister@AMcVariantValue@McVariantHelper@@QEBAPEAXXZ
?getSchema@XmlMcvConverter@McVariantHelper@@QEAA?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?getString@AMcVariantValue@McVariantHelper@@QEBA?AVSmartWcharPtr@string_utils@endpoint@mcafee_com@@XZ
?getTags@AMessage@McVariantHelper@@QEAA?AVAMcvListReference@2@XZ
?getType@McvToAny@BasicUtils@McVariantHelper@@QEBA?AW4TypeCodes@McVariant@@XZ
?getValue@AProperty@BOProperty@McVariantHelper@@QEBA?AVMcvToAny@BasicUtils@3@XZ
?hPostRequest@IPublisher@Messaging@@QEAAPEAXAEAVAMessage@McVariantHelper@@AEBVAMcVariantList@4@@Z
?hPostRequest@IPublisherSubscriber@Messaging@@QEAAPEAXAEAVAMessage@McVariantHelper@@AEBVAMcVariantList@4@@Z
?hPostRequest@Publisher@Messaging@@QEAAPEAXAEAVAMessage@McVariantHelper@@AEBVAMcVariantList@4@@Z
?hPostRequest@PublisherSubscriber@Messaging@@QEAAPEAXAEAVAMessage@McVariantHelper@@AEBVAMcVariantList@4@@Z
?header@AMessage@McVariantHelper@@QEAA?AVAMcvListReference@2@XZ
?header@AMessage@McVariantHelper@@QEBA?BVAMcvListReference@2@XZ
?iNumberOfOpenRequests@IPublisher@Messaging@@QEAAHXZ
?iNumberOfOpenRequests@IPublisherSubscriber@Messaging@@QEAAHXZ
?iNumberOfOpenRequests@Publisher@Messaging@@QEAAHXZ
?iNumberOfOpenRequests@PublisherSubscriber@Messaging@@QEAAHXZ
?init@AMcVariant@McVariantHelper@@AEAAXXZ
?init@AMcVariantList@McVariantHelper@@AEAAXXZ
?insert@AMcvListReference@McVariantHelper@@QEAA_NAEBV12@H@Z
?insert@AMcvListReference@McVariantHelper@@QEAA_NAEBV12@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?insert@AMcvListReference@McVariantHelper@@QEAA_NAEBVAMcvReference@2@H@Z
?insert@AMcvListReference@McVariantHelper@@QEAA_NAEBVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?insert@PropertyContainer@BOProperty@McVariantHelper@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@AEBVAProperty@23@@Z
?insert@PropertyContainer@BOProperty@McVariantHelper@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@AEBVNameValuePair@BasicUtils@3@@Z
?insertContainer@PropertyContainer@BOProperty@McVariantHelper@@QEAA?AV?$SmartPtr@VPropertyContainer@BOProperty@McVariantHelper@@@23@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@0@Z
?insertNodeInAList@BasicUtils@McVariantHelper@@YA_NPEAUMcVariant@@000@Z
?isBool@AMcVariantValue@McVariantHelper@@QEBA_NXZ
?isBuffer@AMcVariantValue@McVariantHelper@@QEBA_NXZ
?isFloat@AMcVariantValue@McVariantHelper@@QEBA_NXZ
?isHeaderKey@AMessage@McVariantHelper@@SA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?isInt64@AMcVariantValue@McVariantHelper@@QEBA_NXZ
?isInt@AMcVariantValue@McVariantHelper@@QEBA_NXZ
?isList@AMcVariantValue@McVariantHelper@@QEBA_NXZ
?isNewMessageFormat@McVariantHelper@@YAHPEBUMcVariant@@@Z
?isNull@AMcVariantValue@McVariantHelper@@QEBA_NXZ
?isNull@AMcvListReference@McVariantHelper@@QEBA_NXZ
?isNull@AMcvReference@McVariantHelper@@QEBA_NXZ
?isNull@AMcvariantName@McVariantHelper@@QEBA_NXZ
?isRegister@AMcVariantValue@McVariantHelper@@QEBA_NXZ
?isString@AMcVariantValue@McVariantHelper@@QEBA_NXZ
?length@AMcvariantName@McVariantHelper@@QEBAKXZ
?load@PropertyDB@BOProperty@McVariantHelper@@QEAA_NXZ
?load@xmlDataStore@BOProperty@McVariantHelper@@UEAAPEAUMcVariant@@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?load@xmlDataStore@BOProperty@McVariantHelper@@UEAAPEAUMcVariant@@XZ
?m_csAllTokens@Publisher@Messaging@@0VCSyncCriticalSection@@A
?m_csBlfHandle@Participant@Messaging@@0VCSyncCriticalSection@@A
?m_hBLFramework@Participant@Messaging@@0PEAUHINSTANCE__@@EA
?m_iRefCount@Participant@Messaging@@0HA
?m_vecAllTokens@Publisher@Messaging@@0V?$vector@PEAUResponseWaitToken@Publisher@Messaging@@V?$allocator@PEAUResponseWaitToken@Publisher@Messaging@@@std@@@std@@A
?name@AMcvListReference@McVariantHelper@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?name@AMcvListReference@McVariantHelper@@QEBA?BVAMcvariantName@2@XZ
?name@AMcvReference@McVariantHelper@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?name@AMcvReference@McVariantHelper@@QEBA?BVAMcvariantName@2@XZ
?name@NameValuePair@BasicUtils@McVariantHelper@@QEBAPEA_WXZ
?notifyChange@PropertyBase@BOProperty@McVariantHelper@@MEAAXPEAUMcVariant@@0H@Z
?notifyChange@PropertyContainer@BOProperty@McVariantHelper@@MEAAXPEAUMcVariant@@0H@Z
?pc_init@PropertyContainer@BOProperty@McVariantHelper@@QEAAXVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?popBack@AMcvListReference@McVariantHelper@@QEAAXXZ
?popFront@AMcvListReference@McVariantHelper@@QEAAXXZ
?prependNodeToAList@BasicUtils@McVariantHelper@@YAPEAUMcVariant@@PEAU3@@Z
?pushBack@AMcvListReference@McVariantHelper@@QEAA_NAEBV12@@Z
?pushBack@AMcvListReference@McVariantHelper@@QEAA_NAEBVAMcvReference@2@@Z
?pushFront@AMcvListReference@McVariantHelper@@QEAA?AVAMcvReference@2@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?pushFront@AMcvListReference@McVariantHelper@@QEAA_NAEBV12@@Z
?pushFront@AMcvListReference@McVariantHelper@@QEAA_NAEBVAMcvReference@2@@Z
?queryData@PropertyContainer@BOProperty@McVariantHelper@@QEAAHVSmartWcharPtr@string_utils@endpoint@mcafee_com@@PEAPEAUMcVariant@@AEAVDataValidator@23@_NP6APEAX_K@Z@Z
?queryData@PropertyContainer@BOProperty@McVariantHelper@@QEBAHVSmartWcharPtr@string_utils@endpoint@mcafee_com@@PEAPEAUMcVariant@@_NP6APEAX_K@Z@Z
?release@AProperty@BOProperty@McVariantHelper@@SAXPEAV123@@Z
?release@IPropertyIterator@BOProperty@McVariantHelper@@SAXPEAV123@@Z
?release@PropertyContainer@BOProperty@McVariantHelper@@SAXPEAV123@@Z
?releaseMcVariant@BasicUtils@McVariantHelper@@YAXPEAUMcVariant@@@Z
?releaseMcVariant@xmlDataStore@BOProperty@McVariantHelper@@UEAAXPEAUMcVariant@@@Z
?releaseRef@xmlDataStore@BOProperty@McVariantHelper@@UEAAHXZ
?reloadData@PropertyContainer@BOProperty@McVariantHelper@@IEAAXXZ
?remove@PropertyContainer@BOProperty@McVariantHelper@@QEAA_NAEAV?$SmartPtr@VIPropertyIterator@BOProperty@McVariantHelper@@@23@@Z
?remove@PropertyContainer@BOProperty@McVariantHelper@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?removeAttribute@PropertyBase@BOProperty@McVariantHelper@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?removeContainer@PropertyContainer@BOProperty@McVariantHelper@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?sGetParticipantName@Participant@Messaging@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?save@PropertyDB@BOProperty@McVariantHelper@@QEAA_NXZ
?save@xmlDataStore@BOProperty@McVariantHelper@@UEAA_NPEAUMcVariant@@@Z
?save@xmlDataStore@BOProperty@McVariantHelper@@UEAA_NPEAUMcVariant@@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?searchNode@PropertyContainer@BOProperty@McVariantHelper@@AEBA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@PEAPEAUMcVariant@@11@Z
?seek@PropertyContainer@BOProperty@McVariantHelper@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?setAttribute@PropertyBase@BOProperty@McVariantHelper@@QEAA_NAEBVNameValuePair@BasicUtils@3@@Z
?setValue@AProperty@BOProperty@McVariantHelper@@QEAA_NAEBVNameValuePair@BasicUtils@3@@Z
?size@AMcvListReference@McVariantHelper@@QEBAHXZ
?size@PropertyContainer@BOProperty@McVariantHelper@@QEBAIXZ
?theNull@McvView@McVariantHelper@@1UMcVariant@@A
?theNull@McvZView@McVariantHelper@@0AEAUMcVariantZ@2@EA
?traverseAndAssign@PropertyContainer@BOProperty@McVariantHelper@@AEAA_NPEAUMcVariant@@0AEAVValidatorFunctor@23@VSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?type@AMcVariantValue@McVariantHelper@@QEBA?AW4TypeCodes@McVariant@@XZ
?type@AMcvReference@McVariantHelper@@QEBA?AW4TypeCodes@McVariant@@XZ
?v@McvConvertBase@McVariantHelper@@QEAAPEBUMcVariant@@XZ
?validate@XmlMcvConverter@McVariantHelper@@QEAA_NPEAUMcVariant@@@Z
?validate@XmlMcvConverter@McVariantHelper@@QEAA_NVSmartWcharPtr@string_utils@endpoint@mcafee_com@@@Z
?value@AMcvReference@McVariantHelper@@QEAAXH@Z
?value@AMcvReference@McVariantHelper@@QEAAXN@Z
?value@AMcvReference@McVariantHelper@@QEAAXPEBG@Z
?value@AMcvReference@McVariantHelper@@QEAAXPEB_W@Z
?value@AMcvReference@McVariantHelper@@QEAAX_J@Z
?value@AMcvReference@McVariantHelper@@QEAAX_N@Z
?value@AMcvReference@McVariantHelper@@QEBA?BVAMcVariantValue@2@XZ
?value@NameValuePair@BasicUtils@McVariantHelper@@QEAA?AVMcvToAny@23@XZ
.?AVtype_info@@
.?AVAThread@EpHss@@
.?AVexception@std@@
.?AVbad_alloc@std@@
.?AUException@StlStringUtfConv@@
.?AVCSyncCriticalSection@@
.?AVCSyncBase@@
.?AVCSyncEvent@@
.?AVCSyncMutex@@
.?AVxmlDataStore@BOProperty@McVariantHelper@@
.?AVPropertyDB@BOProperty@McVariantHelper@@
.?AVIMcvDataSource@BOProperty@McVariantHelper@@
.?AVPropertyContext@BOProperty@McVariantHelper@@
.?AVDataValidator@BOProperty@McVariantHelper@@
.?AVAssignmentOperator@BOProperty@McVariantHelper@@
.?AVValidatorFunctor@BOProperty@McVariantHelper@@
.?AVPropertyIterator@BOProperty@McVariantHelper@@
.?AVIPropertyIterator@BOProperty@McVariantHelper@@
.?AVIPropertyContext@BOProperty@McVariantHelper@@
.?AVPropertyContainer@BOProperty@McVariantHelper@@
.?AVPropertyBase@BOProperty@McVariantHelper@@
.?AVAProperty@BOProperty@McVariantHelper@@
.?AVruntime_error@std@@
.?AVlogic_error@std@@
.PEAUMcvIllegalOperationException@McVariantHelper@@
.PEAUMcvIllegalOperationException@McVariantHelperNative@@
.?AVIProvider@Messaging@@
.?AVIPublisherSubscriber@Messaging@@
.?AVISubscriber@Messaging@@
.?AVIPublisher@Messaging@@
.?AVCAtlException@ATL@@
.?AV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@
.?AV?$_Iosb@H@std@@
.?AVios_base@std@@
.?AV?$basic_ios@_WU?$char_traits@_W@std@@@std@@
.?AV?$basic_istream@_WU?$char_traits@_W@std@@@std@@
.?AV?$basic_iostream@_WU?$char_traits@_W@std@@@std@@
.?AV?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@
.?AV?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@
.?AV?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@
.?AVCMcException@@
.?AV?$CMtQueue@PEAVAMessage@McVariantHelper@@@@
.?AVProviderThread@Messaging@@
.?AVBroker@Messaging@@
.?AVProvider@Messaging@@
.?AVPublisherSubscriber@Messaging@@
.?AVSubscriber@Messaging@@
.?AVParticipant@Messaging@@
.?AVPublisher@Messaging@@
.?AVCMcString@@
.?AVCMcBufString@@
.?AV?$CMcFixedString@$0EA@@@
.?AVCMcConstString@@
.?AVCMcRegKeyException@@
.?AVCMcOutOfMemoryException@@
.?AVCMcRegValueException@@
.?AVCMcStringException@@
.?AVCMcInternalException@@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
5|Wti
[5qjmH
{8W<kx
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160721000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
u1H/P\
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!0 0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
http://www.mcafee.com 0
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
190222100140Z0#
5ef11%
ia0-HjG
jRNn 0Z!
B,g%}v
YakeWJD
f0$\\=
N+`Uyz
a6oJ?.
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160816000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
http://www.mcafee.com 0
tY1;6Z5
20190222100149Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G3
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
171223000000Z
290322235959Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G30
?'J3Nm
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-60
U){9FN
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
190222100149Z0/
/1(0&0$0"
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
tyf90ttP
9^(t58]
Q8SWVh
Q8WVhl
u)8 u%V
s+j W
FVt=RWRSj
t*VPhX
t:WPPh
C8Ph$
9^HuMh@+
VVVVVj
N(SPPPQ
N(SPPPQ
N,WPPPQ
N,WPPPQ
@0QSh 1
P0Wh 1
P0Wh 1
P0Wh 1
P0Wh 1
P0Wh 1
P0Wh 1
P0Wh 1
P0Sh 1
@0Sh 1
@0Sh 1
P0Sh 1
@0Vh 1
P0Vh 1
@0VVh 1
P0Vh 1
QQSVW3
Jt6Jt JJt
Jt5Jt"JJt
QQSVWd
8CSVhG
URPQQh
u[9=`9
t"SS9] u
HHt$HHt
?If90t
^SSSSS
t =MOC
Ht Hu4j
t*=RCC
;7|G;p
tR99u2
HHt$HHt
;t$,v-
UQPXY]Y[
j@j ^V
PPPPPPPP
PPPPPPPP
..\..\..\Source\Engines\HcApi\BufferOverflow.cpp
DEP violation received, excptAddr: 0x%x status: 0x%x memoryType: 0x%x directives: 0x%x exceptFlags: 0x%x
Unable to monitor for DEP violations
Started monitoring for DEP violations
Remove monitor for DEP violations failed
Removed monitor for DEP violations
DEP GetModuleHandleA for GetProcessDEPPolicy failed
DEP call to GetProcAddress for GetProcessDEPPolicy failed
DEP call to GetProcessDEPPolicy failed
DEP is disabled for the process, perm: %d
DEP is already enabled for the process, perm: %d
GetProcessDEPPolicy
Kernel32.dll
DEP GetModuleHandleA for SetProcessDEPPolicy failed
DEP call to GetProcAddress for SetProcessDEPPolicy failed
Failed to enable DEP for the process, reason: 0x%x
DEP successfully enabled for the process
SetProcessDEPPolicy
Unexpected buffer overflow check result: 0x%x
WSASetLastError@4
ws2_32.dll
!p->UnHostedHookData
WS2_32
Exp_HookAPI
Exp_ClientDll_Register
EpMPApi.dll
GetThinHookInterface
EpMPThe.dll
HcApi terminating
..\..\..\Source\Engines\HcApi\HcApi.cpp
Failed to initialize HipArmorQueryInterface: 0x%x
HcApi initialized part 1.
HcApi initialized part 2.
Failed to initialize services engine: 0x%x
Failed to initialize thin hook interface: 0x%x
HcApi initialized part 3.
Failed to initialize buffer overflow: 0x%x
exp_DetachHandlers
LsarLookupNames
LsarLookupSids
ADMCOMConnect
..\..\..\Source\Engines\HcApi\HipArmorQuery.cpp
Assertion failure: %s, 0x%x
Finished HipArmorQuery instance
Not going to use SubChannel: %s
Using SubChannel: %s
HipArmorQuery:%s
Short circuit HipArmorQuery handle release due to external reference
Initialized HipArmorQuery instance
..\..\..\Source\Engines\HcApi\HipArmorQueryLog.cpp
sendSize <= sizeof(buf)
Unexpected failure processing query: 0x%x
EventsDBPtr == (Byte*)(&EventsDBStorage + 1)
..\..\..\Source\Engines\HcApi\HookSwhDirective.cpp
EventPtr == (Byte*)(&EventStorage + 1)
..\..\..\Source\Engines\HcApi\HostedHandler.cpp
!err && handlerDepthTlsIndex != (dword)-1
RpcRaiseException() reaction not available. Map to ExitThread().
CurrentHandlerDepth() == 1
ZwQueryKey for handle %d returned 0x%x
Unexpected failure creating query instance: 0x%x
Unable to allocate memory
..\..\..\Source\Engines\HcApi\RegPermDirective.cpp
GetSrvKeyNameFromRpcHandle(): EXCEPTION_EXECUTE_HANDLER
Error <HandleStartService> : failed to get service config when checking for group.
Error <HandleStartService> : error in EnumServiceStatus().
Error <HandleStartService> :failed to get the service config.
SRV_PreRStartServiceW(): hService %p, dwNumServiceArgs %d, lpServiceArgVectors %p
SRV_PreRControlService(): hService %p, dwControl %d
SRV_PreRDeleteService(): hService %p
Pre start
Pre control
Pre delete
..\..\..\Source\HipArmor\FatHook\ENG_API_BO.cpp
numCallerValidationApiTargets <= MAX_CALLER_VALIDATION_API_TARGETS
NtTerminateThread
NtTerminateProcess
TerminateThread
TerminateProcess
ExitThread
ExitProcess
GPEP %s based on initialization context
disabled
enabled
GPEP disabled based on configuration
..\..\..\Source\HipArmor\FatHook\HIPSCore_I.cpp
RPC: Hooking functions for interface: %s
RPC: HIDPreNdrStubCall2 I_ADM_COM fntbl=0x%p
70b51430-b6ca-11d0-b9b9-00a0c922e750
NdrStubCall2
RPC: Skipping NdrServerInitialize when MosHost.dll is loaded.
Rpcrt4
NdrServerInitialize
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
g_myModuleHandle
UpdateInjectionState - There was a problem updating the injection state
IEstate updated to: 0x%x
tmp == g_myModuleHandle
MfeFhe - Initialize code: 0x%x, cleanup: 0x%x.
MfeFhe - hookListBlob == NULL
MfeFhe - initialize done: 0x%x.
MfeFhe - error code 0x%x from HcApi init
MfeFhe - Can't initialize kevlar API hooking.
MfeFhe - UnStub initialization failed: 0x%x
MfeFhe - Haqi initialization failed: 0x%x
MfeFhe - FinalizeNfsc done: 0x%x
MfeFhe - FinalizeNfsc code: 0x%x
MfeFhe - Detach.
MfeFhe - Detach short.
MfeFhe - No more attempts.
MfeFhe - Initialize x %d.
ieState == InjEnvReadyToBeInitialized
MfeFhe - Initialize again.
MfeFhe - Already started.
MfeFhe - Need uninject first.
MfeFhe - Already initialized.
MfeFhe - Initialize not allowed while already in progress.
MfeFhe - Finalize code: 0x%x
MfeFhe - Finalize done: 0x%x
MfeFhe - Finalize not allowed while already in progress.
MfeFhe - Finalize().
Post_CoInitializeEx_Handler_1.0_a pid=%d
RpcRaiseException
CoTaskMemFree
StringFromCLSID
IIDFromString
CLSIDFromString
CoCreateInstance
CoInitialize
ole32.dll
COMSetupThreadProc wait result is %x
Stopping COMSetupThreadProc-0
Apartment
isSTA_Only_CLSID_1.0_c pid=%d tm=%0.20s
ThreadingModel
isSTA_Only_CLSID_1.0_b pid=%d
isSTA_Only_CLSID_1.0_a pid=%d clsid_path=%0.100s
\InprocServer32
SOFTWARE\Classes\CLSID\
Failed to import %s from %s, code 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_Kev_API.cpp
initKevlarAPIData : Failed to load %s, code 0x%x
RtlExitUserThread
RtlCreateUserThread
COMSetupThreadProc - Unexpected wait result: %x
CoInitializeEx
CoGetClassObject
hookKevlarAPIs - COM setup thread is not needed
hookKevlarAPIs - COM Thread create error: %d
p.p - packedBoDat == blob->blobSizeInBytes - blob->gbopHookOffset
UnPackBoConfig: Previous allocation or initialization failed
D:\BUILD_932351\BUILD\ENS\hostips\Windows\Source\HipArmor\public\HipArmorMitigationPolicy_Code.h
GetProcessMitigationPolicy
KERNEL32.DLL
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
HIPIS Error - Insufficient APIInfo space for %uB.
!pAPIInfo->inUse
!pAPIInfo->Next
MfeFhe - Unable to convert mb string: 0x%x
Nested pre handler depth = %d. [SHORT-CIRCUIT]
Nested post handler depth = %d. [SHORT-CIRCUIT]
handlerDepthTlsIndex != (dword)-1
pAPIInfo->APIAddress
pAPIInfo
secondSize >= bytesLeft
index + size <= ai.instructionSize
availableCode >= MAX_INSTRUCTION_SIZE
UnhookRpcrt4NdrServerInitialize(): MarkAPIInfoForReUse(%p)
UnhookRpcrt4NdrServerInitialize(): ApplyThinHook(%p, UNAPPLY)
UnhookRpcrt4NdrServerInitialize(): deactivating Hook DllName=%s, APIName=%s, old APIAddress=%p (%s)
pending
applied
Unexpected failure to trace image loads: 0x%x
hchost.dll - Active handlers prevent hchost.dll unload ATM.
HookAddress_Internal(): Unhooking %p from error
MfeFhe - Unable to apply thin hook: 0x%x
HookAddress_Internal(): %s APIName=%s, currently %s, new APIAddress=%p, SeqNo_mainAPIInfoList = %d
NO Hooking
Hooking
HookAddress_Internal(): pAPIInfo_ToUse=%p, pAPIInfo=%p, DllName=%s
%s.dll
!HookHadBeenApplied(pAPIInfo) || pAPIInfo->APIAddress == (tagAPIAddr)pbAPI
numWritten == (16 * 2 + 1)
Unable to get module file name, code 0x%x
CheckForHooks(): [CONTENT] %s has moved out of %s.
CheckForHooks(): [CONTENT] APIAddress %p has moved out of %s. Coding Error!!!
CheckForHooks(): NotifyDeadCodeRange(%p, 1) - %p != %p
CheckForHooks(): Refreshing or activating Hook DllName=%s, APIName=%s, old APIAddress=%p (%s), new APIAddress=%p
CheckForHooks(): List was modified! SeqNo_mainAPIInfoList (%d) != seqNo_Saved (%d). Restarting checks ...
