Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Overview
overview
7Static
static
3f1c63d5094...77.exe
windows7-x64
7f1c63d5094...77.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$SYSDIR/Dr...rv.sys
windows7-x64
1$SYSDIR/Dr...rv.sys
windows10-2004-x64
1$SYSDIR/Dr...an.sys
windows7-x64
1$SYSDIR/Dr...an.sys
windows10-2004-x64
1$SYSDIR/Dr...er.sys
windows7-x64
1$SYSDIR/Dr...er.sys
windows10-2004-x64
1$SYSDIR/snapapi.dll
windows7-x64
1$SYSDIR/snapapi.dll
windows10-2004-x64
1$SYSDIR/snapapint.dll
windows7-x64
1$SYSDIR/snapapint.dll
windows10-2004-x64
1$SYSDIR/sn...64.dll
windows7-x64
1$SYSDIR/sn...64.dll
windows10-2004-x64
1$SYSDIR/vo...pi.dll
windows7-x64
1$SYSDIR/vo...pi.dll
windows10-2004-x64
1Static task
static1
Behavioral task
behavioral1
Sample
f1c63d50946ef49834a6c4dc39f8a0b87f94ad2686a751c73e7f641716333777.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
f1c63d50946ef49834a6c4dc39f8a0b87f94ad2686a751c73e7f641716333777.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$SYSDIR/Drivers/fltsrv.sys
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$SYSDIR/Drivers/fltsrv.sys
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$SYSDIR/Drivers/snapman.sys
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
$SYSDIR/Drivers/snapman.sys
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$SYSDIR/Drivers/volume_tracker.sys
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
$SYSDIR/Drivers/volume_tracker.sys
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
$SYSDIR/snapapi.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$SYSDIR/snapapi.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
$SYSDIR/snapapint.dll
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
$SYSDIR/snapapint.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$SYSDIR/snapapint64.dll
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
$SYSDIR/snapapint64.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
$SYSDIR/volume_tracker_driver_api.dll
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
$SYSDIR/volume_tracker_driver_api.dll
Resource
win10v2004-20240508-en
Target
f1c63d50946ef49834a6c4dc39f8a0b87f94ad2686a751c73e7f641716333777
Size
801KB
MD5
163b7e3680fdada8d087cfc709a208f6
SHA1
5e2478d2a0a3151eff56ad90f46fcaa48acf0af0
SHA256
f1c63d50946ef49834a6c4dc39f8a0b87f94ad2686a751c73e7f641716333777
SHA512
76253ac1dc4e20d6799ffe76002acce6d8c787f5b31b3c21f7b760ba9f67e06a61e8f6b96bc5fd42f929471ececec56f73492012d5069821f3bbe943f372c014
SSDEEP
12288:EnPdlVYESSswUQBocgzDRovxJvbyLuUXTjYMRvHfeCcS//lIoW6V+uMiEAMBOikI:UPdlXSSLUCFgzszx8PdZhNU7BP
Checks for missing Authenticode signature.
resource |
---|
f1c63d50946ef49834a6c4dc39f8a0b87f94ad2686a751c73e7f641716333777 |
unpack001/$PLUGINSDIR/System.dll |
unpack001/$PLUGINSDIR/nsExec.dll |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW
CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree
ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics
GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
WriteFile
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
CopyFileW
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError
wsprintfW
StringFromGUID2
CLSIDFromString
Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode
CharNextExA
CharNextW
CharPrevW
FindWindowExW
wsprintfW
SendMessageW
GetCommandLineW
lstrcpynW
ExitProcess
GetCurrentProcess
GetModuleHandleA
GetProcAddress
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreatePipe
GetVersion
DeleteFileW
lstrcmpiW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
Exec
ExecToLog
ExecToStack
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
C:\jenkins_agent\workspace\common\kernel-fltsrv\3387\product\kernel\win\.output\x64\Release\fltsrv.pdb
IoGetAttachedDeviceReference
ObfReferenceObject
ObfDereferenceObject
IoGetLowerDeviceObject
_purecall
IofCallDriver
IofCompleteRequest
IoGetDeviceObjectPointer
PoCallDriver
__C_specific_handler
KeBugCheckEx
RtlIntegerToUnicodeString
RtlInitUnicodeString
RtlCompareUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
_vsnwprintf
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
IoReleaseRemoveLockAndWaitEx
IoRegisterPlugPlayNotification
IoUnregisterPlugPlayNotification
KeWaitForSingleObject
KeInitializeMutex
KeReleaseMutex
ExAllocatePoolWithTag
ExFreePoolWithTag
MmGetSystemRoutineAddress
KeDelayExecutionThread
strstr
DbgPrintEx