CheckForHooks(): %p != %p
CheckForHooks(): hModule = NULL
Unexpected image trace result format
Unexpected failure getting image trace: 0x%x
KERNEL32
SetProcessMitigationPolicy
rc == MK_SUCCESS
LdrLoadDll
..\..\..\Source\HipArmor\HipShieldCommon\HipArmorOpcodes.cpp
data && dataIndex
index < 8
group < opCodeAttribGroupCount
!modrm_mod
index < opCodeAttribCount
data && dataSize
valuePtr == (Byte*)(&valueStorage + 1)
..\..\..\Source\HipArmor\HipShieldCommon\RegUtil.cpp
sectionPtr == (Byte*)(§ionStorage + 1)
commonPrefixLen && oldPrefixLen
commonPrefix || valuePart
..\..\..\Source\HipArmor\Injection\HIPSCore_U_Utils.cpp
Translation array size mismatch, expected multiple of 0x%x bytes
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
version.dll
\StringFileInfo\%04x%04x\FileVersion
..\..\..\Source\HipArmor\Xcpt\MeXcpt.cpp
MiniDumpWriteDump
dbghelp.dll
wrote dump %s
write dump failed %u
Undefined
Critical
MediumHigh
Medium
MediumLow
VeryLow
Normal
Manual dump (%s severity) %s
Continue execution
Continue handler search
Execute handler
Exception filter (%s severity): 0x%x
Exception vector: 0x%x
KERNEL32.dll
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
NtQueryVirtualMemory
NtQueryInformationProcess
NtSetInformationProcess
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeString
NtQueryKey
NtQueryObject
ntdll.dll
TraceMessageVa
TraceMessage
RtlNtStatusToDosError
GetActiveProcessorGroupCount
SetThreadGroupAffinity
NtLoadDriver
NotComDllGetInterface
MmsControl
HidLinkConnect
HidLinkConnectAsync
HidLinkLoad2
HidLinkLoad
HidLinkLoadAsync
HidLinkUnload
HidLinkAvTrust
HidLinkGetMappedFileName
HidLinkGetSystemHardwareConfig
Tamper
Illegal_API_Use
Program
Illegal Use
Buffer_Overflow
Services
Registry
Exceptions
*SG_Global*
*SG_Internal*
Parent Executable Fingerprint
Parent Executable Description
Parent Executable Subject Org Name
Parent Executable Is Trusted SDN
Parent Executable SDN
Parent Executable Path
Executable Fingerprint
Executable Description
Subject Organization Name
Is Trusted Subject Distinguished Name
Subject Distinguished Name
treaction
Disable Globals
ex_Group_SID
Take ownership
Warning Note
violations
module stack
dependencies
user groups
token handle
global logon id
session id
process id
unique rule ids
wrkstn name
domain user name
domain name
user name
Executable
application
illegal_api_use:invalid_call
illegal_api_use:bad_parameter
Vulnerability Name
Detailed Event Info
sql:request
transport
sql_user_password
authentication_mode
sql_line_comment
sp_param_char_len_ten
sp_param_char_len_nine
sp_param_char_len_eight
sp_param_char_len_seven
sp_param_char_len_six
sp_param_char_len_five
sp_param_char_len_four
sp_param_char_len_three
sp_param_char_len_two
sp_param_char_len_one
sp_param_orig_len_ten
sp_param_orig_len_nine
sp_param_orig_len_eight
sp_param_orig_len_seven
sp_param_orig_len_six
sp_param_orig_len_five
sp_param_orig_len_four
sp_param_orig_len_three
sp_param_orig_len_two
sp_param_orig_len_one
sp_param_ten
sp_param_nine
sp_param_eight
sp_param_seven
sp_param_six
sp_param_five
sp_param_four
sp_param_three
sp_param_two
sp_param_one
client_agent
server_name
db_user_name
sql_original_query
sql_query
sp_name
isapi:response
isapi:request
isapi:rawdata
isapi:reqquery
isapi:requrl
content len
server
source
raw url
local file
method
Web Server Type
raw data
files:permissions
files:hardlink
files:writeop
files:attribute
files:rename
files:delete
files:execute
files:write
files:read
files:create
drive type
dest file
hook:set_windows_hook
Handler Description
Handler Fingerprint
Handler Organization Name
Handler Is Trusted Distinguished Name
Handler Distinguished Name
Handler Path
Handler Module
image:load_for_execute
Image Description
Image Fingerprint
Image Organization Name
Image Is Trusted Distinguished Name
Image Distinguished Name
Image Path
program:open_with_any
program:open_with_create_thread
program:open_with_wait
program:open_with_modify
program:open_with_terminate
program:run
Target Fingerprint
Target Description
Target Organization Name
Is Trusted Target Distinguished Name
Target Distinguished Name
Target Executable
illegal:api
bo:dep_viol
bo:dep_write
bo:dep_heap
bo:dep_stack
bo:privilege_escalation
bo:no_module
bo:different_stack
bo:call_return_to_api
bo:call_different_target
bo:call_not_found
bo:call_return_unreadable
bo:invalid_call
bo:writeable_memory
bo:heap
bo:stack
DLL Name
Caller Description
Caller Fingerprint
Caller Organization Name
Caller Is Trusted Distinguished Name
Caller Distinguished Name
Caller Path
Caller Module
target_bytes
API Name
services:delete
services:create
services:logon
services:profile_disable
services:profile_enable
services:startup
services:continue
services:pause
services:stop
services:start
group names
hw profile
new startup
old startup
params
display names
services
registry:open_existing_key
registry:load
registry:replace
registry:restore
registry:monitor
registry:enumerate
registry:permissions
registry:modify
registry:delete
registry:rename
registry:read
registry:create
new data type
old data type
new data
old data
dest keys
values
Exclude_more
Include_more
attributes
directives
Exclude
Include
Exception
UNKNOWN
0123456789abcdef
(TC) isValidRelativePtr: %s - unexpected offset value (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
(TC) isValidRelativePtr: %s - invalid ptr offset (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
(TC) isValidRelativePtr: %s - invalid offset (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
UnpatchValue: me->data.bin
UnpatchValue: me->next
(TC) UnpatchValue: me->size (%ld) invalid data size
(TC) UnpatchValue: me->attributes invalid attr or val
FreeValue: tried to free INT value!
UnpatchSection: me->next
UnpatchSection: me->values
(TC) UnpatchSection: me->type invalid
(TC) UnpatchSection: me->attributes invalid attr or val
(TC) UnpatchEvent: me->type invalid
(TC) UnpatchEvent: me->sigId invalid
UnpatchEvent (me->secLookupTable[i].v)
UnpatchEvent: me->next
UnpatchEvent: me->sections
(TC) UnpatchEvent: me->attributes invalid attribute
(TC) UnpatchEvent: me->directives invalid directive value
UnpatchEventsDB: me->events
(TC) UnpatchEventsDB: me->attributes invalid attr
ASSERT:
g0123456789abcdef0x
0123456789ABCDEF0X
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
(null)
`h````
xpxxxx
bad exception
CorExitProcess
`h`hhh
xppwpp
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
Unknown exception
D:\BUILD_932351\BUILD\ENS_ResultsDir\Release32\EpMPApi.pdb
RpcStringFreeA
UuidToStringA
RPCRT4.dll
VirtualAlloc
VirtualFree
GetCurrentProcess
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
GetProcAddress
GetModuleHandleA
GetLastError
ReadProcessMemory
FreeLibrary
LoadLibraryA
DisableThreadLibraryCalls
DebugBreak
RaiseException
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameW
TlsGetValue
TerminateProcess
ExitThread
GetVersionExA
HeapUnlock
SetLastError
HeapWalk
HeapLock
GetProcessHeaps
GetModuleHandleW
InterlockedCompareExchange
VirtualQuery
WaitForSingleObject
GetModuleHandleExW
CloseHandle
ResumeThread
GetSystemInfo
MultiByteToWideChar
SetEvent
LoadLibraryW
IsBadReadPtr
GetCurrentThread
WaitForMultipleObjects
CreateEventW
SetFilePointer
CreateFileW
GetModuleFileNameA
CreateFileA
DuplicateHandle
LocalFree
LocalAlloc
DeviceIoControl
ResetEvent
LoadLibraryExW
OutputDebugStringW
GetCurrentDirectoryW
CreateThread
InterlockedIncrement
InterlockedDecrement
TlsAlloc
TlsSetValue
WriteFile
GetStdHandle
KERNEL32.dll
wsprintfW
USER32.dll
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CloseServiceHandle
GetServiceDisplayNameW
OpenSCManagerW
QueryServiceConfigW
QueryServiceStatus
OpenServiceW
EnumServicesStatusW
RegQueryValueExA
RegOpenKeyA
TraceEvent
OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges
PrivilegeCheck
LookupPrivilegeValueW
StartServiceW
RevertToSelf
ADVAPI32.dll
WinVerifyTrust
WINTRUST.dll
DecodePointer
EncodePointer
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsFree
WideCharToMultiByte
LCMapStringW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStringTypeW
HeapSize
ExitProcess
HeapCreate
HeapDestroy
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
HeapReAlloc
SetStdHandle
WriteConsoleW
FlushFileBuffers
EpMPApi.dll
BaseHostedKevlarPostHandler
BaseHostedKevlarPreHandler
Exp_ClientDll_Register
Exp_GetAgentVersion
Exp_HookAPI
Exp_HookAddress
Exp_HookAddress_000
Finalize
GetUnStubInterface
HIDPreADMCOMConnect
HIDPreLsarLookupNames
HIDPreLsarLookupSids
HIDPreRControlService
HIDPreRDeleteService
HIDPreRStartServiceW
HipArmorQueryV1GetReference
HipArmorQueryV1ReleaseReference
HookSwhDirective_PreSetWindowsHookEx
Initialize
RegPermDirective_PreNtSetSecurityObject
RpcAddApiToList
exp_DetachHandlers
.?AUHipArmorApiHookTools@@
.?AULogInterface@ScLog@@
.?AUHipArmorQuery_@@
.?AUHipArmorQuery@@
.?AUHipArmorQueryLightTools@@
.?AUHipArmorEventTools@@
.?AUHipArmorQueryLog@ScLog@@
.?AUHipArmorQueryLightTools_@@
10.7.0.796
.?AVCMkString@@
.?AVCMkRefString@@
.?AUReporting@MeControl@@
.?AUExplicit@MeControl@@
.?AUFiltered@MeControl@@
.?AUVectored@MeControl@@
.?AUMeControl@@
.?AVtype_info@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_exception@std@@
.?AVexception@std@@
6'6,666M6R6\6
737H7N7X7y7
828:8G8N8_8d8n8
9H9f9k9}9
:B:I:W;
=@=]=j=
=)>T>~>
?7?D?[?x?
90C0[0
1&1+1R1Z1`1f1l1t1z1
2.2:2F2R2Z2e2y2
3&3,32383R3X3b3l3~3
4,424<4P4W4u4
6'6H6g6t6
;8;e;|;
<d<t<y<
=(=A=G=M=R=X=
2%2.2C2T2Z2c2i2t2~2
3#3)3J3
6I7O7Y7
8 8.858U8\8
3+383i3
4 474P4
5"6)6.6>6Y6t6
0$0/040B0N0t0
0V4[4w4
5*636T6\6b6m6u6{6
7 7)7/7:7D7L7X7b7
9 999B9w9
:$:*:0:=:I:Q:i:~:
;%;=;E;
1:2V3]3
3 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4l4p4t4x4|4
6/686A6J6S6\6f6l6
7+717:7@7J7
8*8U8[8c8
9H9N9X9
: :-:2:<:L:_:h:m:
;8;N;S;Z;w;
;F<K<]<|<
='=s=}=
>4>X>b>j>
? ?K?U?\?
0M0S0]0r0y0
1$161E1V1^1d1l1t1z1
2 2&232:2Q2V2`2
3'323T3n3v3{3
4%424B4K4R4\4r4
5*5o5u5
;";);.;3;9;>;Q;W;];i;o;t;
=E=P=}=
>)>3>9>?>H>N>[>a>l>s>{>
?#?*?;?@?E?K?Z?`?h?
3(4P4U4[4g4r4
50565<5D5M5b5
6=6L6q6
7#72787Y7w7}7
9?9E9K9S9i9o9u9}9
:$:5:A:
;9;B;V;_;e;o;
<!</<:<
=,=C=Z=c=h=n=x=
> >%>/>g?q?
080>0D0K0
0%1+151
1>2D2N2
353@4E4O4q4
5)5T5^5l5s5'6U6s6}6
6 7)7;7E7k7z7
>(>->S>
? ?)?V?[?m?
%0,0=0G0R0k0u0
1:1@1J1
2(2-272O2U2_2
3"3(383>3D3J3a3
5 5-525<5s5y5
:I;Q;[;};
<?<I<S<z<
>!>1>=>G>R>x>
?2?9???D?O?Y?d?
0)080B0e0o0
2:3@3J3
4I4N4W4\4z4
5#53585B5V5]5g5r5
7,868`8j8
:]:$;(;,;0;
=W=a=z=
3&4+4=4&5+5=5
9 9%9+91979=9_9f9
:&:?:[:w:
;h<o<&=Q=
>@?D?H?L?P?
0%0-03080A0H0M0W0o0
0.1@1O1d1w1
2#2+272?2M2a2l2
3 3$3:3
3(4/464\4`4d4h4l4p4
4!5.585@5I5b5l5t5
696Q6}6
9":(:5:::B:L:P:U:\:c:n:x:|:
;+<B<Z<n<z<
=.=:=A=]=z=
3$3+32393@3
=N>I?i?p?
.050L0T0]0e0
0 1%1?1M1Z1s1
2&282e2j2}2
31363V3e3j3
4(4-4D4M4R4l4
585=5V5j5
6*6/6N6Z6_6y6
797L7Q7j7
8)8.8T8z8
;J;O;h;
=3=f=k=
>3>U>Z>~>
1R1b1g1
2-2E2S2^2v2
878Z8d8j8
9G9L9Q9d9p9+<4<]<
91I1_1v1
3"32383>3F3U3\3q3|3
:*:1:P;W;n<u<
1`2d2h2l2p2t2x2|2
2(3,3034383<3l3p3t3x3|3
4P4T4X4\4`4
6 7=7D7H7L7P7T7X7\7`7
7"8-8H8O8T8X8\8}8
8F9L9P9T9X9%;`;
2Z2a2i2
4;5d5=7f7
8)8X8^8m8U9a9l:|<
0#0(0,000Y0
292@2D2H2L2P2T2X2\2
8A8L8V8o8y8
;';9;T;\;d;{;
<,<=<Q<
0!0C0X0~0
3"3(3/353=3D3I3Q3Z3f3k3p3v3z3
4,424J4
; <.<I<^?
1+2W2x2\4
7$8+888>8
9#9*91989?9F9M9U9]9e9q9z9
9X;];o;
=D=V=i=|=
> >.>b>o>
?L?s?{?
\0}1q2
949>9I9`;T<
<V=_=k=
>B>H>T>Z>c>j>
?'?,?>?H?M?i?s?
!0+0Q0X0r0y0
:[=_=c=g=k=o=s=w=
5;5]5F7
:5;O;X;
;!<(<=<
> >X>b>
0*101L1t1
606>6D6g6n6
7$;6;H;Z;l;
<"<4<F<X<j<D>Q>j>
3[4+5\5r5
8(888?8N8Z8g8
8#929;9_9
;9<><x<}<
>#>->6>A>F>O>Y>d>
849G9_9
;<;E;l;y;~;
P0V0[0a0r0
5&525K5U5c5i5s5}5
6%61666;6E6Q6V6[6e6q6v6{6
7!7+7F7R7c7p7v7z7
8!818A8
2 2$2(2,2024282<2@2D2H2T2X2\2`2l2p2D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
9 9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
0 0$0(0,0$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
9$9,949<9D9L9T9\9d9l9t9|9@:D:H:L:
094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
:0;4;8;
;(<,<<<@<H<`<p<t<
= =$=8=<=D=\=l=p=
>$><>L>P>`>d>h>p>
? ?0?4?8?@?X?h?l?|?
0 080H0L0\0`0h0
1l1p1x1
2 2<2@2\2`2h2l2t2
4 4@4`4|4
5(545L5P5p5
60686<6T6X6t6x6
7(7H7h7
808P8p8
1D1p1t1
2 282T2\2`2d2h2x2
3 3$3(343<3D3L3T3\3d3l3t3|3
4$4,4<4D4L4T4\4d4l4t4
5$545<5D5L5T5\5d5l5t5|5
6,646<6D6L6T6d6l6t6|6
7$7,747<7D7L7T7\7d7l7|7
8$8,848<8D8L8T8\8d8l8t8|8
9$9,949<9D9T9d9l9t9
:$:,:4:<:D:L:T:\:d:l:t:|:
; ;$;(;0;4;8;@;D;H;P;T;X;`;d;h;p;t;x;
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2
3<3H3L3P3T3X3
l2::k
;pte%d
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160721000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
u1H/P\
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!0 0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
http://www.mcafee.com 0
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
190320165834Z0#
hH0AY6x
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
180920194506Z
190920194506Z0
Washington1
Redmond1
Microsoft Corporation1;09
2Microsoft Windows Hardware Compatibility Publisher0
E0C1)0'
Microsoft Operations Puerto Rico1
232825+4457930
chttp://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crl0
ehttp://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
120418234838Z
270418235838Z0
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
-g<'<V
}PH.=C
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
p%|Yi1$
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 2012
(https://www.microsoft.com/en-us/windows 0
c%.9e_
20190321184543.111Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:3BBD-E338-E9A11%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
181024211425Z
200110211425Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:3BBD-E338-E9A11%0#
Microsoft Time-Stamp Service0
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100701213655Z
250701214655Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
$`2X`F
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
oK0D$"<
r~akow
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:3BBD-E338-E9A11%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
20190322005134Z
20190323005134Z0w0=
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
5.Eh;9
TG4FVbT
hH0AY6x
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160816000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
http://www.mcafee.com 0
7DKCq7rgj:<
20190320165843Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G3
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
171223000000Z
290322235959Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G30
?'J3Nm
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-60
U){9FN
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
190320165843Z0/
/1(0&0$0"
_P%/I3R
&_#FRN
!This program cannot be run in DOS mode.
`.rdata
@.data
@.rsrc
@.reloc
Pj@QRW
Pj@QRW
F0jwPW
QPjwRW
F0jwPW
URPQQh\Q
;t$,v-
UQPXY]Y[
EpMPThe_l0.dll
l1Tramp
EpMPThe_l1.dll
EpMPThe_l0
GetLastError
SetLastError
TlsSetValue
kernel32.dll
TlsGetValue
NtQueryInformationThread
ntdll.dll
D:\BUILD_932351\BUILD\ENS\hostips\Windows\Source\HipArmor\release\EpMPThe.pdb
GetLastError
VirtualFree
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetSystemInfo
SetEnvironmentVariableA
GetEnvironmentVariableA
TlsAlloc
VirtualProtect
VirtualAlloc
GetCurrentThread
TlsSetValue
TlsGetValue
CloseHandle
WaitForSingleObject
OpenThread
Thread32Next
GetCurrentThreadId
GetCurrentProcessId
Thread32First
CreateToolhelp32Snapshot
FlushInstructionCache
WriteProcessMemory
VirtualProtectEx
GetCurrentProcess
TlsFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlUnwind
KERNEL32.dll
EpMPThe.dll
GetL0ManagerInterface
GetThinHookInterface
2&2 3>3
4!4-4B4J4S4Y4f4k4r4
5#5)5A5G5W6m6
9@9f9k9
: :):.:7:=:E:O:t:
:!;W;g;
<1<E<Q<`<
3f3k3}3
4)434=4
515;5a5m5}5
6'6;6Q6
6&767X7
?#?.?4?:?@?F?L?R?k?q?w?}?
0@0r1w1
<-<9<i<s<
2!2'2-232I2_2t2
8!8(8,8084888<8@8D8
9,93989<9@9a9
9*:0:4:8:<:
0"0)00070>0E0M0U0]0i0r0w0}0
0 0$0(0,0004080<0@0D0H0L0P0T0
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160721000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
u1H/P\
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!0 0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
http://www.mcafee.com 0
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
190320165854Z0#
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
180920194506Z
190920194506Z0
Washington1
Redmond1
Microsoft Corporation1;09
2Microsoft Windows Hardware Compatibility Publisher0
E0C1)0'
Microsoft Operations Puerto Rico1
232825+4457930
chttp://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crl0
ehttp://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
120418234838Z
270418235838Z0
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
-g<'<V
}PH.=C
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
p%|Yi1$
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 2012
(https://www.microsoft.com/en-us/windows 0
20190321184543.703Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:3BBD-E338-E9A11%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
181024211425Z
200110211425Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:3BBD-E338-E9A11%0#
Microsoft Time-Stamp Service0
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100701213655Z
250701214655Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
$`2X`F
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
oK0D$"<
r~akow
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:3BBD-E338-E9A11%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
20190322005134Z
20190323005134Z0w0=
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
EOrg![
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
.Vy@Gd4
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160816000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
http://www.mcafee.com 0
20190320165903Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G3
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
171223000000Z
290322235959Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G30
?'J3Nm
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-60
U){9FN
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
190320165903Z0/
/1(0&0$0"
_u2uh+n
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
D$H9D$@s
D$ 9D$h
9D$hv7
D$ 9D$$s
D$@H9D$
9D$ s'
H9D$ u
|$ v"L
HcD$PH
H9D$hu
tHcD$ H
HHcD$XH
L$@H9A
D$H9D$ }#HcD$ H
HcL$ H
HcD$XH
HcD$XH
HcD$XH
HcL$XH
HcD$XH
HcD$XH
HcL$XH
HcD$XH
HcD$XH
HcD$XH
HcL$XH
HcD$ Hi
HcD$ Hi
HcD$ Hi
HcL$$Hk
`HcD$ Hi
HcL$$Hk
dHcD$ Hi
HcL$$Hk
hHcD$ Hi
HcL$$Hk
pHcD$ Hi
HcL$$Hk
xHcD$ Hi
HcL$$Hk
HcD$ Hi
HcL$$Hk
HcD$ Hi
HcL$ Hi
HcD$ Hi
HcD$ Hi
HcD$ Hi
HcD$ Hi
HcD$ Hi
`HcD$ Hi
dHcD$ Hi
hHcD$ Hi
pHcD$ Hi
xHcD$ Hi
HcD$ Hi
HcD$ Hi
HcL$ Hi
SUVWATH
HcD$`Hi
HcD$`Hi
HcD$`Hi
D$dHcD$`Hi
HcD$`Hi
HcL$dHk
D$pHcD$pH
HcD$`Hi
HcL$dHk
(HcT$`Hi
LcD$dMk
(LcL$`Mi
LcT$dMk
(Lc\$`Mi
Lc\$dMk
(Hc|$`Hi
Hct$dHk
(Hcl$`Hi
A\_^][
H9D$ u
@SUVWATAUAVAWH
HcD$PHi
HcD$PHi
HcD$PHi
HcD$PHi
HcD$PHi
HcD$PHi
u"HcD$PHi
HcD$PHi
HcD$PHi
HcT$PHi
LcL$PMi
Lc\$PMi
Hc|$PHi
Hcl$PHi
Lcl$PMi
Lc|$PMi
hA_A^A]A\_^][
HcD$@Hi
HcD$@Hi
HcD$@Hi
HcL$@Hi
HcD$@Hi
HcL$@Hi
HcD$@Hi
HcD$@Hi
HcD$@Hi
HcT$@Hi
HcL$@Hi
HcD$@Hi
HcL$@Hi
LcD$@Mi
HcD$@Hi
HcD$@Hi
HcD$@Hi
HcT$@Hi
HcL$@Hi
HcD$@Hi
HcL$@Hi
LcD$@Mi
HcD$@Hi
HcD$@Hi
HcD$@Hi
HcT$@Hi
HcL$@Hi
HcD$@Hi
HcL$@Hi
LcD$@Mi
HcD$@Hi
HcD$@Hi
HcD$@Hi
HcT$@Hi
HcL$@Hi
HcD$@Hi
HcL$@Hi
LcD$@Mi
KHcD$@Hi
t$HcD$@Hi
HcD$`Hi
HcD$`Hi
HcD$`Hi
HcD$`Hi
HcD$`Hi
u"HcD$`Hi
HcD$`Hi
t&HcD$`Hi
t#HcD$`Hi
@SUVWATAUAVAWH
HcD$`Hi
HcD$`Hi
HcD$`Hi
HcD$`Hi
HcD$`Hi
HcD$`Hi
u"HcD$`Hi
HcD$`Hi
HcD$`Hi
HcT$`Hi
LcD$`Mi
LcT$`Mi
Hc\$`Hi
Hct$`Hi
Lcd$`Mi
Lct$`Mi
HcD$`Hi
HcD$`Hi
HcD$`Hi
HcD$`Hi
u"HcD$`Hi
HcD$`Hi
HcD$`Hi
HcT$`Hi
Hc|$`Hi
Hcl$`Hi
LcL$`Mi
Lc\$`Mi
Lcl$`Mi
A_A^A]A\_^][
HcD$0Hi
tcHcD$0Hi
t$HcD$0Hi
T$8HcD$0Hi
D$09D$4s[
8HcD$PHk
D$P9D$(}#HcD$(H
9D$(}+HcD$(Hi
9D$`sT
HcD$XH
tNHcD$XH
9D$$v<
D$,9D$ r
H9D$ptFH
H;D$@u
D$0H9D$@w
HcD$`H
HcD$`H
HcD$`H
D$(9D$hs
D$09D$xs
D$09D$
H;D$Hs
D$`H9D$`t
D$`H9D$`t
D$`HcD$`H9D$`t
(H9D$8u
HH9D$@u
|$0)vRA
D$`H9D$hr5A
H9D$Pu
D$@H9D$
D$`H9D$0u
H9D$pu
D$pH9D$@u
D$`H9D$0u
H9D$pu
D$pH9D$@u
H9D$pu
D$pH9D$@u
HHcD$`H
D$`=MZ
D$P9D$ u
D$ H9D$(u
D$D9D$Ts9
H9D$ v*H
H9D$ v+H
txHcD$ H
D$$HcL$ H
D$ HcD$ H
tpHcD$ H
D$$HcL$ H
D$ HcD$ H
D$D9D$HsE
trHcD$
taHcD$
tPHcD$
f9l$Xu
f9t$0t,
VWATAUAVH
0A^A]A\_^
H9\$Xu
t f9\)
H9\$Xu
|$ ATH
|$ ATAUAVH
@A^A]A\
H VWATH
L$ SVWH
@Hcy`H
VWATAUAVH
A^A]A\_^
@SVWATAV
A^A\_^[
t$ WATAUAVAWH
H9D$PvBH
H9MpuBH
A_A^A]A\_
@SUVWAVAWH
hA_A^_^][
t>ffff
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
~+fffff
fffffff
fffffff
t$ WATAUAVAWH
A_A^A]A\_
p WATAUH
A]A\_
WATAUH
A]A\_
@USVWATAUAVAWH
A_A^A]A\_^[]
L$ USWH
ATAUAVH
A^A]A\
UATAUH
UATAUH
WATAUH
0A]A\_
WATAUAVAWH
A_A^A]A\_
@8l$8t
@8l$8t
UVWATAUH
D$&8\$&t-8X
@A]A\_^]
@UATAUAVAWH
!t$(H!t$ A
A_A^A]A\]
UVWATAUAVAWH
D$HD9T$\
t$pD+d$HD+
9D$Ttg
A_A^A]A\_^]
SVWATAUAVAWH
0A_A^A]A\_^[
WATAUAVAWH
A_A^A]A\_
@SVWATAUAVAWH
L!l$HL!l$@
D$PL9oXt
D$8HcH
A_A^A]A\_^[
ATAUAVH
0A^A]A\
VWATAUAVH
A^A]A\_^
UVWATAUAVAWH
`A_A^A]A\_^]
UVWATAUAVAWH
E9,$~T3
A_A^A]A\_^]
WATAVH
@A^A\_
t$ WATAUH
WATAUAVAWH
@A_A^A]A\_
WATAUH
A]A\_
UVWATAUAVAWH
D$HD9T$\
t$pD+d$HD+
9D$Ttg
A_A^A]A\_^]
WATAUH
A]A\_
UVWATAUAVAWH
A_A^A]A\_^]
LcA<E3
UVWATAUAVAWH
A_A^A]A\_^]
ATAUAVH
fD9t$b
A^A]A\
x ATAUAVH
A^A]A\
Hct$@H
s\HcL$HH
@UATAUAVAWH
A_A^A]A\]
VWATAUAVH
A^A]A\_^
\$ UVWATAUAVAWH
!|$DHc
|$DD9d$X
f;D$@ug
f;D$@uD
H!\$ H
HcD$HH;
H!\$ H
HcD$HH;
H!|$ L
A_A^A]A\_^]
VWATAUAVH
xs;={%
A^A]A\_^
L$ UVWH
WATAUAVAWH
0A_A^A]A\_
@SUVWATAUAVH
PA^A]A\_^][
l$ VWATH
9\$ ~>H
D8"u%H
ATAUAWH
0A_A]A\
H(H9J(u
exp_DetachHandlers
DEP violation received, excptAddr: 0x%x status: 0x%x memoryType: 0x%x directives: 0x%x exceptFlags: 0x%x
..\..\..\Source\Engines\HcApi\BufferOverflow.cpp
Started monitoring for DEP violations
..\..\..\Source\Engines\HcApi\BufferOverflow.cpp
Unable to monitor for DEP violations
..\..\..\Source\Engines\HcApi\BufferOverflow.cpp
Removed monitor for DEP violations
..\..\..\Source\Engines\HcApi\BufferOverflow.cpp
Remove monitor for DEP violations failed
..\..\..\Source\Engines\HcApi\BufferOverflow.cpp
Kernel32.dll
GetProcessDEPPolicy
DEP is already enabled for the process, perm: %d
..\..\..\Source\Engines\HcApi\BufferOverflow.cpp
DEP is disabled for the process, perm: %d
..\..\..\Source\Engines\HcApi\BufferOverflow.cpp
DEP call to GetProcessDEPPolicy failed
..\..\..\Source\Engines\HcApi\BufferOverflow.cpp
DEP call to GetProcAddress for GetProcessDEPPolicy failed
..\..\..\Source\Engines\HcApi\BufferOverflow.cpp
DEP GetModuleHandleA for GetProcessDEPPolicy failed
..\..\..\Source\Engines\HcApi\BufferOverflow.cpp
Kernel32.dll
SetProcessDEPPolicy
DEP successfully enabled for the process
..\..\..\Source\Engines\HcApi\BufferOverflow.cpp
Failed to enable DEP for the process, reason: 0x%x
..\..\..\Source\Engines\HcApi\BufferOverflow.cpp
DEP call to GetProcAddress for SetProcessDEPPolicy failed
..\..\..\Source\Engines\HcApi\BufferOverflow.cpp
DEP GetModuleHandleA for SetProcessDEPPolicy failed
..\..\..\Source\Engines\HcApi\BufferOverflow.cpp
Unexpected buffer overflow check result: 0x%x
..\..\..\Source\Engines\HcApi\BufferOverflow.cpp
WS2_32
!p->UnHostedHookData
..\..\..\Source\Engines\HcApi\BufferOverflow.cpp
WSASetLastError@4
ws2_32.dll
exp_DetachHandlers
EpMPThe.dll
GetThinHookInterface
HcApi terminating
HcApi initialized part 1.
Failed to initialize HipArmorQueryInterface: 0x%x
..\..\..\Source\Engines\HcApi\HcApi.cpp
Failed to initialize thin hook interface: 0x%x
..\..\..\Source\Engines\HcApi\HcApi.cpp
Failed to initialize services engine: 0x%x
..\..\..\Source\Engines\HcApi\HcApi.cpp
HcApi initialized part 2.
HcApi initialized part 3.
EpMPApi.dll
exp_DetachHandlers
..\..\..\Source\Engines\HcApi\HcApi.cpp
..\..\..\Source\Engines\HcApi\HcApi.cpp
LsarLookupNames
LsarLookupSids
ADMCOMConnect
Assertion failure: %s, 0x%x
..\..\..\Source\Engines\HcApi\HipArmorQuery.cpp
..\..\..\Source\Engines\HcApi\HipArmorQuery.cpp
Finished HipArmorQuery instance
..\..\..\Source\Engines\HcApi\HipArmorQuery.cpp
Not going to use SubChannel: %s
HipArmorQuery:%s
Using SubChannel: %s
..\..\..\Source\Engines\HcApi\HipArmorQuery.cpp
..\..\..\Source\Engines\HcApi\HipArmorQuery.cpp
..\..\..\Source\Engines\HcApi\HipArmorQuery.cpp
..\..\..\Source\Engines\HcApi\HipArmorQuery.cpp
..\..\..\Source\Engines\HcApi\HipArmorQuery.cpp
Initialized HipArmorQuery instance
Short circuit HipArmorQuery handle release due to external reference
sendSize <= sizeof(buf)
..\..\..\Source\Engines\HcApi\HipArmorQueryLog.cpp
exp_DetachHandlers
EventPtr == (Byte*)(&EventStorage + 1)
..\..\..\Source\Engines\HcApi\HookSwhDirective.cpp
EventsDBPtr == (Byte*)(&EventsDBStorage + 1)
..\..\..\Source\Engines\HcApi\HookSwhDirective.cpp
Unexpected failure processing query: 0x%x
..\..\..\Source\Engines\HcApi\HookSwhDirective.cpp
exp_DetachHandlers
CurrentHandlerDepth() == 1
..\..\..\Source\Engines\HcApi\HostedHandler.cpp
RpcRaiseException() reaction not available on x64. Map to ExitThread().
..\..\..\Source\Engines\HcApi\HostedHandler.cpp
..\..\..\Source\Engines\HcApi\HostedHandler.cpp
!err && handlerDepthTlsIndex != (dword)-1
exp_DetachHandlers
ZwQueryKey for handle %d returned 0x%x
EventPtr == (Byte*)(&EventStorage + 1)
..\..\..\Source\Engines\HcApi\RegPermDirective.cpp
EventsDBPtr == (Byte*)(&EventsDBStorage + 1)
..\..\..\Source\Engines\HcApi\RegPermDirective.cpp
Unable to allocate memory
Unexpected failure creating query instance: 0x%x
Unexpected failure processing query: 0x%x
exp_DetachHandlers
Pre start
Pre control
Pre delete
SRV_PreRStartServiceW(): hService %p, dwNumServiceArgs %d, lpServiceArgVectors %p
SRV_PreRControlService(): hService %p, dwControl %d
SRV_PreRDeleteService(): hService %p
Error <HandleStartService> :failed to get the service config.
Error <HandleStartService> : error in EnumServiceStatus().
Error <HandleStartService> : error in EnumServiceStatus().
Error <HandleStartService> : failed to get service config when checking for group.
GetSrvKeyNameFromRpcHandle(): EXCEPTION_EXECUTE_HANDLER
exp_DetachHandlers
exp_DetachHandlers
RPC: Hooking functions for interface: %s
..\..\..\Source\HipArmor\FatHook\HIPSCore_I.cpp
70b51430-b6ca-11d0-b9b9-00a0c922e750
RPC: HIDPreNdrStubCall2 I_ADM_COM fntbl=0x%p
..\..\..\Source\HipArmor\FatHook\HIPSCore_I.cpp
NdrServerInitialize
Rpcrt4
RPC: Skipping NdrServerInitialize when MosHost.dll is loaded.
..\..\..\Source\HipArmor\FatHook\HIPSCore_I.cpp
NdrStubCall2
Rpcrt4
exp_DetachHandlers
g_myModuleHandle
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
IEstate updated to: 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
UpdateInjectionState - There was a problem updating the injection state
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
BlockUntilRegChangeOrReadTimeout - There was a problem with RegNotifyChangeKeyValue: 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
UnloadInjectedLogic - There was a problem uninjecting logic: 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
Unexpected initial state for wd
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
BlockUntilRegChangeOrReadTimeout - There was a problem closing handle: 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
BlockUntilRegChangeOrReadTimeout - There was a problem closing registry key: 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - Initialize not allowed while already in progress.
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - Already initialized.
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - Need uninject first.
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - Already started.
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - Initialize again.
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
ieState == InjEnvReadyToBeInitialized
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - Initialize x %d.
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - No more attempts.
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - hookListBlob == NULL
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - Haqi initialization failed: 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - UnStub initialization failed: 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - Can't initialize kevlar API hooking.
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - error code 0x%x from HcApi init
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - initialize done: 0x%x.
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - Initialize code: 0x%x, cleanup: 0x%x.
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
tmp == g_myModuleHandle
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - Finalize().
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - Finalize not allowed while already in progress.
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
ieState == InjEnvReadyToBeInitialized
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - Finalize done: 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - Finalize code: 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - FinalizeNfsc code: 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - FinalizeNfsc done: 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - Finalize(wd) not allowed while already in progress.
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - Detach short.
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
MfeFhe - Detach.
..\..\..\Source\HipArmor\FatHook\HIPSCore_I2.cpp
exp_DetachHandlers
SOFTWARE\Classes\CLSID\
SOFTWARE\Classes\CLSID\
\InprocServer32
\InprocServer32
isSTA_Only_CLSID_1.0_a pid=%d clsid_path=%0.100s
isSTA_Only_CLSID_1.0_b pid=%d
ThreadingModel
isSTA_Only_CLSID_1.0_c pid=%d tm=%0.20s
Apartment
Post_CoInitialize_Handler_a pid=%d
Post_CoInitializeEx_Handler_1.0_a pid=%d
RpcRaiseException
CoInitialize
CoCreateInstance
CLSIDFromString
IIDFromString
StringFromCLSID
CoTaskMemFree
RtlCreateUserThread
RtlExitUserThread
NtTerminateThread
initKevlarAPIData : Failed to load %s, code 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_Kev_API.cpp
Failed to import %s from %s, code 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_Kev_API.cpp
Failed to import %s from %s, code 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_Kev_API.cpp
Failed to import %s from %s, code 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_Kev_API.cpp
Failed to import %s from %s, code 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_Kev_API.cpp
CoCreateInstance
ole32.dll
CoGetClassObject
ole32.dll
CoInitializeEx
ole32.dll
COMSetupThreadProc - Unexpected wait result: %x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_Kev_API.cpp
hookKevlarAPIs - COM Thread create error: %d
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_Kev_API.cpp
hookKevlarAPIs - COM setup thread is not needed
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_Kev_API.cpp
Stopping COMSetupThreadProc-0
COMSetupThreadProc wait result is %x
UnPackBoConfig: Previous allocation or initialization failed
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_Kev_API.cpp
p.p - packedBoDat == blob->blobSizeInBytes - blob->gbopHookOffset
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_Kev_API.cpp
exp_DetachHandlers
KERNEL32.DLL
GetProcessMitigationPolicy
KERNEL32.DLL
HIPIS Error - Insufficient APIInfo space for %uB.
D:\BUILD_932351\BUILD\ENS\hostips\Windows\Source\HipArmor\public\HipArmorMitigationPolicy_Code.h
GetProcessMitigationPolicy
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
allocSize >= sizeof(tagAPIInfo)
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
MfeFhe - Unable to convert mb string: 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
pAPIInfo
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
pAPIInfo->APIAddress
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
!err && handlerDepthTlsIndex != (dword)-1
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
!HookHadBeenApplied(pAPIInfo) || pAPIInfo->APIAddress == (tagAPIAddr)pbAPI
%s.dll
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
HookAddress_Internal(): pAPIInfo_ToUse=%p, pAPIInfo=%p, DllName=%s
applied
pending
Hooking
NO Hooking
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
HookAddress_Internal(): %s APIName=%s, currently %s, new APIAddress=%p, SeqNo_mainAPIInfoList = %d
MfeFhe - Unable to apply thin hook: 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
HookAddress_Internal(): Unhooking %p from error
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
numWritten == (16 * 2 + 1)
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
index + size <= ai.instructionSize
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
secondSize >= bytesLeft
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
availableCode >= MAX_INSTRUCTION_SIZE
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
Unable to get module file name, code 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
NdrServerInitialize
applied
pending
UnhookRpcrt4NdrServerInitialize(): deactivating Hook DllName=%s, APIName=%s, old APIAddress=%p (%s)
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
UnhookRpcrt4NdrServerInitialize(): ApplyThinHook(%p, UNAPPLY)
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
UnhookRpcrt4NdrServerInitialize(): MarkAPIInfoForReUse(%p)
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
CheckForHooks(): hModule = NULL
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
CheckForHooks(): %p != %p
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
CheckForHooks(): List was modified! SeqNo_mainAPIInfoList (%d) != seqNo_Saved (%d). Restarting checks ...
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
applied
pending
CheckForHooks(): Refreshing or activating Hook DllName=%s, APIName=%s, old APIAddress=%p (%s), new APIAddress=%p
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
CheckForHooks(): NotifyDeadCodeRange(%p, 1) - %p != %p
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
CheckForHooks(): [CONTENT] APIAddress %p has moved out of %s. Coding Error!!!
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
CheckForHooks(): [CONTENT] %s has moved out of %s.
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
Unexpected failure to trace image loads: 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
Unexpected failure to trace image loads: 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
Unexpected failure getting image trace: 0x%x
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
Unexpected image trace result format
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
EpMPApi.dll
EpMPThe.dll
GetThinHookInterface
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
hchost.dll - Active handlers prevent hchost.dll unload ATM.
..\..\..\Source\HipArmor\FatHook\HIPSCore_I_UnStub.cpp
Nested pre handler depth = %d. [SHORT-CIRCUIT]
handlerDepthTlsIndex != (dword)-1
Nested post handler depth = %d. [SHORT-CIRCUIT]
!pAPIInfo->inUse
!pAPIInfo->Next
rc == MK_SUCCESS
LdrLoadDll
KERNEL32
SetProcessMitigationPolicy
data && dataIndex
..\..\..\Source\HipArmor\HipShieldCommon\HipArmorOpcodes.cpp
data && dataSize
..\..\..\Source\HipArmor\HipShieldCommon\HipArmorOpcodes.cpp
index < opCodeAttribCount
..\..\..\Source\HipArmor\HipShieldCommon\HipArmorOpcodes.cpp
!modrm_mod
..\..\..\Source\HipArmor\HipShieldCommon\HipArmorOpcodes.cpp
group < opCodeAttribGroupCount
..\..\..\Source\HipArmor\HipShieldCommon\HipArmorOpcodes.cpp
index < 8
..\..\..\Source\HipArmor\HipShieldCommon\HipArmorOpcodes.cpp
index + size <= info.instructionSize
..\..\..\Source\HipArmor\HipShieldCommon\HipArmorOpcodes.cpp
..\..\..\Source\HipArmor\HipShieldCommon\HipArmorOpcodes.cpp
offset == numBytes
..\..\..\Source\HipArmor\HipShieldCommon\HipArmorOpcodes.cpp
sectionPtr == (Byte*)(§ionStorage + 1)
..\..\..\Source\HipArmor\HipShieldCommon\RegUtil.cpp
valuePtr == (Byte*)(&valueStorage + 1)
..\..\..\Source\HipArmor\HipShieldCommon\RegUtil.cpp
commonPrefix || valuePart
..\..\..\Source\HipArmor\HipShieldCommon\RegUtil.cpp
commonPrefixLen && oldPrefixLen
..\..\..\Source\HipArmor\HipShieldCommon\RegUtil.cpp
exp_DetachHandlers
exp_DetachHandlers
..\..\..\Source\HipArmor\Injection\HIPSCore_U_Utils.cpp
Translation array size mismatch, expected multiple of 0x%x bytes
..\..\..\Source\HipArmor\Injection\HIPSCore_U_Utils.cpp
\StringFileInfo\%04x%04x\FileVersion
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
version.dll
..\..\..\Source\HipArmor\Xcpt\MeXcpt.cpp
dbghelp.dll
MiniDumpWriteDump
write dump failed %u
wrote dump %s
Normal
VeryLow
MediumLow
Medium
MediumHigh
Critical
Undefined
Manual dump (%s severity) %s
Exception filter (%s severity): 0x%x
Execute handler
Continue handler search
Continue execution
Exception vector: 0x%x
AddVectoredExceptionHandler
KERNEL32.dll
RemoveVectoredExceptionHandler
KERNEL32.dll
NtQueryVirtualMemory
NtQueryInformationProcess
NtSetInformationProcess
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeString
NtQueryKey
NtQueryObject
ntdll.dll
Tamper
Illegal_API_Use
Program
Illegal Use
Buffer_Overflow
Services
Registry
Exceptions
*SG_Global*
*SG_Internal*
Parent Executable Fingerprint
Parent Executable Description
Parent Executable Subject Org Name
Parent Executable Is Trusted SDN
Parent Executable SDN
Parent Executable Path
Executable Fingerprint
Executable Description
Subject Organization Name
Is Trusted Subject Distinguished Name
Subject Distinguished Name
treaction
Disable Globals
ex_Group_SID
Take ownership
Warning Note
violations
module stack
dependencies
user groups
token handle
global logon id
session id
process id
unique rule ids
wrkstn name
domain user name
domain name
user name
Executable
application
illegal_api_use:invalid_call
illegal_api_use:bad_parameter
Vulnerability Name
Detailed Event Info
sql:request
transport
sql_user_password
authentication_mode
sql_line_comment
sp_param_char_len_ten
sp_param_char_len_nine
sp_param_char_len_eight
sp_param_char_len_seven
sp_param_char_len_six
sp_param_char_len_five
sp_param_char_len_four
sp_param_char_len_three
sp_param_char_len_two
sp_param_char_len_one
sp_param_orig_len_ten
sp_param_orig_len_nine
sp_param_orig_len_eight
sp_param_orig_len_seven
sp_param_orig_len_six
sp_param_orig_len_five
sp_param_orig_len_four
sp_param_orig_len_three
sp_param_orig_len_two
sp_param_orig_len_one
sp_param_ten
sp_param_nine
sp_param_eight
sp_param_seven
sp_param_six
sp_param_five
sp_param_four
sp_param_three
sp_param_two
sp_param_one
client_agent
server_name
db_user_name
sql_original_query
sql_query
sp_name
isapi:response
isapi:request
isapi:rawdata
isapi:reqquery
isapi:requrl
content len
server
source
raw url
local file
method
Web Server Type
raw data
files:permissions
files:hardlink
files:writeop
files:attribute
files:rename
files:delete
files:execute
files:write
files:read
files:create
drive type
dest file
hook:set_windows_hook
Handler Description
Handler Fingerprint
Handler Organization Name
Handler Is Trusted Distinguished Name
Handler Distinguished Name
Handler Path
Handler Module
image:load_for_execute
Image Description
Image Fingerprint
Image Organization Name
Image Is Trusted Distinguished Name
Image Distinguished Name
Image Path
program:open_with_any
program:open_with_create_thread
program:open_with_wait
program:open_with_modify
program:open_with_terminate
program:run
Target Fingerprint
Target Description
Target Organization Name
Is Trusted Target Distinguished Name
Target Distinguished Name
Target Executable
illegal:api
bo:dep_viol
bo:dep_write
bo:dep_heap
bo:dep_stack
bo:privilege_escalation
bo:no_module
bo:different_stack
bo:call_return_to_api
bo:call_different_target
bo:call_not_found
bo:call_return_unreadable
bo:invalid_call
bo:writeable_memory
bo:heap
bo:stack
DLL Name
Caller Description
Caller Fingerprint
Caller Organization Name
Caller Is Trusted Distinguished Name
Caller Distinguished Name
Caller Path
Caller Module
target_bytes
API Name
services:delete
services:create
services:logon
services:profile_disable
services:profile_enable
services:startup
services:continue
services:pause
services:stop
services:start
group names
hw profile
new startup
old startup
params
display names
services
registry:open_existing_key
registry:load
registry:replace
registry:restore
registry:monitor
registry:enumerate
registry:permissions
registry:modify
registry:delete
registry:rename
registry:read
registry:create
new data type
old data type
new data
old data
dest keys
values
Exclude_more
Include_more
attributes
directives
Exclude
Include
Exception
UNKNOWN
0123456789abcdef
(TC) isValidRelativePtr: %s - unexpected offset value (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
(TC) isValidRelativePtr: %s - invalid ptr offset (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
(TC) isValidRelativePtr: %s - invalid offset (maxSize:%ld ptrOffset:%I64d elementSize:%ld minOffsetExpected:%ld)
UnpatchValue: me->data.bin
UnpatchValue: me->next
(TC) UnpatchValue: me->size (%ld) invalid data size
(TC) UnpatchValue: me->attributes invalid attr or val
FreeValue: tried to free INT value!
UnpatchSection: me->next
UnpatchSection: me->values
(TC) UnpatchSection: me->type invalid
(TC) UnpatchSection: me->attributes invalid attr or val
(TC) UnpatchEvent: me->type invalid
(TC) UnpatchEvent: me->sigId invalid
UnpatchEvent (me->secLookupTable[i].v)
UnpatchEvent: me->next
UnpatchEvent: me->sections
(TC) UnpatchEvent: me->attributes invalid attribute
(TC) UnpatchEvent: me->directives invalid directive value
UnpatchEventsDB: me->events
(TC) UnpatchEventsDB: me->attributes invalid attr
TraceMessageVa
TraceMessage
RtlNtStatusToDosError
GetActiveProcessorGroupCount
SetThreadGroupAffinity
NtLoadDriver
NotComDllGetInterface
MmsControl
HidLinkConnect
HidLinkConnectAsync
HidLinkLoad2
HidLinkLoad
HidLinkLoadAsync
HidLinkUnload
HidLinkAvTrust
HidLinkGetMappedFileName
HidLinkGetSystemHardwareConfig
ASSERT:
g0123456789abcdef0x
0123456789ABCDEF0X
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
(null)
`h````
xpxxxx
bad exception
CorExitProcess
`h`hhh
xppwpp
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
Unknown exception
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
D:\BUILD_932351\BUILD\ENS_ResultsDir\Release64\EpMPApi.pdb
RpcStringFreeA
UuidToStringA
RPCRT4.dll
VirtualFree
VirtualAlloc
VerifyVersionInfoW
VerSetConditionMask
GetCurrentProcess
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
GetProcAddress
GetModuleHandleA
GetLastError
ReadProcessMemory
FreeLibrary
LoadLibraryA
DisableThreadLibraryCalls
DebugBreak
RaiseException
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameW
TerminateProcess
ExitThread
TlsGetValue
GetVersionExA
WaitForSingleObject
CloseHandle
GetModuleHandleExW
SetLastError
ResumeThread
GetSystemInfo
MultiByteToWideChar
SetEvent
LoadLibraryW
GetModuleHandleW
IsBadReadPtr
GetCurrentThread
WaitForMultipleObjects
CreateEventW
SetFilePointer
ReadFile
CreateFileW
GetModuleFileNameA
CreateFileA
DuplicateHandle
LocalFree
LocalAlloc
DeviceIoControl
ResetEvent
LoadLibraryExW
OutputDebugStringW
GetCurrentDirectoryW
CreateThread
WriteFile
GetStdHandle
KERNEL32.dll
wsprintfW
USER32.dll
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
EnumServicesStatusW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
GetServiceDisplayNameW
GetServiceKeyNameW
QueryServiceConfigW
QueryServiceStatus
RegNotifyChangeKeyValue
RegQueryValueExA
RegOpenKeyA
TraceEvent
OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges
PrivilegeCheck
LookupPrivilegeValueW
StartServiceW
RevertToSelf
ADVAPI32.dll
WinVerifyTrust
WINTRUST.dll
RtlLookupFunctionEntry
RtlUnwindEx
DecodePointer
EncodePointer
HeapFree
HeapAlloc
FlsSetValue
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
FlsAlloc
WideCharToMultiByte
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetStringTypeW
RtlPcToFileHeader
HeapSize
ExitProcess
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
HeapReAlloc
SetStdHandle
WriteConsoleW
FlushFileBuffers
EpMPApi.dll
BaseHostedKevlarPostHandler
BaseHostedKevlarPreHandler
Exp_GetAgentVersion
Exp_HookAPI
Exp_HookAddress
Exp_HookAddress_000
Finalize
GetUnStubInterface
HIDPreADMCOMConnect
HIDPreLsarLookupNames
HIDPreLsarLookupSids
HIDPreRControlService
HIDPreRDeleteService
HIDPreRStartServiceW
HipArmorQueryV1GetReference
HipArmorQueryV1ReleaseReference
HookSwhDirective_PreSetWindowsHookEx
Initialize
RegPermDirective_PreNtSetSecurityObject
RpcAddApiToList
exp_DetachHandlers
.?AUHipArmorApiHookTools@@
.?AUHipArmorQueryLightTools_@@
.?AUHipArmorQueryLightTools@@
.?AUHipArmorEventTools@@
.?AUHipArmorQueryLog@ScLog@@
.?AULogInterface@ScLog@@
.?AUHipArmorQuery_@@
.?AUHipArmorQuery@@
.?AVCMkString@@
.?AVCMkRefString@@
10.7.0.796
.?AUMeControl@@
.?AUExplicit@MeControl@@
.?AUReporting@MeControl@@
.?AUFiltered@MeControl@@
.?AUVectored@MeControl@@
.?AVtype_info@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_exception@std@@
.?AVexception@std@@
U!oHj)Z
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160721000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
u1H/P\
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!0 0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
http://www.mcafee.com 0
IsThaU
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
190320171728Z0#
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
180920194506Z
190920194506Z0
Washington1
Redmond1
Microsoft Corporation1;09
2Microsoft Windows Hardware Compatibility Publisher0
E0C1)0'
Microsoft Operations Puerto Rico1
232825+4457930
chttp://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crl0
ehttp://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
120418234838Z
270418235838Z0
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
-g<'<V
}PH.=C
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
p%|Yi1$
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 2012
(https://www.microsoft.com/en-us/windows 0
20190321184546.093Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:3BBD-E338-E9A11%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
181024211425Z
200110211425Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:3BBD-E338-E9A11%0#
Microsoft Time-Stamp Service0
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100701213655Z
250701214655Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
$`2X`F
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
oK0D$"<
r~akow
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:3BBD-E338-E9A11%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
20190322005134Z
20190323005134Z0w0=
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
F3kBHK
/2<YaF
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160816000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
http://www.mcafee.com 0
9Iz gZ.Q
20190320171738Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G2
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
170102000000Z
280401235959Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G20
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-50
\Z^ k;
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
190320171738Z0/
/1(0&0$0"
`BNjV\R
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
@SUWAUAVAWH
HA_A^A]_][
HA_A^A]_][
|$0ffffff
|$ ATH
WATAUH
A]A\_
@UVWAUAVH
0A^A]_^]
L$ SUVWATAUAVAWH
XA_A^A]A\_^][
WATAUH
PA]A\_
|$ ATH
@VATAUAVH
L93t'A
(A^A]A\^
L$ UVWATAW
A_A\_^]
A_A\_^]
@SWATAVAW
A_A^A\_[
A_A^A\_[
@SWAUAWH
T$ A8D$
8A_A]_[
|$ ATH
|$ ATH
fffffff
fffffff
WATAUAVAWH
)IcyHM
A;<$sq
A;<$s[H
A_A^A]A\_
LcA<E3
EpMPThe_l0.dll
l1Tramp
EpMPThe_l1.dll
EpMPThe_l0
GetLastError
SetLastError
TlsSetValue
kernel32.dll
TlsGetValue
NtQueryInformationThread
ntdll.dll
D:\BUILD_932351\BUILD\ENS\hostips\Windows\Source\HipArmor\amd64rel\EpMPThe.pdb
GetLastError
VirtualFree
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetSystemInfo
VirtualAlloc
SetEnvironmentVariableA
GetEnvironmentVariableA
TlsAlloc
VirtualProtect
GetCurrentThread
TlsSetValue
TlsGetValue
CloseHandle
WaitForSingleObject
OpenThread
Thread32Next
GetCurrentThreadId
GetCurrentProcessId
Thread32First
CreateToolhelp32Snapshot
FlushInstructionCache
WriteProcessMemory
VirtualProtectEx
GetCurrentProcess
TlsFree
RtlUnwindEx
KERNEL32.dll
EpMPThe.dll
GetL0ManagerInterface
GetThinHookInterface
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160721000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
u1H/P\
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!0 0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
http://www.mcafee.com 0
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
190320171748Z0#
hXaedX
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
180920194506Z
190920194506Z0
Washington1
Redmond1
Microsoft Corporation1;09
2Microsoft Windows Hardware Compatibility Publisher0
E0C1)0'
Microsoft Operations Puerto Rico1
232825+4457930
chttp://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crl0
ehttp://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
120418234838Z
270418235838Z0
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
-g<'<V
}PH.=C
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
p%|Yi1$
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 2012
(https://www.microsoft.com/en-us/windows 0
20190321184546.706Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:3BBD-E338-E9A11%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
181024211425Z
200110211425Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:3BBD-E338-E9A11%0#
Microsoft Time-Stamp Service0
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100701213655Z
250701214655Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
$`2X`F
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
oK0D$"<
r~akow
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:3BBD-E338-E9A11%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
20190322005134Z
20190323005134Z0w0=
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160816000000Z
190721235959Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
Symantec Corporation1 0
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
http://www.mcafee.com 0
20190320171816Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G3
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
171223000000Z
290322235959Z0
Symantec Corporation1 0
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G30
?'J3Nm
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-60
U){9FN
Symantec Corporation1 0
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
190320171816Z0/
/1(0&0$0"
GaU30%G
x(.@H(
vHx:5u
qD}3j|o`
BxF9F1
<,S*I&
Y>^F!>
yi\TM>
>N3.H=,
Pjp.$Q
X_?=O@:
FUt$4g
Bzgv!C
t5xk2!!
4KPJ[?
`<&$&e
:NC|b~)M<
%Yhxr5
9%cQP]3
0??,!;u
wMR;Wo'
({RQ0E
oYat#\
w-:Dk2,
pFf8$j
M"U{qNB
hq}b$k-
^...,G3
F|Wd,2b
'b%@M.
tO2@q(
=~WLB;\rO
cT=:b.
!PH7h%
-|X-k|
]srUnR
UUy$Bim
u:OlPV?Q"
n;i*yR
cgZzS"7
TLNHt2
Ri5v_[
j}NZ3a
7HANF"U
|#.nOK
xZKwl>
IDATn~
-E'sWJ
A ,WD6
N?~l/]{
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
04090C0d0i0s0
1$1)131T1Y1c1
2#2D2I2S2t2y2
34393C3d3i3s3
4#4D4I4S4t4y4
54595C5d5i5s5
6$6)636T6Y6c6
7#7D7I7S7t7y7
84898C8d8i8s8
9$9)939T9Y9c9
:#:D:I:S:t:y:
;4;9;C;d;i;s;
<$<)<3<T<Y<c<
=#=D=I=S=t=y=
>4>9>C>f>
?4?9?C?d?i?s?
0$0)030T0Y0c0
1#1D1I1S1t1y1
212;2Q2a2u2z2
<5=>=G=
=,>F>U>
869E9v9
4'464@4T4a4
;!;N;_;
; <2<;<]<o<
=(=?=V=e=
>(>9>>>C>k>|>
1#1f1s1
1&252~2
2(3V3c3
:!:f:u:G=
3A4[4u4
5 545A5
:@;D<6?E?
6A7V9c9
:N;X;p;z;
;D<J<V<l<
40454S4Z4a4h4o4v4
4!5>5j5
7 747?7Y7y7
808L8[8o8~8
949N9o9
;3<o<9=u=?>u>3?o?
80v0N1
4*5V6h6
8 9E9d9
9%:M:y:
>%>]>j>w>
5f7s78=V=i=
7)777F7P7d7q7v9{9
:%:6:G:X:i:z:
;3;X;k;
132D2^2o2
3$3G3X3r3
4!4S4t4
6 616D6U6f8u8
<+=3=<=E=M=q=
?)?Y?r?
010I0Y0`0
2G2N2~2
3<3J3b3
4f6x677
<V=e=X>
>F?U?z?
3*3W3V4i4
6'7O7W8
:&:8:l:x:
:);f;x;
<6=C=\=i=
>T?X?\?`?d?h?v?
8 808A8g8x8
=B>W>m>
1?1Y1^1d1k1
7.858C8
919F9O9
;M;b;k;
<F=T=x?
5 5.585
617:7g7,8F8[8s8
9":(:[:
:l;O<U<
>,?9?[?
6/7J7h7
758q8v8
8D9K9b9j9s9{9
> >%>.>5>[>p>w>}>
>*?0?>?M?S?Z?c?
0/0<0U0j0q0w0
0(1R1]1s1
2'3/3?3i3
60787>7M7
7 8?8`8
9,9L9x9
=&=,=u=
>7>E>Q>^>s>{>
1!1'1-13181>1D1J1O1U1[1a1f1l1r1x1}1
2$2*20252;2A2G2L2R2X2^2c2h2o2u2z2
3!3'3-32383>3D3I3O3U3[3`3f3l3r3w3}3
4$4*4/454;4A4F4L4R4X4]4c4i4o4t4z4
4'5P5`5f5
5&6,6K6X6^6m6t6y6
7!7'7,777_7i7w7
8"8(8.888B8M8W8\8}8
;:;C;N;U;u;{;
< <0<@<I<|<
= =%=x=
>C>T>Y>^>
3"41484n4w4
4*5E5Q5`5i5v5
6(61676?6D6s6x6
:[:`:d:h:l:
A?E?I?M?Q?U?Y?]?a?e?i?m?q?u?y?}?
0'0>0F0p0
1!1&1+1O1[1`1e1
2)232X2j2v2/3
5*505K5s5
9 :A:=;\;a;
0&0V0s0~0
1*181D1P1^1n1
9@:D:H:L:P:T:X:\:
:\;`;d;h;l;p;t;x;
h3#6?6C6G6K6O6S6W6[6_6c6g6k6
6 7_=y=
1K1R1e1s1z1
5^8h8r8
2G2M2_2u2
7:7j7y7
3!444q4
5&595@5H5a5w5
6>7R7n7
9>:S:]:c:w:
F1L1^1i1
1C1j1u1
132R2h2r2
454^4z4
515b5~5
>]>Y?m?
1(1C1O1`1i1
2"272C2K2_2y2
2#3(3-3J3R3
4&4H4Z4
5;5F5K5P5k5u5
6!6=6H6M6R6p6z6
737E7g7r7w7|7
8,878<8A8e8
9)9.939Q9
:=:O:[:i:
::;L;R;
=8=[=9>F?
>(>/>M>
9O: ;t;
1D1}1:2S3e3
;d<k<r<y<
=I>R>j>|>
0%000k0
2I2U2m2u2
6A7p7=8Q8i8q8
:8:@:M:N;
1/2N2g2
:/:9:J:O:d:
>">6>A>X>
> ?V?i?
2#262D2
3h3]445X5
82898P8f8
8#969@9a9
:/:j:q:
;+;=;O;a;s;
0%0l01282@2H2P2
8#9M9|9
0.1A112f2
:-:B:Y:
4<5Z5}5
6)757M7
829V9_:
;.;];z;
j2q2x2
243r3}3
4)454A4T4s4
5 525V5
6:6B6_6o6{6
7F8K8]8{8
1!1>1m1
2!2>2t2
0"1J1z1
2$242D2T2d2t2
3$343D3T3d3t3
4$444D4T4d4t4
5$545D5T5d5t5
6$646D6T6d6t6
7$747D7T7d7t7
8!818A8Q8
`2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4P4T4X4
83<3@3D3H3L3P3T3X3\3`3d3p3t3x3|3
3T:\:d:l:t:|:
;$;,;4;<;D;L;T;\;d;l;t;|;
<$<,<4<<<D<L<T<\<d<l<t<|<
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
0L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
9$9,949<9D9L9T9\9d9l9t9|9
:$:,:4:<:D:L:T:\:d:l:t:|:
;$;,;4;<;D;L;T;\;d;l;t;|;
<$<,<4<<<D<L<T<\<d<h<p<x<
= =(=0=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
? ?(?0?8?@?H?P?X?`?h?p?x?
0 0(00080@0H0P0X0`0h0p0x0
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
6D6H6P6X6d6h6l6p6
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
4$4,4044484<4@4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?|?
0 0$0(0
1$1,141<1D1L1T1\1d1l1t1|1
1Z3^3b3f3
> >,>8>D>P>\>h>t>
?(?4?@?L?X?d?p?|?
0$000<0H0T0`0l0x0
1$101<1H1T1`1l1x1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
9 9(90989@9H9P9X9`9h9p9x9
: :(:0:8:@:H:P:X:`:h:p:x:
; ;(;0;8;@;H;P;X;`;h;p;x;
< <(<0<8<@<H<P<X<`<h<p<x<
= =(=0=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
? ?(?0?8?@?H?P?X?`?h?p?x?
0p1t1x1|1
2$24282H2L2P2X2p2
3 3$34383@3X3h3l3|3
4 4$444D4H4`4p4t4
5 585<5T5X5p5t5
646D6T6d6h6l6p6x6
7 7$7(7,707D7H7X7\7`7d7h7p7t7x7|7
8(8,848L8\8l8p8t8|8
9$94989<9T9X9\9d9|9
: :$:(:<:@:H:\:`:x:|:
;$;(;,;0;8;P;T;l;p;t;x;|;
20282@2H2P2X2`2
3$3D3L3X3x3
4(4L4\4h4
545@5`5l5
6$6D6P6p6|6
7<7L7X7`7
708D8T8d8p8
9$90989P9t9
:4:<:H:h:p:x:
;$;,;4;<;D;L;T;`;
;$<4<@<H<|<
=(=4=T=\=h=
>8>D>d>p>
?$?0?8?P?t?
0 000T0\0d0l0t0|0
181D1d1l1t1|1
1,2<2D2P2p2|2
3$3,343<3@3D3L3`3|3
4,404@4d4p4x4
5 5@5L5h5
6(6H6h6p6t6
7,707P7p7
808P8p8
909P9p9
:0:L:P:X:`:h:|:
; ;(;<;D;X;
102`2p2
= =@=`=x=
?,?P?l?
kOM]Q\
O J5-
|$UI8=
af|q$T
Mj_3q&4
N]fZeX
4x]]5.
MJKT'D)
06%|G6
.7!i@:A
FU`0#n
PlM$EZ
sdY)L%
"qbWV[
`f,w,g
>@zk;}9
Z`HSG`
0s{^+Z
V6^qAI
N_Z]JB
@tvz<;E_
({=z)X
nVIkgLo
^g"=mC%
!B<Kbn|
m):p*>
Zf![y:rfK
sG'xjn
hp@'w=
^koh_$(
`4:DJY
2w$"!1
xz2O?M
"<t/r7
Zs!gO%y
S|i^(zfI\
-ht?mD
X]fK*]5
&m8;I^
@s%=%B
?=A*yF7
i0$XT7
z83-HkF
q2l@UJN
B=1honT
QICf%i
zhJ+DG
byxnC0
M0wx"M
-FujhL
S8wS~ +\
&rk,qT
KLp_h@
"1MiF#m
Gx,KE
nzkaLg
GlobalSign Root CA - R31
GlobalSign1
GlobalSign0
160615000000Z
240615000000Z0Z1
GlobalSign nv-sa100.
'GlobalSign CodeSigning CA - SHA256 - G30
<paX7
"http://ocsp2.globalsign.com/rootr306
%http://crl.globalsign.com/root-r3.crl0c
&https://www.globalsign.com/repository/0
JEe-MI
GlobalSign nv-sa100.
'GlobalSign CodeSigning CA - SHA256 - G30
190712185835Z
220712185835Z0|1
California1
Santa Clara1
McAfee, Inc.1
Engineering1
McAfee, Inc.0
<http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
,http://ocsp2.globalsign.com/gscodesignsha2g30V
&https://www.globalsign.com/repository/0
.http://crl.globalsign.com/gscodesignsha2g3.crl0
GlobalSign nv-sa100.
'GlobalSign CodeSigning CA - SHA256 - G3
http://www.mcafee.com 0
F1|E_2
\7ZuofU
20220602141722Z
Manchester1
Sectigo Limited1,0*
#Sectigo RSA Time Stamping Signer #3
Greater Manchester1
Salford1
Sectigo Limited1%0#
Sectigo RSA Time Stamping CA0
220511000000Z
330810235959Z0j1
Manchester1
Sectigo Limited1,0*
#Sectigo RSA Time Stamping Signer #30
/l}.aQ
https://sectigo.com/CPS0
3http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
3http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
http://ocsp.sectigo.com0
New Jersey1
Jersey City1
The USERTRUST Network1.0,
%USERTrust RSA Certification Authority0
190502000000Z
380118235959Z0}1
Greater Manchester1
Salford1
Sectigo Limited1%0#
Sectigo RSA Time Stamping CA0
?http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
3http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
http://ocsp.usertrust.com0
rRj;B7|
[C]e=P
Greater Manchester1
Salford1
Sectigo Limited1%0#
Sectigo RSA Time Stamping CA
220602141722Z0?
New Jersey1
Jersey City1
The USERTRUST Network1.0,
%USERTrust RSA Certification Authority
W8_.SV*
jjjjjj
3c224a00-5d51-11cf-b3ca-000000000001
Software\McAfee\SystemCore
szInstallDir32
%ls\%ls
NCPrivateLoadAndValidateMPTDll: Looking in current directory
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
NotComDllGetInterface: %ls loading %ls, WinVerifyTrust failed with %08x
6mfeaaca.dll
advapi32
\\.\WGUARDNT
\\.\Global\WGUARDNT
accesslib policy %x:%x
al delete policy on terminate process 0x%x (%d) rule
al disable rules on terminate thread 0x%x (%d) rule
al exception rule %x:%x res %s
v0123456789abcdef0x
0123456789ABCDEF0X
KERNEL32.DLL
kernel32.dll
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
Cadvapi32
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
(null)
((((( H
(
((((( H
mscoree.dll
BLC_ALL
LC_COLLATE
LC_CTYPE
LC_MONETARY
LC_NUMERIC
LC_TIME
Capi-ms-win-appmodel-runtime-l1-1-1
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l2-1-1
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-kernel32-package-current-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
user32
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
UTF-16LEUNICODE
Camerican
american english
american-english
australian
belgian
canadian
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
dutch-belgian
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
french-belgian
french-canadian
french-luxembourg
french-swiss
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
irish-english
italian-swiss
norwegian
norwegian-bokmal
norwegian-nynorsk
portuguese-brazilian
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
swedish-finland
america
britain
england
great britain
holland
hong-kong
new-zealand
pr china
pr-china
puerto-rico
slovak
south africa
south korea
south-africa
south-korea
trinidad & tobago
united-kingdom
united-states
CONOUT$
DBINARY
mfeepmpk
mfeepmpk.sys
mfeepmpk.old.sys
SOFTWARE\McAfee\Endpoint
SOFTWARE\McAfee\Endpoint\Ips\BO
SOFTWARE\McAfee\Endpoint\Common
szInstallDir32
szInstallDir64
ProductVersion
10.6.0
10.5.4
10.5.3
mfeepmpk_utility_pp
mfeepmpk_utility_policy
mfeepmpk_utility_rule
blframework.dll
McVariantExport.dll
blframework.dll
McVariantExport.dll
EP_BO_TECHNOLOGY_ENABLE
EP_BO_TECHNOLOGY_ENABLE
EP_TOPIC_NAME_TECHNOLOGY
businessObject
EP_BO_TECHNOLOGY_ENABLE
EP_TOPIC_NAME_TECHNOLOGY
businessObject
DBINARY
mfeepmpk
mfeepmpk.sys
mfeepmpk.old.sys
SOFTWARE\McAfee\Endpoint\Ips\BO
SOFTWARE\McAfee\Endpoint
SOFTWARE\McAfee\Endpoint\Common
szInstallDir32
szInstallDir64
ProductVersion
10.6.0
10.5.4
10.5.3
mfeepmpk_utility_pp
mfeepmpk_utility_policy
mfeepmpk_utility_rule
Default
%SYSTEMROOT%\SYSTEM32\drivers\mfeepmpk.sys
%SYSTEMROOT%\SYSTEM32\drivers\mfeepmpk.sys.old
**\McAfee\Endpoint Security\Threat Prevention\IPS\EpMPThe.dll
**\McAfee\Endpoint Security\Threat Prevention\IPS\EpMPApi.dll
-verbose
-check
-forceunload
-skipDisableIPS
-restoreIPSState
EpMPApi.dll
EpMPThe.dll
HipHandlers.dll
HipHandlers64.dll
EP_BO_TECHNOLOGY_ENABLE
SOFTWARE\McAfee\Endpoint\IPS\BO
EP_BO_TECHNOLOGY_ENABLE_BACKUP
SOFTWARE\McAfee\Endpoint\IPS\BO
SOFTWARE\McAfee\Endpoint\IPS\BO
EP_BO_TECHNOLOGY_ENABLE_BACKUP
DBINARY
mfeepmpk
mfeepmpk.sys
mfeepmpk.old.sys
SOFTWARE\McAfee\Endpoint\Ips\BO
SOFTWARE\McAfee\Endpoint
SOFTWARE\McAfee\Endpoint\Common
szInstallDir32
szInstallDir64
ProductVersion
10.6.0
10.5.4
10.5.3
mfeepmpk_utility_pp
mfeepmpk_utility_policy
mfeepmpk_utility_rule
Default
DBINARY
mfeepmpk
mfeepmpk.sys
mfeepmpk.old.sys
SOFTWARE\McAfee\Endpoint\Ips\BO
SOFTWARE\McAfee\Endpoint
SOFTWARE\McAfee\Endpoint\Common
szInstallDir32
szInstallDir64
ProductVersion
10.6.0
10.5.4
10.5.3
mfeepmpk_utility_pp
mfeepmpk_utility_policy
mfeepmpk_utility_rule
\SYSTEM32\
DBINARY
mfeepmpk
mfeepmpk.sys
mfeepmpk.old.sys
SOFTWARE\McAfee\Endpoint\Ips\BO
SOFTWARE\McAfee\Endpoint
SOFTWARE\McAfee\Endpoint\Common
szInstallDir32
szInstallDir64
ProductVersion
10.6.0
10.5.4
10.5.3
mfeepmpk_utility_pp
mfeepmpk_utility_policy
mfeepmpk_utility_rule
EpMPApi.dll
drivers\
drivers\
\EpMPApi.dll
\EpMPThe.dll
\EpMPApi.dll
\EpMPThe.dll
drivers\
drivers\
Software\McAfee\SystemCore
szInstallDir32
szInstallDir64
%ls\%ls
NCPrivateLoadAndValidateMPTDll: Looking in current directory
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
NotComDllGetInterface: %ls loading %ls, WinVerifyTrust failed with %08x
6mfeaaca.dll
BINARY
MAINEXE
AVMSIX
C=US, S=OREGON, L=SANTA CLARA, O="MCAFEE, INC.", OU=DIGITAL ID CLASS 3 - MICROSOFT SOFTWARE VALIDATION V2, OU=ENGINEERING, CN="MCAFEE, INC."
C=US, S=CALIFORNIA, L=SANTA CLARA, O="MCAFEE, INC.", OU=DIGITAL ID CLASS 3 - MICROSOFT SOFTWARE VALIDATION V2, OU=IIS, CN="MCAFEE, INC."
VTP trust check failed T2 for %s. Related IPS functionality is limited.
VTP trust check failed T1 for %s. Related IPS functionality is limited.
Failed to compute hash for %s
SERVICES AND CONTROLLER APP
CLIENT SERVER RUNTIME PROCESS
C=US, S=WASHINGTON, L=REDMOND, O=MICROSOFT CORPORATION,
File description is not available for %s
Unexpected file description size 0x%x, %s
FileDescription
Executable flags 0x%x %s
Unexpected name cache failure. Unable to determine device name for %s
Removing shield DB.
%4u -%s%s%s%s%s%s -path %s -hash %hs -desc %s -sdn %s
<McAfee>
<Microsoft>
<ThirdParty>
<Valid>
<Service>
<Network>
HardDrive
OtherRemovable
Floppy
Network
Blocking image load %s (by %s)
ProcessIsStarted: %s
Aborting unsafe block reaction due to unknown path: %s
0123456789abcdef
UM failed to resolve service display name for %s, status 0x%x
DisplayName
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\
FriendlyName
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\Hardware Profiles\
eStart
Hardware Profiles\
LEGACY_
ObjectName
04000000
03000000
02000000
01000000
00000000
Services\
\REGISTRY\CURRENT_USER
\REGISTRY\CURRENT_USER\SOFTWARE\CLASSES
_CLASSES
USER\S-1-
CURRENTCONTROLSET
\REGISTRY\MACHINE\SYSTEM\CONTROLSET
CONTROLSET00
MACHINE\SYSTEM\
\REGISTRY\
Request to usermode resulted in status %x and %d bytes of data
DecodeSid : Trip to user mode to determine name for sid
Name for Sid is %s
Token %p hasn't got a token
Group query on token %p failed
Group query on token %p gave %s
Token %p has %d groups
Updating token %p with some groups
A<SYSTEMREMOTECLIENT>
Destroy() logic finished. Continue with the DetachServicesWorker request.
Services are being detached. Waiting for Destroy() to finish.
%s, no Eid matches
%s, Eid matches:
WARNING: Violation report failed with status 0x%x.
AddUserGroupsSection : failed to copy sid
AddUserGroupsSection : found invalid sid length
AddUserGroupsSection : found invalid sid
WARNING: Reporting of possible tampering with query failed: 0x%x
WARNING: possible tampering with query detected.
ComputerName
\Registry\Machine\System\CurrentControlSet\Control\ComputerName\ActiveComputerName
WARNING: query against a Shield DB failed: 0x%x
WARNING: Query size %d is a fake query.
HipShieldk.sys:RegHook
HipShieldk.sys:FileHook
HipShieldk.sys:ProcessHook
Destroy() logic about to execute
There was a problem creating worker thread to detach services. Nothing will be done.
Link driver has been upgraded so detaching from filter.
mfeavfk.sys
HipShieldk.sys
Aborting unsafe injection not knowing path: 0x%x %s
Unexpected failure to get executable section values: 0x%x %s
Unable to monitor process 0x%x because path is unknown
Thread 0x%x loading exe module: %s
tracePosition %u load %s ImageBase = 0x%x (0x%x) ImageSize = 0x%x
Unexpected path: %s
3NTDLL.DLL
Unexpected process device path %s
Work around short path %s -> %s
Unexpected process path %s -> %s
Short path work around is not available: 0x%x
<SYSTEM>
Limited executable information available via short path: 0x%x %s
ZwOpenKeyTransactedEx
ZwCreateKeyTransacted
ZwRollbackTransaction
ZwCommitTransaction
ZwCreateTransaction
KeFlushQueuedDpcs
IoCancelFileOpen
EtwWrite
EtwUnregister
EtwRegister
PsGetProcessInheritedFromUniqueProcessId
PsGetProcessImageFileName
IoGetRequestorSessionId
PsGetProcessPeb
PsGetCurrentProcessSessionId
ObReferenceObjectByName
FsRtlRegisterFileSystemFilterCallbacks
IoGetDeviceAttachmentBaseRef
PsSetLoadImageNotifyRoutine
KeDetachProcess
KeAttachProcess
KeUnstackDetachProcess
KeStackAttachProcess
SeDeleteAccessState
SeCreateAccessState
SeImpersonateClient
SeImpersonateClientEx
SeQueryAuthenticationIdToken
SeQueryInformationToken
IoGetAttachedDevice
IoGetAttachedDeviceReference
MmMapLockedPages
MmMapLockedPagesSpecifyCache
IoAttachDeviceToDeviceStack
PsReferenceImpersonationToken
PsReferencePrimaryToken
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
FsRtlRemovePerStreamContext
FsRtlLookupPerStreamContextInternal
FsRtlInsertPerStreamContext
PsGetContextThread
PsGetProcessId
PsRemoveLoadImageNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
KeAreApcsDisabled
IoEnumerateDeviceObjectList
IoAttachDeviceToDeviceStackSafe
KeAreAllApcsDisabled
ObDereferenceObjectDeferDelete
KeExpandKernelStackAndCalloutEx
FsRtlRemovePerFileObjectContext
FsRtlLookupPerFileObjectContext
FsRtlInsertPerFileObjectContext
KeSetSystemAffinityThreadEx
KeRevertToUserAffinityThreadEx
FsRtlCancellableWaitForSingleObject
PsSetCreateProcessNotifyRoutineEx
ObUnRegisterCallbacks
ObRegisterCallbacks
FsRtlRemoveExtraCreateParameter
FsRtlInsertExtraCreateParameter
FsRtlFreeExtraCreateParameter
FsRtlAllocateExtraCreateParameter
FsRtlFreeExtraCreateParameterList
FsRtlAllocateExtraCreateParameterList
FsRtlIsEcpFromUserMode
FsRtlGetNextExtraCreateParameter
FsRtlFindExtraCreateParameter
FsRtlSetEcpListIntoIrp
FsRtlGetEcpListFromIrp
KeRegisterProcessorChangeCallback
KeQueryMaximumProcessorCount
KeQueryActiveProcessorCount
IoGetTransactionParameterBlock
ObReferenceObjectByHandleWithTag
ObReferenceObjectByPointerWithTag
ObfDereferenceObjectWithTag
ObfReferenceObjectWithTag
ExReleaseSpinLockExclusive
ExAcquireSpinLockExclusive
ExReleaseSpinLockShared
ExAcquireSpinLockShared
KeQueryGroupAffinity
KeRevertToUserGroupAffinityThread
KeSetSystemGroupAffinityThread
KeQueryMaximumGroupCount
KeQueryMaximumProcessorCountEx
KeGetProcessorNumberFromIndex
KeSetTargetProcessorDpcEx
KeGetCurrentProcessorNumberEx
KeQueryActiveProcessorCountEx
KeQueryActiveGroupCount
KeQueryLogicalProcessorRelationship
KeQueryHighestNodeNumber
KeQueryNodeMaximumProcessorCount
KeGetCurrentNodeNumber
IoReplaceFileObjectName
FsRtlGetVirtualDiskNestingLevel
KeQuerySystemTimePrecise
PsSetCreateThreadNotifyRoutineEx
PsSetCreateProcessNotifyRoutineEx2
DriverEntry
\Driver\
\Device\
AltServiceName
\Device\%s
mfehidk
\Registry\Machine\%s
\SYSTEMROOT
1111111111111111
@@@@@@@@@@
@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
5555555555555555
@@@@@@@@@@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@
v0123456789abcdef0x
0123456789ABCDEF0X
10.6.0.693
VS_VERSION_INFO
StringFileInfo
040904e4
CompanyName
McAfee, LLC.
ProductName
McAfee Endpoint
InternalName
mfeepmpk
OriginalFilename
mfeepmpk.sys
FileDescription
McAfee Endpoint MP Driver
FileVersion
10.6.0.693
ProductVersion
10.6.0.693
BuildNumber
BuildDate
08/29/2018
LegalCopyright
Copyright
2018 McAfee, LLC. All Rights Reserved.
VarFileInfo
Translation
McAfee, Inc
McAfee, LL
Legal_Policy_Statement
McAfee, Inc
AVMSIX
C=US, S=OREGON, L=SANTA CLARA, O="MCAFEE, INC.", OU=DIGITAL ID CLASS 3 - MICROSOFT SOFTWARE VALIDATION V2, OU=ENGINEERING, CN="MCAFEE, INC."
C=US, S=CALIFORNIA, L=SANTA CLARA, O="MCAFEE, INC.", OU=DIGITAL ID CLASS 3 - MICROSOFT SOFTWARE VALIDATION V2, OU=IIS, CN="MCAFEE, INC."
VTP trust check failed T2 for %s. Related IPS functionality is limited.
VTP trust check failed T1 for %s. Related IPS functionality is limited.
Failed to compute hash for %s
SERVICES AND CONTROLLER APP
CLIENT SERVER RUNTIME PROCESS
C=US, S=WASHINGTON, L=REDMOND, O=MICROSOFT CORPORATION,
File description is not available for %s
Unexpected file description size 0x%x, %s
FileDescription
Executable flags 0x%x %s
Unexpected name cache failure. Unable to determine device name for %s
Removing shield DB.
%4u -%s%s%s%s%s%s -path %s -hash %hs -desc %s -sdn %s
<McAfee>
<Microsoft>
<ThirdParty>
<Valid>
<Service>
<Network>
HardDrive
OtherRemovable
Floppy
Network
Blocking image load %s (by %s)
ProcessIsStarted: %s
Aborting unsafe block reaction due to unknown path: %s
0123456789abcdef
UM failed to resolve service display name for %s, status 0x%x
DisplayName
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\
FriendlyName
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\Hardware Profiles\
Hardware Profiles\
LEGACY_
ObjectName
04000000
03000000
02000000
01000000
00000000
Services\
\REGISTRY\CURRENT_USER
\REGISTRY\CURRENT_USER\SOFTWARE\CLASSES
_CLASSES
USER\S-1-
CURRENTCONTROLSET
\REGISTRY\MACHINE\SYSTEM\CONTROLSET
CONTROLSET00
MACHINE\SYSTEM\
\REGISTRY\
Request to usermode resulted in status %x and %d bytes of data
DecodeSid : Trip to user mode to determine name for sid
Name for Sid is %s
Token %p hasn't got a token
Group query on token %p failed
Group query on token %p gave %s
Token %p has %d groups
Updating token %p with some groups
<SYSTEMREMOTECLIENT>
Destroy() logic finished. Continue with the DetachServicesWorker request.
Services are being detached. Waiting for Destroy() to finish.
%s, no Eid matches
%s, Eid matches:
WARNING: Violation report failed with status 0x%x.
AddUserGroupsSection : found invalid sid
AddUserGroupsSection : found invalid sid length
AddUserGroupsSection : failed to copy sid
WARNING: Reporting of possible tampering with query failed: 0x%x
WARNING: possible tampering with query detected.
ComputerName
\Registry\Machine\System\CurrentControlSet\Control\ComputerName\ActiveComputerName
WARNING: query against a Shield DB failed: 0x%x
WARNING: Query size %d is a fake query.
HipShieldk.sys:RegHook
HipShieldk.sys:FileHook
HipShieldk.sys:ProcessHook
Destroy() logic about to execute
There was a problem creating worker thread to detach services. Nothing will be done.
Link driver has been upgraded so detaching from filter.
mfeavfk.sys
HipShieldk.sys
Aborting unsafe injection not knowing path: 0x%x %s
Unexpected failure to get executable section values: 0x%x %s
Unable to monitor process 0x%x because path is unknown
Thread 0x%x loading exe module: %s
tracePosition %u load %s ImageBase = 0x%x (0x%x) ImageSize = 0x%x
Unexpected path: %s
NTDLL.DLL
Unexpected process device path %s
Work around short path %s -> %s
Unexpected process path %s -> %s
Short path work around is not available: 0x%x
<SYSTEM>
Limited executable information available via short path: 0x%x %s
ZwOpenKeyTransactedEx
ZwCreateKeyTransacted
ZwRollbackTransaction
ZwCommitTransaction
ZwCreateTransaction
KeFlushQueuedDpcs
IoCancelFileOpen
EtwWrite
EtwUnregister
EtwRegister
PsGetProcessInheritedFromUniqueProcessId
PsGetProcessImageFileName
IoGetRequestorSessionId
PsGetProcessPeb
PsGetCurrentProcessSessionId
ObReferenceObjectByName
FsRtlRegisterFileSystemFilterCallbacks
IoGetDeviceAttachmentBaseRef
PsSetLoadImageNotifyRoutine
KeDetachProcess
KeAttachProcess
KeUnstackDetachProcess
KeStackAttachProcess
SeDeleteAccessState
SeCreateAccessState
SeImpersonateClient
SeImpersonateClientEx
SeQueryAuthenticationIdToken
SeQueryInformationToken
IoGetAttachedDevice
IoGetAttachedDeviceReference
MmMapLockedPages
MmMapLockedPagesSpecifyCache
IoAttachDeviceToDeviceStack
PsReferenceImpersonationToken
PsReferencePrimaryToken
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
FsRtlRemovePerStreamContext
FsRtlLookupPerStreamContextInternal
FsRtlInsertPerStreamContext
PsGetContextThread
PsGetProcessId
PsRemoveLoadImageNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
KeAreApcsDisabled
IoEnumerateDeviceObjectList
IoAttachDeviceToDeviceStackSafe
KeAreAllApcsDisabled
ObDereferenceObjectDeferDelete
KeExpandKernelStackAndCalloutEx
FsRtlRemovePerFileObjectContext
FsRtlLookupPerFileObjectContext
FsRtlInsertPerFileObjectContext
KeSetSystemAffinityThreadEx
KeRevertToUserAffinityThreadEx
FsRtlCancellableWaitForSingleObject
PsSetCreateProcessNotifyRoutineEx
ObUnRegisterCallbacks
ObRegisterCallbacks
FsRtlRemoveExtraCreateParameter
FsRtlInsertExtraCreateParameter
FsRtlFreeExtraCreateParameter
FsRtlAllocateExtraCreateParameter
FsRtlFreeExtraCreateParameterList
FsRtlAllocateExtraCreateParameterList
FsRtlIsEcpFromUserMode
FsRtlGetNextExtraCreateParameter
FsRtlFindExtraCreateParameter
FsRtlSetEcpListIntoIrp
FsRtlGetEcpListFromIrp
KeRegisterProcessorChangeCallback
KeQueryMaximumProcessorCount
KeQueryActiveProcessorCount
IoGetTransactionParameterBlock
ObReferenceObjectByHandleWithTag
ObReferenceObjectByPointerWithTag
ObfDereferenceObjectWithTag
ObfReferenceObjectWithTag
ExReleaseSpinLockExclusive
ExAcquireSpinLockExclusive
ExReleaseSpinLockShared
ExAcquireSpinLockShared
KeQueryGroupAffinity
KeRevertToUserGroupAffinityThread
KeSetSystemGroupAffinityThread
KeQueryMaximumGroupCount
KeQueryMaximumProcessorCountEx
KeGetProcessorNumberFromIndex
KeSetTargetProcessorDpcEx
KeGetCurrentProcessorNumberEx
KeQueryActiveProcessorCountEx
KeQueryActiveGroupCount
KeQueryLogicalProcessorRelationship
KeQueryHighestNodeNumber
KeQueryNodeMaximumProcessorCount
KeGetCurrentNodeNumber
IoReplaceFileObjectName
FsRtlGetVirtualDiskNestingLevel
KeQuerySystemTimePrecise
PsSetCreateThreadNotifyRoutineEx
PsSetCreateProcessNotifyRoutineEx2
DriverEntry
\Driver\
\Device\
AltServiceName
mfehidk
\Device\%s
\Registry\Machine\%s
\SYSTEMROOT
1111111111111111
@@@@@@@@@@
@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
5555555555555555
@@@@@@@@@@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@
0123456789abcdef0x
0123456789ABCDEF0X
10.6.0.693
VS_VERSION_INFO
StringFileInfo
040904e4
CompanyName
McAfee, LLC.
ProductName
McAfee Endpoint
InternalName
mfeepmpk
OriginalFilename
mfeepmpk.sys
FileDescription
McAfee Endpoint MP Driver
FileVersion
10.6.0.693
ProductVersion
10.6.0.693
BuildNumber
BuildDate
08/29/2018
LegalCopyright
Copyright
2018 McAfee, LLC. All Rights Reserved.
VarFileInfo
Translation
McAfee, Inc
McAfee, LL
Legal_Policy_Statement
McAfee, Inc
AVMSIX
C=US, S=OREGON, L=SANTA CLARA, O="MCAFEE, INC.", OU=DIGITAL ID CLASS 3 - MICROSOFT SOFTWARE VALIDATION V2, OU=ENGINEERING, CN="MCAFEE, INC."
C=US, S=CALIFORNIA, L=SANTA CLARA, O="MCAFEE, INC.", OU=DIGITAL ID CLASS 3 - MICROSOFT SOFTWARE VALIDATION V2, OU=IIS, CN="MCAFEE, INC."
VTP trust check failed T2 for %s. Related IPS functionality is limited.
VTP trust check failed T1 for %s. Related IPS functionality is limited.
Failed to compute hash for %s
SERVICES AND CONTROLLER APP
CLIENT SERVER RUNTIME PROCESS
C=US, S=WASHINGTON, L=REDMOND, O=MICROSOFT CORPORATION,
File description is not available for %s
Unexpected file description size 0x%x, %s
FileDescription
Executable flags 0x%x %s
Unexpected name cache failure. Unable to determine device name for %s
Removing shield DB.
%4u -%s%s%s%s%s%s -path %s -hash %hs -desc %s -sdn %s
<McAfee>
<Microsoft>
<ThirdParty>
<Valid>
<Service>
<Network>
HardDrive
OtherRemovable
Floppy
Network
Blocking image load %s (by %s)
ProcessIsStarted: %s
Aborting unsafe block reaction due to unknown path: %s
0123456789abcdef
UM failed to resolve service display name for %s, status 0x%x
DisplayName
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\
FriendlyName
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\Hardware Profiles\
eStart
Hardware Profiles\
LEGACY_
ObjectName
04000000
03000000
02000000
01000000
00000000
Services\
\REGISTRY\CURRENT_USER
\REGISTRY\CURRENT_USER\SOFTWARE\CLASSES
_CLASSES
USER\S-1-
CURRENTCONTROLSET
\REGISTRY\MACHINE\SYSTEM\CONTROLSET
CONTROLSET00
MACHINE\SYSTEM\
\REGISTRY\
Request to usermode resulted in status %x and %d bytes of data
DecodeSid : Trip to user mode to determine name for sid
Name for Sid is %s
Token %p hasn't got a token
Group query on token %p failed
Group query on token %p gave %s
Token %p has %d groups
Updating token %p with some groups
A<SYSTEMREMOTECLIENT>
Destroy() logic finished. Continue with the DetachServicesWorker request.
Services are being detached. Waiting for Destroy() to finish.
%s, no Eid matches
%s, Eid matches:
WARNING: Violation report failed with status 0x%x.
AddUserGroupsSection : failed to copy sid
AddUserGroupsSection : found invalid sid length
AddUserGroupsSection : found invalid sid
WARNING: Reporting of possible tampering with query failed: 0x%x
WARNING: possible tampering with query detected.
ComputerName
\Registry\Machine\System\CurrentControlSet\Control\ComputerName\ActiveComputerName
WARNING: query against a Shield DB failed: 0x%x
WARNING: Query size %d is a fake query.
HipShieldk.sys:RegHook
HipShieldk.sys:FileHook
HipShieldk.sys:ProcessHook
Destroy() logic about to execute
There was a problem creating worker thread to detach services. Nothing will be done.
Link driver has been upgraded so detaching from filter.
mfeavfk.sys
HipShieldk.sys
Aborting unsafe injection not knowing path: 0x%x %s
Unexpected failure to get executable section values: 0x%x %s
Unable to monitor process 0x%x because path is unknown
Thread 0x%x loading exe module: %s
tracePosition %u load %s ImageBase = 0x%x (0x%x) ImageSize = 0x%x
Unexpected path: %s
3NTDLL.DLL
Unexpected process device path %s
Work around short path %s -> %s
Unexpected process path %s -> %s
Short path work around is not available: 0x%x
<SYSTEM>
Limited executable information available via short path: 0x%x %s
ZwOpenKeyTransactedEx
ZwCreateKeyTransacted
ZwRollbackTransaction
ZwCommitTransaction
ZwCreateTransaction
KeFlushQueuedDpcs
IoCancelFileOpen
EtwWrite
EtwUnregister
EtwRegister
PsGetProcessInheritedFromUniqueProcessId
PsGetProcessImageFileName
IoGetRequestorSessionId
PsGetProcessPeb
PsGetCurrentProcessSessionId
ObReferenceObjectByName
FsRtlRegisterFileSystemFilterCallbacks
IoGetDeviceAttachmentBaseRef
PsSetLoadImageNotifyRoutine
KeDetachProcess
KeAttachProcess
KeUnstackDetachProcess
KeStackAttachProcess
SeDeleteAccessState
SeCreateAccessState
SeImpersonateClient
SeImpersonateClientEx
SeQueryAuthenticationIdToken
SeQueryInformationToken
IoGetAttachedDevice
IoGetAttachedDeviceReference
MmMapLockedPages
MmMapLockedPagesSpecifyCache
IoAttachDeviceToDeviceStack
PsReferenceImpersonationToken
PsReferencePrimaryToken
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
FsRtlRemovePerStreamContext
FsRtlLookupPerStreamContextInternal
FsRtlInsertPerStreamContext
PsGetContextThread
PsGetProcessId
PsRemoveLoadImageNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
KeAreApcsDisabled
IoEnumerateDeviceObjectList
IoAttachDeviceToDeviceStackSafe
KeAreAllApcsDisabled
ObDereferenceObjectDeferDelete
KeExpandKernelStackAndCalloutEx
FsRtlRemovePerFileObjectContext
FsRtlLookupPerFileObjectContext
FsRtlInsertPerFileObjectContext
KeSetSystemAffinityThreadEx
KeRevertToUserAffinityThreadEx
FsRtlCancellableWaitForSingleObject
PsSetCreateProcessNotifyRoutineEx
ObUnRegisterCallbacks
ObRegisterCallbacks
FsRtlRemoveExtraCreateParameter
FsRtlInsertExtraCreateParameter
FsRtlFreeExtraCreateParameter
FsRtlAllocateExtraCreateParameter
FsRtlFreeExtraCreateParameterList
FsRtlAllocateExtraCreateParameterList
FsRtlIsEcpFromUserMode
FsRtlGetNextExtraCreateParameter
FsRtlFindExtraCreateParameter
FsRtlSetEcpListIntoIrp
FsRtlGetEcpListFromIrp
KeRegisterProcessorChangeCallback
KeQueryMaximumProcessorCount
KeQueryActiveProcessorCount
IoGetTransactionParameterBlock
ObReferenceObjectByHandleWithTag
ObReferenceObjectByPointerWithTag
ObfDereferenceObjectWithTag
ObfReferenceObjectWithTag
ExReleaseSpinLockExclusive
ExAcquireSpinLockExclusive
ExReleaseSpinLockShared
ExAcquireSpinLockShared
KeQueryGroupAffinity
KeRevertToUserGroupAffinityThread
KeSetSystemGroupAffinityThread
KeQueryMaximumGroupCount
KeQueryMaximumProcessorCountEx
KeGetProcessorNumberFromIndex
KeSetTargetProcessorDpcEx
KeGetCurrentProcessorNumberEx
KeQueryActiveProcessorCountEx
KeQueryActiveGroupCount
KeQueryLogicalProcessorRelationship
KeQueryHighestNodeNumber
KeQueryNodeMaximumProcessorCount
KeGetCurrentNodeNumber
IoReplaceFileObjectName
FsRtlGetVirtualDiskNestingLevel
KeQuerySystemTimePrecise
PsSetCreateThreadNotifyRoutineEx
PsSetCreateProcessNotifyRoutineEx2
DriverEntry
\Driver\
\Device\
AltServiceName
\Device\%s
mfehidk
\Registry\Machine\%s
\SYSTEMROOT
1111111111111111
@@@@@@@@@@
@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
5555555555555555
@@@@@@@@@@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@
v0123456789abcdef0x
0123456789ABCDEF0X
10.5.4.4341
VS_VERSION_INFO
StringFileInfo
040904e4
CompanyName
McAfee, LLC.
ProductName
McAfee Endpoint
InternalName
mfeepmpk
OriginalFilename
mfeepmpk.sys
FileDescription
McAfee Endpoint MP Driver
FileVersion
10.5.4.4341
ProductVersion
10.5.4.4341
BuildNumber
BuildDate
08/28/2018
LegalCopyright
Copyright
2000-2018 McAfee, LLC. All Rights Reserved.
VarFileInfo
Translation
McAfee, Inc
McAfee, LL
Legal_Policy_Statement
McAfee, Inc
AVMSIX
C=US, S=OREGON, L=SANTA CLARA, O="MCAFEE, INC.", OU=DIGITAL ID CLASS 3 - MICROSOFT SOFTWARE VALIDATION V2, OU=ENGINEERING, CN="MCAFEE, INC."
C=US, S=CALIFORNIA, L=SANTA CLARA, O="MCAFEE, INC.", OU=DIGITAL ID CLASS 3 - MICROSOFT SOFTWARE VALIDATION V2, OU=IIS, CN="MCAFEE, INC."
VTP trust check failed T2 for %s. Related IPS functionality is limited.
VTP trust check failed T1 for %s. Related IPS functionality is limited.
Failed to compute hash for %s
SERVICES AND CONTROLLER APP
CLIENT SERVER RUNTIME PROCESS
C=US, S=WASHINGTON, L=REDMOND, O=MICROSOFT CORPORATION,
File description is not available for %s
Unexpected file description size 0x%x, %s
FileDescription
Executable flags 0x%x %s
Unexpected name cache failure. Unable to determine device name for %s
Removing shield DB.
%4u -%s%s%s%s%s%s -path %s -hash %hs -desc %s -sdn %s
<McAfee>
<Microsoft>
<ThirdParty>
<Valid>
<Service>
<Network>
HardDrive
OtherRemovable
Floppy
Network
Blocking image load %s (by %s)
ProcessIsStarted: %s
Aborting unsafe block reaction due to unknown path: %s
0123456789abcdef
UM failed to resolve service display name for %s, status 0x%x
DisplayName
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\
FriendlyName
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\Hardware Profiles\
Hardware Profiles\
LEGACY_
ObjectName
04000000
03000000
02000000
01000000
00000000
Services\
\REGISTRY\CURRENT_USER
\REGISTRY\CURRENT_USER\SOFTWARE\CLASSES
_CLASSES
USER\S-1-
CURRENTCONTROLSET
\REGISTRY\MACHINE\SYSTEM\CONTROLSET
CONTROLSET00
MACHINE\SYSTEM\
\REGISTRY\
Request to usermode resulted in status %x and %d bytes of data
DecodeSid : Trip to user mode to determine name for sid
Name for Sid is %s
Token %p hasn't got a token
Group query on token %p failed
Group query on token %p gave %s
Token %p has %d groups
Updating token %p with some groups
<SYSTEMREMOTECLIENT>
Destroy() logic finished. Continue with the DetachServicesWorker request.
Services are being detached. Waiting for Destroy() to finish.
%s, no Eid matches
%s, Eid matches:
WARNING: Violation report failed with status 0x%x.
AddUserGroupsSection : found invalid sid
AddUserGroupsSection : found invalid sid length
AddUserGroupsSection : failed to copy sid
WARNING: Reporting of possible tampering with query failed: 0x%x
WARNING: possible tampering with query detected.
ComputerName
\Registry\Machine\System\CurrentControlSet\Control\ComputerName\ActiveComputerName
WARNING: query against a Shield DB failed: 0x%x
WARNING: Query size %d is a fake query.
HipShieldk.sys:RegHook
HipShieldk.sys:FileHook
HipShieldk.sys:ProcessHook
Destroy() logic about to execute
There was a problem creating worker thread to detach services. Nothing will be done.
Link driver has been upgraded so detaching from filter.
mfeavfk.sys
HipShieldk.sys
Aborting unsafe injection not knowing path: 0x%x %s
Unexpected failure to get executable section values: 0x%x %s
Unable to monitor process 0x%x because path is unknown
Thread 0x%x loading exe module: %s
tracePosition %u load %s ImageBase = 0x%x (0x%x) ImageSize = 0x%x
Unexpected path: %s
NTDLL.DLL
Unexpected process device path %s
Work around short path %s -> %s
Unexpected process path %s -> %s
Short path work around is not available: 0x%x
<SYSTEM>
Limited executable information available via short path: 0x%x %s
ZwOpenKeyTransactedEx
ZwCreateKeyTransacted
ZwRollbackTransaction
ZwCommitTransaction
ZwCreateTransaction
KeFlushQueuedDpcs
IoCancelFileOpen
EtwWrite
EtwUnregister
EtwRegister
PsGetProcessInheritedFromUniqueProcessId
PsGetProcessImageFileName
IoGetRequestorSessionId
PsGetProcessPeb
PsGetCurrentProcessSessionId
ObReferenceObjectByName
FsRtlRegisterFileSystemFilterCallbacks
IoGetDeviceAttachmentBaseRef
PsSetLoadImageNotifyRoutine
KeDetachProcess
KeAttachProcess
KeUnstackDetachProcess
KeStackAttachProcess
SeDeleteAccessState
SeCreateAccessState
SeImpersonateClient
SeImpersonateClientEx
SeQueryAuthenticationIdToken
SeQueryInformationToken
IoGetAttachedDevice
IoGetAttachedDeviceReference
MmMapLockedPages
MmMapLockedPagesSpecifyCache
IoAttachDeviceToDeviceStack
PsReferenceImpersonationToken
PsReferencePrimaryToken
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
FsRtlRemovePerStreamContext
FsRtlLookupPerStreamContextInternal
FsRtlInsertPerStreamContext
PsGetContextThread
PsGetProcessId
PsRemoveLoadImageNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
KeAreApcsDisabled
IoEnumerateDeviceObjectList
IoAttachDeviceToDeviceStackSafe
KeAreAllApcsDisabled
ObDereferenceObjectDeferDelete
KeExpandKernelStackAndCalloutEx
FsRtlRemovePerFileObjectContext
FsRtlLookupPerFileObjectContext
FsRtlInsertPerFileObjectContext
KeSetSystemAffinityThreadEx
KeRevertToUserAffinityThreadEx
FsRtlCancellableWaitForSingleObject
PsSetCreateProcessNotifyRoutineEx
ObUnRegisterCallbacks
ObRegisterCallbacks
FsRtlRemoveExtraCreateParameter
FsRtlInsertExtraCreateParameter
FsRtlFreeExtraCreateParameter
FsRtlAllocateExtraCreateParameter
FsRtlFreeExtraCreateParameterList
FsRtlAllocateExtraCreateParameterList
FsRtlIsEcpFromUserMode
FsRtlGetNextExtraCreateParameter
FsRtlFindExtraCreateParameter
FsRtlSetEcpListIntoIrp
FsRtlGetEcpListFromIrp
KeRegisterProcessorChangeCallback
KeQueryMaximumProcessorCount
KeQueryActiveProcessorCount
IoGetTransactionParameterBlock
ObReferenceObjectByHandleWithTag
ObReferenceObjectByPointerWithTag
ObfDereferenceObjectWithTag
ObfReferenceObjectWithTag
ExReleaseSpinLockExclusive
ExAcquireSpinLockExclusive
ExReleaseSpinLockShared
ExAcquireSpinLockShared
KeQueryGroupAffinity
KeRevertToUserGroupAffinityThread
KeSetSystemGroupAffinityThread
KeQueryMaximumGroupCount
KeQueryMaximumProcessorCountEx
KeGetProcessorNumberFromIndex
KeSetTargetProcessorDpcEx
KeGetCurrentProcessorNumberEx
KeQueryActiveProcessorCountEx
KeQueryActiveGroupCount
KeQueryLogicalProcessorRelationship
KeQueryHighestNodeNumber
KeQueryNodeMaximumProcessorCount
KeGetCurrentNodeNumber
IoReplaceFileObjectName
FsRtlGetVirtualDiskNestingLevel
KeQuerySystemTimePrecise
PsSetCreateThreadNotifyRoutineEx
PsSetCreateProcessNotifyRoutineEx2
DriverEntry
\Driver\
\Device\
AltServiceName
mfehidk
\Device\%s
\Registry\Machine\%s
\SYSTEMROOT
1111111111111111
@@@@@@@@@@
@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
5555555555555555
@@@@@@@@@@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@
0123456789abcdef0x
0123456789ABCDEF0X
10.5.4.4341
VS_VERSION_INFO
StringFileInfo
040904e4
CompanyName
McAfee, LLC.
ProductName
McAfee Endpoint
InternalName
mfeepmpk
OriginalFilename
mfeepmpk.sys
FileDescription
McAfee Endpoint MP Driver
FileVersion
10.5.4.4341
ProductVersion
10.5.4.4341
BuildNumber
BuildDate
08/28/2018
LegalCopyright
Copyright
2000-2018 McAfee, LLC. All Rights Reserved.
VarFileInfo
Translation
McAfee, Inc
McAfee, LL
Legal_Policy_Statement
McAfee, Inc
AVMSIX
C=US, S=OREGON, L=SANTA CLARA, O="MCAFEE, INC.", OU=DIGITAL ID CLASS 3 - MICROSOFT SOFTWARE VALIDATION V2, OU=ENGINEERING, CN="MCAFEE, INC."
C=US, S=CALIFORNIA, L=SANTA CLARA, O="MCAFEE, INC.", OU=DIGITAL ID CLASS 3 - MICROSOFT SOFTWARE VALIDATION V2, OU=IIS, CN="MCAFEE, INC."
VTP trust check failed T2 for %s. Related IPS functionality is limited.
VTP trust check failed T1 for %s. Related IPS functionality is limited.
Failed to compute hash for %s
SERVICES AND CONTROLLER APP
CLIENT SERVER RUNTIME PROCESS
C=US, S=WASHINGTON, L=REDMOND, O=MICROSOFT CORPORATION,
File description is not available for %s
Unexpected file description size 0x%x, %s
FileDescription
Executable flags 0x%x %s
Unexpected name cache failure. Unable to determine device name for %s
Removing shield DB.
%4u -%s%s%s%s%s%s -path %s -hash %hs -desc %s -sdn %s
<McAfee>
<Microsoft>
<ThirdParty>
<Valid>
<Service>
<Network>
HardDrive
OtherRemovable
Floppy
Network
Blocking image load %s (by %s)
ProcessIsStarted: %s
Aborting unsafe block reaction due to unknown path: %s
0123456789abcdef
UM failed to resolve service display name for %s, status 0x%x
DisplayName
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\
FriendlyName
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\Hardware Profiles\
eStart
Hardware Profiles\
LEGACY_
ObjectName
04000000
03000000
02000000
01000000
00000000
Services\
\REGISTRY\CURRENT_USER
\REGISTRY\CURRENT_USER\SOFTWARE\CLASSES
_CLASSES
USER\S-1-
CURRENTCONTROLSET
\REGISTRY\MACHINE\SYSTEM\CONTROLSET
CONTROLSET00
MACHINE\SYSTEM\
\REGISTRY\
Request to usermode resulted in status %x and %d bytes of data
DecodeSid : Trip to user mode to determine name for sid
Name for Sid is %s
Token %p hasn't got a token
Group query on token %p failed
Group query on token %p gave %s
Token %p has %d groups
Updating token %p with some groups
A<SYSTEMREMOTECLIENT>
Destroy() logic finished. Continue with the DetachServicesWorker request.
Services are being detached. Waiting for Destroy() to finish.
%s, no Eid matches
%s, Eid matches:
WARNING: Violation report failed with status 0x%x.
AddUserGroupsSection : failed to copy sid
AddUserGroupsSection : found invalid sid length
AddUserGroupsSection : found invalid sid
WARNING: Reporting of possible tampering with query failed: 0x%x
WARNING: possible tampering with query detected.
ComputerName
\Registry\Machine\System\CurrentControlSet\Control\ComputerName\ActiveComputerName
WARNING: query against a Shield DB failed: 0x%x
WARNING: Query size %d is a fake query.
HipShieldk.sys:RegHook
HipShieldk.sys:FileHook
HipShieldk.sys:ProcessHook
Destroy() logic about to execute
There was a problem creating worker thread to detach services. Nothing will be done.
Link driver has been upgraded so detaching from filter.
mfeavfk.sys
HipShieldk.sys
Aborting unsafe injection not knowing path: 0x%x %s
Unexpected failure to get executable section values: 0x%x %s
Unable to monitor process 0x%x because path is unknown
Thread 0x%x loading exe module: %s
tracePosition %u load %s ImageBase = 0x%x (0x%x) ImageSize = 0x%x
Unexpected path: %s
3NTDLL.DLL
Unexpected process device path %s
Work around short path %s -> %s
Unexpected process path %s -> %s
Short path work around is not available: 0x%x
<SYSTEM>
Limited executable information available via short path: 0x%x %s
ZwOpenKeyTransactedEx
ZwCreateKeyTransacted
ZwRollbackTransaction
ZwCommitTransaction
ZwCreateTransaction
KeFlushQueuedDpcs
IoCancelFileOpen
EtwWrite
EtwUnregister
EtwRegister
PsGetProcessInheritedFromUniqueProcessId
PsGetProcessImageFileName
IoGetRequestorSessionId
PsGetProcessPeb
PsGetCurrentProcessSessionId
ObReferenceObjectByName
FsRtlRegisterFileSystemFilterCallbacks
IoGetDeviceAttachmentBaseRef
PsSetLoadImageNotifyRoutine
KeDetachProcess
KeAttachProcess
KeUnstackDetachProcess
KeStackAttachProcess
SeDeleteAccessState
SeCreateAccessState
SeImpersonateClient
SeImpersonateClientEx
SeQueryAuthenticationIdToken
SeQueryInformationToken
IoGetAttachedDevice
IoGetAttachedDeviceReference
MmMapLockedPages
MmMapLockedPagesSpecifyCache
IoAttachDeviceToDeviceStack
PsReferenceImpersonationToken
PsReferencePrimaryToken
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
FsRtlRemovePerStreamContext
FsRtlLookupPerStreamContextInternal
FsRtlInsertPerStreamContext
PsGetContextThread
PsGetProcessId
PsRemoveLoadImageNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
KeAreApcsDisabled
IoEnumerateDeviceObjectList
IoAttachDeviceToDeviceStackSafe
KeAreAllApcsDisabled
ObDereferenceObjectDeferDelete
KeExpandKernelStackAndCalloutEx
FsRtlRemovePerFileObjectContext
FsRtlLookupPerFileObjectContext
FsRtlInsertPerFileObjectContext
KeSetSystemAffinityThreadEx
KeRevertToUserAffinityThreadEx
FsRtlCancellableWaitForSingleObject
PsSetCreateProcessNotifyRoutineEx
ObUnRegisterCallbacks
ObRegisterCallbacks
FsRtlRemoveExtraCreateParameter
FsRtlInsertExtraCreateParameter
FsRtlFreeExtraCreateParameter
FsRtlAllocateExtraCreateParameter
FsRtlFreeExtraCreateParameterList
FsRtlAllocateExtraCreateParameterList
FsRtlIsEcpFromUserMode
FsRtlGetNextExtraCreateParameter
FsRtlFindExtraCreateParameter
FsRtlSetEcpListIntoIrp
FsRtlGetEcpListFromIrp
KeRegisterProcessorChangeCallback
KeQueryMaximumProcessorCount
KeQueryActiveProcessorCount
IoGetTransactionParameterBlock
ObReferenceObjectByHandleWithTag
ObReferenceObjectByPointerWithTag
ObfDereferenceObjectWithTag
ObfReferenceObjectWithTag
ExReleaseSpinLockExclusive
ExAcquireSpinLockExclusive
ExReleaseSpinLockShared
ExAcquireSpinLockShared
KeQueryGroupAffinity
KeRevertToUserGroupAffinityThread
KeSetSystemGroupAffinityThread
KeQueryMaximumGroupCount
KeQueryMaximumProcessorCountEx
KeGetProcessorNumberFromIndex
KeSetTargetProcessorDpcEx
KeGetCurrentProcessorNumberEx
KeQueryActiveProcessorCountEx
KeQueryActiveGroupCount
KeQueryLogicalProcessorRelationship
KeQueryHighestNodeNumber
KeQueryNodeMaximumProcessorCount
KeGetCurrentNodeNumber
IoReplaceFileObjectName
FsRtlGetVirtualDiskNestingLevel
KeQuerySystemTimePrecise
PsSetCreateThreadNotifyRoutineEx
PsSetCreateProcessNotifyRoutineEx2
DriverEntry
\Driver\
\Device\
AltServiceName
\Device\%s
mfehidk
\Registry\Machine\%s
\SYSTEMROOT
1111111111111111
@@@@@@@@@@
@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
5555555555555555
@@@@@@@@@@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@
v0123456789abcdef0x
0123456789ABCDEF0X
10.5.3.3316
VS_VERSION_INFO
StringFileInfo
040904e4
CompanyName
McAfee, Inc.
ProductName
McAfee Endpoint
InternalName
mfeepmpk
OriginalFilename
mfeepmpk.sys
FileDescription
McAfee Endpoint MP Driver
FileVersion
10.5.3.3316
ProductVersion
10.5.3.3316
BuildNumber
BuildDate
08/29/2018
LegalCopyright
Copyright
2000-2018 McAfee, Inc. All Rights Reserved.
VarFileInfo
Translation
McAfee, Inc
McAfee, LL
Legal_Policy_Statement
McAfee, Inc
AVMSIX
C=US, S=OREGON, L=SANTA CLARA, O="MCAFEE, INC.", OU=DIGITAL ID CLASS 3 - MICROSOFT SOFTWARE VALIDATION V2, OU=ENGINEERING, CN="MCAFEE, INC."
C=US, S=CALIFORNIA, L=SANTA CLARA, O="MCAFEE, INC.", OU=DIGITAL ID CLASS 3 - MICROSOFT SOFTWARE VALIDATION V2, OU=IIS, CN="MCAFEE, INC."
VTP trust check failed T2 for %s. Related IPS functionality is limited.
VTP trust check failed T1 for %s. Related IPS functionality is limited.
Failed to compute hash for %s
SERVICES AND CONTROLLER APP
CLIENT SERVER RUNTIME PROCESS
C=US, S=WASHINGTON, L=REDMOND, O=MICROSOFT CORPORATION,
File description is not available for %s
Unexpected file description size 0x%x, %s
FileDescription
Executable flags 0x%x %s
Unexpected name cache failure. Unable to determine device name for %s
Removing shield DB.
%4u -%s%s%s%s%s%s -path %s -hash %hs -desc %s -sdn %s
<McAfee>
<Microsoft>
<ThirdParty>
<Valid>
<Service>
<Network>
HardDrive
OtherRemovable
Floppy
Network
Blocking image load %s (by %s)
ProcessIsStarted: %s
Aborting unsafe block reaction due to unknown path: %s
0123456789abcdef
UM failed to resolve service display name for %s, status 0x%x
DisplayName
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\
FriendlyName
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\Hardware Profiles\
Hardware Profiles\
LEGACY_
ObjectName
04000000
03000000
02000000
01000000
00000000
Services\
\REGISTRY\CURRENT_USER
\REGISTRY\CURRENT_USER\SOFTWARE\CLASSES
_CLASSES
USER\S-1-
CURRENTCONTROLSET
\REGISTRY\MACHINE\SYSTEM\CONTROLSET
CONTROLSET00
MACHINE\SYSTEM\
\REGISTRY\
Request to usermode resulted in status %x and %d bytes of data
DecodeSid : Trip to user mode to determine name for sid
Name for Sid is %s
Token %p hasn't got a token
Group query on token %p failed
Group query on token %p gave %s
Token %p has %d groups
Updating token %p with some groups
<SYSTEMREMOTECLIENT>
Destroy() logic finished. Continue with the DetachServicesWorker request.
Services are being detached. Waiting for Destroy() to finish.
%s, no Eid matches
%s, Eid matches:
WARNING: Violation report failed with status 0x%x.
AddUserGroupsSection : found invalid sid
AddUserGroupsSection : found invalid sid length
AddUserGroupsSection : failed to copy sid
WARNING: Reporting of possible tampering with query failed: 0x%x
WARNING: possible tampering with query detected.
ComputerName
\Registry\Machine\System\CurrentControlSet\Control\ComputerName\ActiveComputerName
WARNING: query against a Shield DB failed: 0x%x
WARNING: Query size %d is a fake query.
HipShieldk.sys:RegHook
HipShieldk.sys:FileHook
HipShieldk.sys:ProcessHook
Destroy() logic about to execute
There was a problem creating worker thread to detach services. Nothing will be done.
Link driver has been upgraded so detaching from filter.
mfeavfk.sys
HipShieldk.sys
Aborting unsafe injection not knowing path: 0x%x %s
Unexpected failure to get executable section values: 0x%x %s
Unable to monitor process 0x%x because path is unknown
Thread 0x%x loading exe module: %s
tracePosition %u load %s ImageBase = 0x%x (0x%x) ImageSize = 0x%x
Unexpected path: %s
NTDLL.DLL
Unexpected process device path %s
Work around short path %s -> %s
Unexpected process path %s -> %s
Short path work around is not available: 0x%x
<SYSTEM>
Limited executable information available via short path: 0x%x %s
ZwOpenKeyTransactedEx
ZwCreateKeyTransacted
ZwRollbackTransaction
ZwCommitTransaction
ZwCreateTransaction
KeFlushQueuedDpcs
IoCancelFileOpen
EtwWrite
EtwUnregister
EtwRegister
PsGetProcessInheritedFromUniqueProcessId
PsGetProcessImageFileName
IoGetRequestorSessionId
PsGetProcessPeb
PsGetCurrentProcessSessionId
ObReferenceObjectByName
FsRtlRegisterFileSystemFilterCallbacks
IoGetDeviceAttachmentBaseRef
PsSetLoadImageNotifyRoutine
KeDetachProcess
KeAttachProcess
KeUnstackDetachProcess
KeStackAttachProcess
SeDeleteAccessState
SeCreateAccessState
SeImpersonateClient
SeImpersonateClientEx
SeQueryAuthenticationIdToken
SeQueryInformationToken
IoGetAttachedDevice
IoGetAttachedDeviceReference
MmMapLockedPages
MmMapLockedPagesSpecifyCache
IoAttachDeviceToDeviceStack
PsReferenceImpersonationToken
PsReferencePrimaryToken
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
FsRtlRemovePerStreamContext
FsRtlLookupPerStreamContextInternal
FsRtlInsertPerStreamContext
PsGetContextThread
PsGetProcessId
PsRemoveLoadImageNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
KeAreApcsDisabled
IoEnumerateDeviceObjectList
IoAttachDeviceToDeviceStackSafe
KeAreAllApcsDisabled
ObDereferenceObjectDeferDelete
KeExpandKernelStackAndCalloutEx
FsRtlRemovePerFileObjectContext
FsRtlLookupPerFileObjectContext
FsRtlInsertPerFileObjectContext
KeSetSystemAffinityThreadEx
KeRevertToUserAffinityThreadEx
FsRtlCancellableWaitForSingleObject
PsSetCreateProcessNotifyRoutineEx
ObUnRegisterCallbacks
ObRegisterCallbacks
FsRtlRemoveExtraCreateParameter
FsRtlInsertExtraCreateParameter
FsRtlFreeExtraCreateParameter
FsRtlAllocateExtraCreateParameter
FsRtlFreeExtraCreateParameterList
FsRtlAllocateExtraCreateParameterList
FsRtlIsEcpFromUserMode
FsRtlGetNextExtraCreateParameter
FsRtlFindExtraCreateParameter
FsRtlSetEcpListIntoIrp
FsRtlGetEcpListFromIrp
KeRegisterProcessorChangeCallback
KeQueryMaximumProcessorCount
KeQueryActiveProcessorCount
IoGetTransactionParameterBlock
ObReferenceObjectByHandleWithTag
ObReferenceObjectByPointerWithTag
ObfDereferenceObjectWithTag
ObfReferenceObjectWithTag
ExReleaseSpinLockExclusive
ExAcquireSpinLockExclusive
ExReleaseSpinLockShared
ExAcquireSpinLockShared
KeQueryGroupAffinity
KeRevertToUserGroupAffinityThread
KeSetSystemGroupAffinityThread
KeQueryMaximumGroupCount
KeQueryMaximumProcessorCountEx
KeGetProcessorNumberFromIndex
KeSetTargetProcessorDpcEx
KeGetCurrentProcessorNumberEx
KeQueryActiveProcessorCountEx
KeQueryActiveGroupCount
KeQueryLogicalProcessorRelationship
KeQueryHighestNodeNumber
KeQueryNodeMaximumProcessorCount
KeGetCurrentNodeNumber
IoReplaceFileObjectName
FsRtlGetVirtualDiskNestingLevel
KeQuerySystemTimePrecise
PsSetCreateThreadNotifyRoutineEx
PsSetCreateProcessNotifyRoutineEx2
DriverEntry
\Driver\
\Device\
AltServiceName
mfehidk
\Device\%s
\Registry\Machine\%s
\SYSTEMROOT
1111111111111111
@@@@@@@@@@
@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
5555555555555555
@@@@@@@@@@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@
0123456789abcdef0x
0123456789ABCDEF0X
10.5.3.3316
VS_VERSION_INFO
StringFileInfo
040904e4
CompanyName
McAfee, Inc.
ProductName
McAfee Endpoint
InternalName
mfeepmpk
OriginalFilename
mfeepmpk.sys
FileDescription
McAfee Endpoint MP Driver
FileVersion
10.5.3.3316
ProductVersion
10.5.3.3316
BuildNumber
BuildDate
08/29/2018
LegalCopyright
Copyright
2000-2018 McAfee, Inc. All Rights Reserved.
VarFileInfo
Translation
McAfee, Inc
McAfee, LL
Legal_Policy_Statement
McAfee, Inc
jjjjjj
McAfeeCerts.xml
SearchPath
Software\McAfee\Certs
advapi32
<NULL>
mfemmsa.dll
mfevtp
xDbghelp.dll
kernel32.dll
ntdll.dll
sfc.dll
psapi.dll
DeleteFlag
SYSTEM\CurrentControlSet\Services\mfevtp
SYSTEM\CurrentControlSet\Services\mfemms\Services\mfevtp
\System32\CatRoot2\dberr.txt
shared-cache.dll
sRootAutoUpdate
Crypt32
DeprecatedFlags
SYSTEM\CurrentControlSet\services\mfehidk
v0123456789abcdef0x
0123456789ABCDEF0X
SOFTWARE\MCAFEE\SYSTEMCORE\APILOGCALLBACK
SecureLoadSystemDLL
FileName
userenv.dll
crypt32.dll
wintrust.dll
ncrypt.dll
rsaenh.dll
Default
vtp_catcache
bcryptprimitives.dll
ole32.dll
winsta.dll
profapi.dll
cryptsp.dll
rpcrt4.dll
3c224a00-5d51-11cf-b3ca-000000000001
mfeaaca.dll
\\.\Global\WGUARDNT
\\.\WGUARDNT
al exception rule %x:%x res %s
al disable rules on terminate thread 0x%x (%d) rule
al delete policy on terminate process 0x%x (%d) rule
accesslib policy %x:%x
[Static] VerifyModule failed : validation_state = 0x%x privileges = 0x%x for module %s
Unknown
This method is not implemented by requested BL
TaskName
Module.Available
Mapfile
Resource
Localization
Formatting
Cookie
SupplierList
Description
NameAlias
CorellationID
MsgErrorCode
Severity
Priority
SoftwareID
AuthenticationCode
TimeToLive
SessionID
SequenceNumber
Destination
Origin
MsgSystemID
ClientID
TransErrorCode
Integrity
ThreadID
ProcessID
ProcessName
SourceEXE
Timestamp
HeaderVersion
Notification
Software\McAfee\SystemCore
szInstallDir32
szInstallDir64
NotComDllGetInterface: DLL not found in install location, looking in current directory
NotComDllGetInterface: %s loading %s, WinVerifyTrust failed with %08x
mfevtpa.dll
CBLServerInit::Invoke - Successfully Init Server and Init CleanUp RefCount: %d
CBLServerInit::Invoke - Successfully Init Server and Init CleanUp RefCount:
CBLServerInit::Invoke - Init CleanUp RefCount: %d
CBLServerInit::Invoke - Init CleanUp RefCount:
InitBO failed for [%s], Err: %d
Server is up
ThreatSeverity
ThreatEventID
ThreatTimestamp
EventIDDescription
CBLServerStart::Invoke - Successfully Init BO and Start/Stop RefCount: %d
CBLServerStart::Invoke - Successfully Init BO and Start/Stop RefCount:
CBLServerStart::Invoke - Start/Stop RefCount: %d
CBLServerStart::Invoke - Start/Stop RefCount:
UninitBO failed for [%s], Err: %d
CBLServerStop::Invoke - Successfully Uninit BO and Start/Stop RefCount: %d
CBLServerStop::Invoke - Successfully Uninit BO and Start/Stop RefCount:
CBLServerStop::Invoke - Start/Stop RefCount: %d
CBLServerStop::Invoke - Start/Stop RefCount:
CBLServerCleanUp::Invoke - Successfully cleaned up Server and Init CleanUp RefCount: %d
CBLServerCleanUp::Invoke - Successfully cleaned up Server and Init CleanUp RefCount:
CBLServerCleanUp::Invoke - Init CleanUp RefCount: %d
CBLServerCleanUp::Invoke - Init CleanUp RefCount:
blstub
blstub
blstub
blstub
blstub
gFailed to connect with server/Server not started
Memory allocation failure
Invalid parameter
Call timed out
Failed to encrypt/decrypt data
No description found
CTX_EP_HOSTING_SERVICE
SZ_ENDPOINT_ROOT
SZ_CMN_ROOT_KEY
SZ_BOR_ROOT_KEY
SZ_ENDPOINT_MODULES_ROOT_KEY
SZ_ENDPOINT_DATA_DIR
BLFRAMEWORKRTPATH
BusinessObject
LoggerOverrideFunction
LoggerDllLocation
EncryptDllLocation
RegistryRoot
MaxPeakThreads
MaxPersistentThreads
DefaultMessageRouter
ENSMode
ERRORINFO
Advapi32.dll
\Servers
GLOBAL
BatchSet
xPaths
Options
Properties
pFailed to open registry key
blclient
Failed to create event
Unable to listen for registry changes
bl1!2@8*7!%d
\LogLib.dll
Cleaning the Runtime manager...
\Common
[1]Failed to open registry entry!!!
[2]Failed to read registry entry!!!
Failed to open registry entry [%s]!!!
Failed to read registry entry [%s]!!!
blframeworkrt
"%s" will not be loaded - not trusted!!!
"%s" could not be loaded!!!
Failed to load exported function to override config
Failed to load exported function to override logger
Failed to load exported function!!!
Error: Failed to obtain factory interface!!!
Error: Failed to obtain client interface!!!
Error: Failed to create registry monitor!!!
Successfully initialized interface
Failed to obtain upgrade path from registry!!!
Upgrade notification received, beginning upgrade steps...
Failed to load frameworkrt.dll during upgrade!!!
Upgrade completed successfully
Failed [%x] to unregister [%s] object!!!
unregistered [%s] object successfully
Failed [%x] to Initialize BLServer during upgrade!!!
Initialized BLServer during upgrade successfully
Failed [%x] to register [%s] object!!!
Registered [%s] object successfully
Unable to re-register %s event callback after RT upgrade
pPausing...
Calls in progress...waiting.
Paused...proceeding with upgrade steps
Call received during upgrade...aborting these calls!!!
SOFTWARE\McAfee\Endpoint
SOFTWARE\McAfee\Endpoint\Common
SOFTWARE\McAfee\Endpoint\Common\BusinessObjectRegistry
SOFTWARE\McAfee\Endpoint\Modules
McAfee\Endpoint Security
RTPath
\Modules
\BusinessObjectRegistry
\/:*?"<>|
Thread terminated
Registry monitoring thread exited with errors!!!
Unable to start registry watcher
Unable to start registry watcher thread
Stop signal received by registry monitor. Terminating thread.
TechnologyName
EventList
PropList
tTag-DEPRECATED_DO_NOT_USE
Header
Message
%Y-%m-%dT%H:%M:%SZ
Kernel32.dll
McVariantExport.dll
BLFramework.dll
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUV
McAfee Trust
NCopyright
2006 Microsoft Corporation
Legal_Policy_Statement
XCopyright
1999-2005 Microsoft Corporation
XCopyright
1999-2005 Microsoft Corporation
ISG Trust
VS_VERSION_INFO
StringFileInfo
000004B0
FileVersion
10.7.0.678
FileDescription
BL Framework component
PrivateBuild
Endpoint Security Platform.10.7.0.678
ProductName
McAfee Endpoint Security
ProductVersion
10.7.0
CompanyName
McAfee, LLC.
LegalCopyright
Copyright
2019 McAfee, LLC. All Rights Reserved.
VarFileInfo
Translation
McAfee, Inc
McAfee, Inc
McAfeeCerts.xml
SearchPath
Software\McAfee\Certs
advapi32
<NULL>
mfemmsa.dll
mfevtp
kernel32.dll
Dbghelp.dll
ntdll.dll
sfc.dll
psapi.dll
DeleteFlag
SYSTEM\CurrentControlSet\Services\mfevtp
SYSTEM\CurrentControlSet\Services\mfemms\Services\mfevtp
\System32\CatRoot2\dberr.txt
shared-cache.dll
RootAutoUpdate
Crypt32
DeprecatedFlags
SYSTEM\CurrentControlSet\services\mfehidk
0123456789abcdef0x
0123456789ABCDEF0X
SOFTWARE\MCAFEE\SYSTEMCORE\APILOGCALLBACK
SecureLoadSystemDLL
FileName
userenv.dll
crypt32.dll
wintrust.dll
ncrypt.dll
rsaenh.dll
Default
vtp_catcache
bcryptprimitives.dll
ole32.dll
winsta.dll
profapi.dll
cryptsp.dll
rpcrt4.dll
3c224a00-5d51-11cf-b3ca-000000000001
mfeaaca.dll
\\.\Global\WGUARDNT
\\.\WGUARDNT
al exception rule %x:%x res %s
al disable rules on terminate thread 0x%x (%d) rule
al delete policy on terminate process 0x%x (%d) rule
accesslib policy %x:%x
[Static] VerifyModule failed : validation_state = 0x%x privileges = 0x%x for module %s
Unknown
This method is not implemented by requested BL
TaskName
Module.Available
Mapfile
Resource
Localization
Formatting
Cookie
SupplierList
Description
NameAlias
CorellationID
MsgErrorCode
Severity
Priority
SoftwareID
AuthenticationCode
TimeToLive
SessionID
SequenceNumber
Destination
Origin
MsgSystemID
ClientID
TransErrorCode
Integrity
ThreadID
ProcessID
ProcessName
SourceEXE
Timestamp
HeaderVersion
Notification
Software\McAfee\SystemCore
szInstallDir32
szInstallDir64
NotComDllGetInterface: DLL not found in install location, looking in current directory
NotComDllGetInterface: %s loading %s, WinVerifyTrust failed with %08x
mfevtpa.dll
CBLServerInit::Invoke - Successfully Init Server and Init CleanUp RefCount: %d
CBLServerInit::Invoke - Successfully Init Server and Init CleanUp RefCount:
CBLServerInit::Invoke - Init CleanUp RefCount: %d
CBLServerInit::Invoke - Init CleanUp RefCount:
InitBO failed for [%s], Err: %d
Server is up
ThreatSeverity
ThreatEventID
ThreatTimestamp
EventIDDescription
CBLServerStart::Invoke - Successfully Init BO and Start/Stop RefCount: %d
CBLServerStart::Invoke - Successfully Init BO and Start/Stop RefCount:
CBLServerStart::Invoke - Start/Stop RefCount: %d
CBLServerStart::Invoke - Start/Stop RefCount:
UninitBO failed for [%s], Err: %d
CBLServerStop::Invoke - Successfully Uninit BO and Start/Stop RefCount: %d
CBLServerStop::Invoke - Successfully Uninit BO and Start/Stop RefCount:
CBLServerStop::Invoke - Start/Stop RefCount: %d
CBLServerStop::Invoke - Start/Stop RefCount:
CBLServerCleanUp::Invoke - Successfully cleaned up Server and Init CleanUp RefCount: %d
CBLServerCleanUp::Invoke - Successfully cleaned up Server and Init CleanUp RefCount:
CBLServerCleanUp::Invoke - Init CleanUp RefCount: %d
CBLServerCleanUp::Invoke - Init CleanUp RefCount:
blstub
blstub
blstub
blstub
blstub
gFailed to connect with server/Server not started
Memory allocation failure
Invalid parameter
Call timed out
Failed to encrypt/decrypt data
No description found
CTX_EP_HOSTING_SERVICE
SZ_ENDPOINT_ROOT
SZ_CMN_ROOT_KEY
SZ_BOR_ROOT_KEY
SZ_ENDPOINT_MODULES_ROOT_KEY
SZ_ENDPOINT_DATA_DIR
BLFRAMEWORKRTPATH
BusinessObject
LoggerOverrideFunction
LoggerDllLocation
EncryptDllLocation
RegistryRoot
MaxPeakThreads
MaxPersistentThreads
DefaultMessageRouter
ENSMode
ERRORINFO
Advapi32.dll
\Servers
GLOBAL
BatchSet
xPaths
Options
Properties
pFailed to open registry key
blclient
Failed to create event
Unable to listen for registry changes
bl1!2@8*7!%d
\LogLib.dll
Cleaning the Runtime manager...
\Common
[1]Failed to open registry entry!!!
[2]Failed to read registry entry!!!
Failed to open registry entry [%s]!!!
Failed to read registry entry [%s]!!!
blframeworkrt
"%s" will not be loaded - not trusted!!!
"%s" could not be loaded!!!
Failed to load exported function to override config
Failed to load exported function to override logger
Failed to load exported function!!!
Error: Failed to obtain factory interface!!!
Error: Failed to obtain client interface!!!
Error: Failed to create registry monitor!!!
Successfully initialized interface
Failed to obtain upgrade path from registry!!!
Upgrade notification received, beginning upgrade steps...
Failed to load frameworkrt.dll during upgrade!!!
Upgrade completed successfully
Failed [%x] to unregister [%s] object!!!
unregistered [%s] object successfully
Failed [%x] to Initialize BLServer during upgrade!!!
Initialized BLServer during upgrade successfully
Failed [%x] to register [%s] object!!!
Registered [%s] object successfully
Unable to re-register %s event callback after RT upgrade
Pausing...
Calls in progress...waiting.
Paused...proceeding with upgrade steps
Call received during upgrade...aborting these calls!!!
SOFTWARE\McAfee\Endpoint
SOFTWARE\McAfee\Endpoint\Common
SOFTWARE\McAfee\Endpoint\Common\BusinessObjectRegistry
SOFTWARE\McAfee\Endpoint\Modules
McAfee\Endpoint Security
RTPath
\Modules
\BusinessObjectRegistry
\/:*?"<>|
Thread terminated
Registry monitoring thread exited with errors!!!
Unable to start registry watcher
Unable to start registry watcher thread
Stop signal received by registry monitor. Terminating thread.
TechnologyName
EventList
PropList
tTag-DEPRECATED_DO_NOT_USE
Header
Message
%Y-%m-%dT%H:%M:%SZ
Kernel32.dll
McVariantExport.dll
BLFramework.dll
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUV
McAfee Trust
NCopyright
2006 Microsoft Corporation
Legal_Policy_Statement
XCopyright
1999-2005 Microsoft Corporation
XCopyright
1999-2005 Microsoft Corporation
ISG Trust
VS_VERSION_INFO
StringFileInfo
000004B0
FileVersion
10.7.0.677
FileDescription
BL Framework component
PrivateBuild
Endpoint Security Platform.10.7.0.677
ProductName
McAfee Endpoint Security
ProductVersion
10.7.0
CompanyName
McAfee, LLC.
LegalCopyright
Copyright
2019 McAfee, LLC. All Rights Reserved.
VarFileInfo
Translation
McAfee, Inc
McAfee, Inc
Kernel32.dll
%Y-%m-%dT%H:%M:%SZ
'
"
0x%.*s
TaskName
EventIDDescription
ThreatSeverity
ThreatEventID
TechnologyName
Mapfile
Resource
Localization
Formatting
Cookie
SupplierList
Description
NameAlias
CorellationID
MsgErrorCode
Severity
Priority
SoftwareID
AuthenticationCode
TimeToLive
SessionID
SequenceNumber
Destination
Origin
MsgSystemID
ClientID
TransErrorCode
Integrity
ThreadID
ProcessID
ProcessName
SourceEXE
Timestamp
HeaderVersion
Notification
SecurityEvent
EventList
PropList
ThreatTimestamp
CustomFields
EventFilter
4 hex digits
escaped character: ", \, /, b, f, n, r, t, or u
string character or \ or "
number
string, number, object, array, true, false, or null
, or }
, or ]
[ or {
XML Error
0x%8.8X
on line %ld
XML Error could not get doc interface.
prefix
Register
Buffer
String
businessObject
Invalid xml file or schema file
Failed to create xml document instance, 0x%08X
Failed to create xsd document instance, 0x%08X
Failed to load xml document, 0x%08X
Failed to load xsd document, 0x%08X
Failed to get DOM element, 0x%08X
Failed to create schema collection instance, 0x%08X
targetNamespace
Failed to add schema reference, 0x%08X
Failed to get element type for, %s
Failed to get attribute type for element, %s
Failed to get value for element, %s
Failed to get content type for %s
Converter supports text only and element only complex elements.
Error caused due to element, %s
Unsupported element data type %d
Parser error at line %d, reason = %s
Buffer[%u]
String[%u]
List[%u]
<null>
0x0nyi
type="Null"
type="Register"
type="Bool"
type="Int"
type="Int64"
type="Buffer"
type="String"
type="List"
Property
prefix="%s"
</%s%s>
<businessObject id="%s" version="1.0">
<Task id="%s">
</Task>
</businessObject>
</%.*s>%s
<![CDATA[%s]]>
_%s.%s="
name="
</%s>%s
value="
ReadOnly
encoding
%s.%s="
type="String">
type="%s"
Tag-DEPRECATED_DO_NOT_USE
Header
Message
Destination-EPO
Destination-SMTP
Destination-SNMP
Destination-AppLog
Destination-LocalDB
McVariantExport.dll
BLFramework.dll
__msg_reply_namespace
__msg_reply
Failed to load xsd document %s, 0x%08X
Failed to load xsd buffer, 0x%08X
Failed to get xsd buffer, 0x%08X
Failed to add schema to schema collection, 0x%08X
Unsupported element data type %d for element %s
Failed to convert McVariant to xml using ::NewNatural
Failed to load converted xml document, 0x%08X
Failed to convert XML to UTF8, 0x%x
.new.tmp
Failed to write XML to file, 0x%x
.deleteme.tmp
Failed to move %s to %s, 0x%x
Failed to load converted xml document, 0x%08X [Reason: %s Source: %s]
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
VS_VERSION_INFO
StringFileInfo
000004B0
FileVersion
10.7.0.678
FileDescription
McVariant utilities
PrivateBuild
Endpoint Security Platform.10.7.0.678
ProductName
McAfee Endpoint Security
ProductVersion
10.7.0
CompanyName
McAfee, LLC.
LegalCopyright
Copyright
2019 McAfee, LLC. All Rights Reserved.
VarFileInfo
Translation
McAfee, Inc
McAfee, Inc
ForceRemove
NoRemove
Delete
TypeLib
Software
SYSTEM
SECURITY
Hardware
Interface
FileType
Component Categories
Failed to create xsd document instance, 0x%08X
Failed to load xsd document %s, 0x%08X
Failed to create xsd document instance, 0x%08X
Failed to load xsd buffer, 0x%08X
Parser error at line %d, reason = %s
Failed to get xsd buffer, 0x%08X
Failed to create schema collection instance, 0x%08X
.new.tmp
Failed to get DOM element, 0x%08X
targetNamespace
Operational
Failed to add schema to schema collection, 0x%08X
Failed to add schema reference, 0x%08X
Failed to get element type for, %s
Timestamp
Failed to get value for element, %s
Failed to get content type for %s
SourceEXE
Converter supports text only and element only complex elements.
.deleteme.tmp
ProcessName
Error caused due to element, %s
Unsupported element data type %d for element %s
Failed to convert McVariant to xml using ::NewNatural
Failed to create xml document instance, 0x%08X
Failed to load converted xml document, 0x%08X
Failed to convert McVariant to xml using ::NewNatural
Failed to create xml document instance, 0x%08X
Failed to load converted xml document, 0x%08X
Failed to convert XML to UTF8, 0x%x
ProcessID
Failed to write XML to file, 0x%x
Failed to move %s to %s, 0x%x
Failed to move %s to %s, 0x%x
ThreadID
Failed to create xml document instance, 0x%08X
Failed to load xsd buffer, 0x%08X
Integrity
Failed to create xml document instance, 0x%08X
Failed to load xml document, 0x%08X
ClientID
Failed to convert McVariant to xml using ::NewNatural
Failed to create xml document instance, 0x%08X
Failed to load converted xml document, 0x%08X [Reason: %s Source: %s]
Failed to create xml document instance, 0x%08X
Failed to load xsd buffer, 0x%08X
SecurityEvent
Notification
HeaderVersion
TransErrorCode
MsgSystemID
Origin
Destination
SequenceNumber
SessionID
TimeToLive
AuthenticationCode
SoftwareID
Priority
Severity
MsgErrorCode
CorellationID
NameAlias
Description
SupplierList
Cookie
Formatting
Localization
Resource
Mapfile
_participant_new
_participant_deleted
__msg_reply_namespace
__msg_reply
__msg_reply_namespace
__msg_reply
SecurityEvent
Notification
Operational
HeaderVersion
Timestamp
SourceEXE
ProcessName
ProcessID
ThreadID
Integrity
TransErrorCode
ClientID
MsgSystemID
Origin
Destination
SequenceNumber
SessionID
TimeToLive
AuthenticationCode
SoftwareID
Priority
Severity
MsgErrorCode
CorellationID
NameAlias
Description
SupplierList
Cookie
Formatting
Localization
Resource
Mapfile
_participant_new
_participant_deleted
McVariantExport.dll
BLFramework.dll
BLFramework.dll
Tag-DEPRECATED_DO_NOT_USE
Tag-DEPRECATED_DO_NOT_USE
Tag-DEPRECATED_DO_NOT_USE
SecurityEvent
Notification
Operational
HeaderVersion
Timestamp
SourceEXE
ProcessName
ProcessID
ThreadID
Integrity
TransErrorCode
ClientID
MsgSystemID
Origin
Destination
SequenceNumber
SessionID
TimeToLive
AuthenticationCode
SoftwareID
Priority
Severity
MsgErrorCode
CorellationID
NameAlias
Description
SupplierList
Cookie
Formatting
Localization
Resource
Mapfile
Tag-DEPRECATED_DO_NOT_USE
Header
Message
Message
Severity
Message
Header
Header
Header
Header
Message
Header
Header
Header
TechnologyName
TechnologyName
TechnologyName
TechnologyName
TechnologyName
TechnologyName
ThreatEventID
ThreatEventID
EventIDDescription
EventIDDescription
EventIDDescription
Destination-EPO
Destination-SMTP
Destination-SNMP
Destination-AppLog
Destination-LocalDB
ThreatSeverity
ThreatSeverity
ThreatSeverity
ThreatSeverity
ThreatSeverity
ThreatSeverity
TechnologyName
ThreatSeverity
Register
Buffer
String
Register
Buffer
String
type="Null"
type="Register"
type="Bool"
type="Int"
type="Int64"
type="Buffer"
type="String"
type="List"
Property
prefix="%s"
0x%.*s
</%s%s>
<Task id="%s">
<businessObject id="%s" version="1.0">
</Task>
</businessObject>
</%.*s>%s
<![CDATA[%s]]>
</%.*s>%s
_%s.%s="
name="
</%s>%s
value="
<![CDATA[%s]]>
</%s>%s
ReadOnly
encoding
%s.%s="
</%s>%s
type="String">
</%s>%s
value="
type="%s"
Register
Buffer[%u]
String[%u]
List[%u]
<null>
0x0nyi
ForceRemove
NoRemove
Delete
TypeLib
Software
SYSTEM
SECURITY
Hardware
Interface
FileType
Component Categories
Invalid xml file or schema file
Failed to create xml document instance, 0x%08X
Failed to create xsd document instance, 0x%08X
Failed to load xml document, 0x%08X
Failed to load xsd document, 0x%08X
ForceRemove
Failed to get DOM element, 0x%08X
Failed to create schema collection instance, 0x%08X
targetNamespace
NoRemove
Failed to add schema reference, 0x%08X
Failed to get element type for, %s
FileType
Failed to get attribute type for element, %s
Failed to get value for element, %s
Failed to get content type for %s
Converter supports text only and element only complex elements.
Delete
Interface
Error caused due to element, %s
Unsupported element data type %d
Parser error at line %d, reason = %s
Component Categories
Hardware
SECURITY
SYSTEM
Software
TypeLib
XML Error
0x%8.8X
on line %ld
XML Error could not get doc interface.
prefix
4 hex digits
escaped character: ", \, /, b, f, n, r, t, or u
string character or \ or "
number
, or }
Operational
string, number, object, array, true, false, or null
, or ]
[ or {
SecurityEvent
Notification
HeaderVersion
Timestamp
SourceEXE
ProcessName
ProcessID
ThreadID
Integrity
TransErrorCode
ClientID
MsgSystemID
Origin
Destination
SequenceNumber
SessionID
TimeToLive
AuthenticationCode
SoftwareID
Priority
Severity
MsgErrorCode
CorellationID
NameAlias
Description
SupplierList
Cookie
Formatting
Localization
Resource
Mapfile
TechnologyName
ThreatEventID
ThreatSeverity
EventIDDescription
TaskName
EventList
PropList
TechnologyName
TechnologyName
ThreatSeverity
ThreatSeverity
ThreatEventID
ThreatEventID
EventIDDescription
EventIDDescription
ThreatTimestamp
ThreatTimestamp
TechnologyName
ThreatEventID
ThreatSeverity
EventIDDescription
ThreatTimestamp
TaskName
TaskName
TaskName
CustomFields
TechnologyName
ThreatSeverity
ThreatEventID
EventFilter
0x%.*s
'
"
%Y-%m-%dT%H:%M:%SZ
%d-%d-%dT%d:%d:%dZ
%hd-%hd-%hdT%hd:%hd:%hdZ
%4.4d-%2.2d-%2.2dT%2.2d:%2.2d:%2.2d
Kernel32.dll
Kernel32.dll
Register
Buffer
String
businessObject
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
VS_VERSION_INFO
StringFileInfo
000004B0
FileVersion
10.7.0.677
FileDescription
McVariant utilities
PrivateBuild
Endpoint Security Platform.10.7.0.677
ProductName
McAfee Endpoint Security
ProductVersion
10.7.0
CompanyName
McAfee, LLC.
LegalCopyright
Copyright
2019 McAfee, LLC. All Rights Reserved.
VarFileInfo
Translation
McAfee, Inc
McAfee, Inc
EnableExceptionOnViolation
SOFTWARE\McAfee\Endpoint\IPS\BO
mfeepmpk.sys
Unknown
ServicesActive
msvcr80.dll
msvcr71.dll
msvcr70.dll
msvcrt.dll
ntdll.dll
skernel32.dll
eBOPStatus
mfepssa : inject : created remote thread cid=%x.%x
checkIfInterfaceToHook-Match
rpcrt4.dll
ole32.dll
initKevlarAPIData : Loading %hs
COMSetupThreadProc - Aborting due to unload request.
ProcessChildProcessPolicy
ProcessPayloadRestrictionPolicy
ProcessSystemCallFilterPolicy
ProcessImageLoadPolicy
ProcessFontDisablePolicy
ProcessSignaturePolicy
ProcessControlFlowGuardPolicy
ProcessExtensionPointDisablePolicy
ProcessMitigationOptionsMask
ProcessSystemCallDisablePolicy
ProcessStrictHandleCheckPolicy
ProcessDynamicCodePolicy
ProcessASLRPolicy
ProcessDEPPolicy
CheckMitigationPolicy(): %s = 0x%8x.
Unexpected patch data at %s+0x%x
Start instructions mismatch at %s+0x%x, potentially due to patch or relocation.
Start instructions mismatch at %s+0x%x, unable to patch
Start instructions match at %s+0x%x.
Start bytes match at %s+0x%x.
Bypassing start bytes check for %s+0x%x.
dRpcrt4.dll
UnhookRpcrt4NdrServerInitialize():
Pre_SetProcessMitigationPolicy_Handler(): EXCEPTION!!!! mitigationPolicy = %d
Pre_SetProcessMitigationPolicy_Handler(): trigger finalize!!!!
Pre_SetProcessMitigationPolicy_Handler(): All in PassThrough!!!!
Pre_SetProcessMitigationPolicy_Handler(): Setting %s to 0x%x
Pre_SetProcessMitigationPolicy_Handler(): MitigationPolicy = %d (%s), lpBuffer = %p, dwLength = %d
Invalid
1 HBO entry for module %s (%u.%u.%u.%u) did not match any of %u version(s)
1 HBO entry for module %s %hs did not match any of %u version(s)
1 HBO entry for module %s (%u.%u.%u.%u) matched but start bytes did not match.
1 HBO entry for module %s %hs matched but start bytes did not match.
1 HBO entry for module %s (%u.%u.%u.%u) (%hs) matched but start bytes did not match.
%s: size %u, offset %u
1 HBO entry for module %s (%u.%u.%u.%u) (%hs) did not match any of %u hash(es)
Unable to query module %s information: %u
CheckForHooks(%s, %p, 0x%x):
MosHost.dll
Post_LdrLoadDll actual load %s
1111111111111111
@@@@@@@@@@
@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
5555555555555555
@@@@@@@@@@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@
\REGISTRY\CURRENT_USER
\REGISTRY\CURRENT_USER\SOFTWARE\CLASSES
_CLASSES
USER\S-1-
CURRENTCONTROLSET
\REGISTRY\MACHINE\SYSTEM\CONTROLSET
CONTROLSET00
MACHINE\SYSTEM\
\REGISTRY\
\VarFileInfo\Translation
lFailed to query module version information for %s, code 0x%x
Software\McAfee\SystemCore
szInstallDir64
szInstallDir32
advapi32
<NULL>
NTDLL.DLL
KERNEL32.DLL
\Registry\Machine\System\CurrentControlSet\Services\%s
SeLoadDriverPrivilege
NotComDllGetInterface: %s loading %s, WinVerifyTrust failed with %08x
NotComDllGetInterface: DLL not found in install location, looking in current directory
mfemmsa.dll
mfevtp
mfehidk
\\.\Global\mfehidk
\\.\mfehidk
v0123456789abcdef0x
0123456789ABCDEF0X
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
(null)
runtime error
TLOSS error
SING error
DOMAIN error
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- abort() has been called
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
mscoree.dll
((((( H
h(((( H
H
WUSER32.DLL
CONOUT$
VS_VERSION_INFO
StringFileInfo
040904e4
CompanyName
McAfee, LLC.
ProductName
McAfee Endpoint
InternalName
EpMPApi
OriginalFilename
EpMPApi.dll
FileDescription
McAfee MP Engine
FileVersion
10.7.0.796
ProductVersion
10.7.0.796
BuildNumber
BuildDate
03/20/2019
LegalCopyright
Copyright
2019 McAfee, LLC. All Rights Reserved.
VarFileInfo
Translation
McAfee, Inc
McAfee, LL
Legal_Policy_Statement
McAfee, Inc
1111111111111111
@@@@@@@@@@
@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
5555555555555555
@@@@@@@@@@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@
VS_VERSION_INFO
StringFileInfo
040904e4
CompanyName
McAfee, LLC.
ProductName
McAfee Endpoint
InternalName
EpMPThe
OriginalFilename
EpMPThe.dll
FileDescription
McAfee Endpoint Thin Hook Environment
FileVersion
10.7.0.796
ProductVersion
10.7.0.796
BuildNumber
BuildDate
03/20/2019
LegalCopyright
Copyright
2019 McAfee, LLC. All Rights Reserved.
VarFileInfo
Translation
McAfee, Inc
McAfee, LL
Legal_Policy_Statement
McAfee, Inc
EpMPApi.dll
aclt.exe
EpMPApi.dll
pmfeepmpk.sys
SOFTWARE\McAfee\Endpoint\IPS\BO
EnableExceptionOnViolation
EpMPApi.dll
EpMPApi.dll
EpMPApi.dll
EpMPApi.dll
ServicesActive
Unknown
ServicesActive
ServicesActive
ServicesActive
EpMPApi.dll
EpMPApi.dll
EpMPApi.dll
SOFTWARE\McAfee\Endpoint\IPS\BO
BOPStatus
EpMPApi.dll
mfepssa : inject : created remote thread cid=%x.%x
checkIfInterfaceToHook-Match
rpcrt4.dll
ole32.dll
ntdll.dll
ntdll.dll
ntdll.dll
initKevlarAPIData : Loading %hs
COMSetupThreadProc - Aborting due to unload request.
pEpMPApi.dll
ProcessDEPPolicy
ProcessASLRPolicy
ProcessDynamicCodePolicy
ProcessStrictHandleCheckPolicy
ProcessSystemCallDisablePolicy
ProcessMitigationOptionsMask
ProcessControlFlowGuardPolicy
ProcessExtensionPointDisablePolicy
ProcessSignaturePolicy
ProcessFontDisablePolicy
ProcessImageLoadPolicy
ProcessSystemCallFilterPolicy
ProcessPayloadRestrictionPolicy
ProcessChildProcessPolicy
CheckMitigationPolicy(): %s = 0x%8x.
Bypassing start bytes check for %s+0x%x.
Start bytes match at %s+0x%x.
Unexpected patch data at %s+0x%x
Start instructions match at %s+0x%x.
Start instructions mismatch at %s+0x%x, unable to patch
Start instructions mismatch at %s+0x%x, potentially due to patch or relocation.
Unable to query module %s information: %u
%s: size %u, offset %u
1 HBO entry for module %s (%u.%u.%u.%u) (%hs) matched but start bytes did not match.
1 HBO entry for module %s %hs matched but start bytes did not match.
1 HBO entry for module %s (%u.%u.%u.%u) matched but start bytes did not match.
1 HBO entry for module %s (%u.%u.%u.%u) (%hs) did not match any of %u hash(es)
1 HBO entry for module %s %hs did not match any of %u version(s)
1 HBO entry for module %s (%u.%u.%u.%u) did not match any of %u version(s)
UnhookRpcrt4NdrServerInitialize():
Rpcrt4.dll
CheckForHooks(%s, %p, 0x%x):
Post_LdrLoadDll actual load %s
MosHost.dll
Invalid
Pre_SetProcessMitigationPolicy_Handler(): MitigationPolicy = %d (%s), lpBuffer = %p, dwLength = %d
Pre_SetProcessMitigationPolicy_Handler(): EXCEPTION!!!! mitigationPolicy = %d
Pre_SetProcessMitigationPolicy_Handler(): EXCEPTION!!!! %s %p
Pre_SetProcessMitigationPolicy_Handler(): Setting %s to 0x%x
Pre_SetProcessMitigationPolicy_Handler(): All in PassThrough!!!!
Pre_SetProcessMitigationPolicy_Handler(): trigger finalize!!!!
1111111111111111
@@@@@@@@@@
@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
5555555555555555
@@@@@@@@@@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@
\REGISTRY\
MACHINE\SYSTEM\
CONTROLSET00
\REGISTRY\MACHINE\SYSTEM\CONTROLSET
CURRENTCONTROLSET
\REGISTRY\MACHINE\SYSTEM\CONTROLSET
USER\S-1-
_CLASSES
\REGISTRY\CURRENT_USER\SOFTWARE\CLASSES
\REGISTRY\CURRENT_USER
EpMPApi.dll
EpMPApi.dll
\VarFileInfo\Translation
pFailed to query module version information for %s, code 0x%x
4294967294
Software\McAfee\SystemCore
szInstallDir64
szInstallDir32
advapi32
<NULL>
NTDLL.DLL
KERNEL32.DLL
\Registry\Machine\System\CurrentControlSet\Services\%s
SeLoadDriverPrivilege
NotComDllGetInterface: %s loading %s, WinVerifyTrust failed with %08x
NotComDllGetInterface: DLL not found in install location, looking in current directory
mfemmsa.dll
mfevtp
mfehidk
\\.\Global\mfehidk
\\.\mfehidk
0123456789abcdef0x
0123456789ABCDEF0X
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
(null)
runtime error
TLOSS error
SING error
DOMAIN error
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- abort() has been called
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
mscoree.dll
((((( H
h(((( H
H
USER32.DLL
CONOUT$
VS_VERSION_INFO
StringFileInfo
040904e4
CompanyName
McAfee, LLC.
ProductName
McAfee Endpoint
InternalName
EpMPApi
OriginalFilename
EpMPApi.dll
FileDescription
McAfee MP Engine
FileVersion
10.7.0.796 x64
ProductVersion
10.7.0.796
BuildNumber
BuildDate
03/20/2019
LegalCopyright
Copyright
2019 McAfee, LLC. All Rights Reserved.
VarFileInfo
Translation
McAfee, Inc
McAfee, LL
Legal_Policy_Statement
McAfee, Inc
1111111111111111
@@@@@@@@@@
@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
5555555555555555
@@@@@@@@@@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@
VS_VERSION_INFO
StringFileInfo
040904e4
CompanyName
McAfee, LLC.
ProductName
McAfee Endpoint
InternalName
EpMPThe
OriginalFilename
EpMPThe.dll
FileDescription
McAfee Endpoint Thin Hook Environment
FileVersion
10.7.0.796
ProductVersion
10.7.0.796
BuildNumber
BuildDate
03/20/2019
LegalCopyright
Copyright
2019 McAfee, LLC. All Rights Reserved.
VarFileInfo
Translation
McAfee, Inc
McAfee, LL
Legal_Policy_Statement
McAfee, Inc
VS_VERSION_INFO
StringFileInfo
000004B0
CompanyName
Musarubra US LLC.
ProductName
McAfee Endpoint
InternalName
mfeepmpk_utility.exe
OriginalFilename
mfeepmpk_utility.exe
FileDescription
McAfee Endpoint mfeepmpk utility
FileVersion
10.7.0.3460
ProductVersion
10.7.0.3460
BuildNumber
BuildDate
05/25/2022
Comments
MFEINSTALL
RCW_Comments
MFEINSTALL
LegalCopyright
Copyright
2022 Musarubra US LLC. All Rights Reserved.
VarFileInfo
Translation
McAfee, Inc
Dropped Files
Network Analysis
Hosts Involved
| IP Address |
|---|
| 23.97.150.21 |
| 23.99.109.44 |
| 8.8.8.8 |
DNS Requests
| Domain | IP Address |
|---|---|
| teredo.ipv6.microsoft.com | 54.241.176.34 |
| ipv6.msftncsi.com | |
| watson.microsoft.com | 104.208.16.93 |
| dns.msftncsi.com | 131.107.255.255 |
| nexusrules.officeapps.live.com | 52.109.8.19 |
| nexus.officeapps.live.com | 52.109.88.38 |
HTTP Requests
| URL | Data |
|---|---|
| http://192.168.148.98:5357/f2a51a56-14f7-49cf-a685-0458ce6e1d4a/ | POST /f2a51a56-14f7-49cf-a685-0458ce6e1d4a/ HTTP/1.1 Cache-Control: no-cache Connection: Close Pragma: no-cache Content-Type: application/soap+xml User-Agent: WSDAPI Content-Length: 733 Host: 192.168.148.98:5357 |
Behavior Summary
Processes
registry filesystem process services network synchronization