DbgQueryDebugFilterState
DbgSetDebugFilterState
RtlTimeToTimeFields
RtlGetVersion
KeInitializeDpc
KeInitializeTimerEx
KeCancelTimer
KeSetTimerEx
InitializeSListHead
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExpInterlockedFlushSList
ExQueueWorkItem
ExSystemTimeToLocalTime
ZwCreateFile
ZwWriteFile
ZwClose
_vsnprintf
KdDebuggerEnabled
RtlInitString
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
RtlxUnicodeStringToAnsiSize
RtlxAnsiStringToUnicodeSize
RtlCompareString
NlsMbOemCodePageTag
IoCreateSymbolicLink
IoDeleteSymbolicLink
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
IoEnumerateDeviceObjectList
IoRegisterBootDriverReinitialization
RtlCaptureStackBackTrace
MmMapLockedPagesSpecifyCache
IoGetCurrentProcess
IoIs32bitProcess
PoStartNextPowerIrp
IoGetRequestorProcess
IoBuildSynchronousFsdRequest
IoCreateDevice
IoDeleteDevice
IoGetStackLimits
ObQueryNameString
PsGetCurrentThreadId
PsGetProcessId
PsInitialSystemProcess
MmUnlockPages
IoFreeMdl
ObReferenceObjectByName
IoDriverObjectType
IoAttachDeviceToDeviceStack
IoGetDeviceProperty
KeInitializeEvent
KeSetEvent
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwWaitForSingleObject
KeStackAttachProcess
KeUnstackDetachProcess
ZwOpenDirectoryObject
ZwQueryDirectoryObject
IoAllocateIrp
IoBuildAsynchronousFsdRequest
IoDetachDevice
IoFreeIrp
ZwOpenFile
ZwDeviceIoControlFile
ZwFsControlFile
ZwOpenKey
ZwQueryValueKey
IoBuildDeviceIoControlRequest
ProbeForRead
ProbeForWrite
IoAllocateWorkItem
IoFreeWorkItem
IoQueueWorkItem
KeInitializeSemaphore
KeReleaseSemaphore
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
C:\jenkins_agent\workspace\common\kernel-snapapi\4057\product\kernel\win\.output\x64\Release\snapman.pdb
strncpy
RtlCompareUnicodeString
PsGetVersion
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoGetCurrentProcess
ObfDereferenceObject
PsGetProcessId
PsGetCurrentProcessId
ZwQueryInformationProcess
_purecall
ExFreePoolWithTag
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocatePagesForMdl
MmFreePagesFromMdl
IoAllocateMdl
IoBuildPartialMdl
IoFreeMdl
ZwQueryInformationFile
ZwQueryObject
FsRtlGetFileSize
IoFileObjectType
ZwQuerySystemInformation
ZwClose
ZwQueryVolumeInformationFile
ZwFsControlFile
KeBugCheckEx
IoAcquireVpbSpinLock
IoReleaseVpbSpinLock
IofCompleteRequest
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
RtlIntegerToUnicodeString
RtlInitUnicodeString
RtlEqualUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
RtlPrefixUnicodeString
_vsnwprintf
__C_specific_handler
ExAllocatePoolWithTag
IoAllocateWorkItem
IoFreeWorkItem
IoQueueWorkItem
KeWaitForMultipleObjects
KeWaitForSingleObject
KeInitializeEvent
KeClearEvent
KeSetEvent
ObQueryObjectAuditingByHandle
ZwDuplicateObject
ZwWaitForSingleObject
ObReferenceObjectByHandle
ObfReferenceObject
ObQueryNameString
KeInitializeMutex
KeReleaseMutex
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
IoReleaseRemoveLockAndWaitEx
IoRegisterPlugPlayNotification
IoUnregisterPlugPlayNotification
KeDelayExecutionThread
ZwOpenProcess
MmGetSystemRoutineAddress
strstr
DbgPrintEx
DbgQueryDebugFilterState
DbgSetDebugFilterState
RtlTimeToTimeFields
RtlGetVersion
KeInitializeDpc
KeInitializeTimerEx
KeCancelTimer
KeSetTimerEx
InitializeSListHead
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExpInterlockedFlushSList
ExQueueWorkItem
ExSystemTimeToLocalTime
ZwCreateFile
ZwWriteFile
_vsnprintf
KdDebuggerEnabled
RtlCompareMemory
MmProbeAndLockPages
MmUnlockPages
RtlInitString
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
RtlxUnicodeStringToAnsiSize
RtlxAnsiStringToUnicodeSize
RtlCompareString
atoi
NlsMbOemCodePageTag
IoGetDeviceObjectPointer
ObReferenceObjectByPointer
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
IoEnumerateDeviceObjectList
IoRegisterBootDriverReinitialization
RtlCaptureStackBackTrace
InitSafeBootMode
IoIs32bitProcess
PoStartNextPowerIrp
IoGetRequestorProcess
IoBuildSynchronousFsdRequest
IofCallDriver
IoCreateDevice
IoDeleteDevice
IoGetStackLimits
SeSinglePrivilegeCheck
PsGetCurrentThreadId
KeStackAttachProcess
KeUnstackDetachProcess
SeTokenType
SeCreateClientSecurity
SeImpersonateClientEx
PsDereferencePrimaryToken
PsDereferenceImpersonationToken
PsRevertToSelf
PsLookupProcessByProcessId
ZwOpenThreadTokenEx
PsInitialSystemProcess
RtlDeleteRegistryValue
ZwCreateKey
ZwOpenKey
ZwEnumerateKey
ZwFlushKey
ZwQueryValueKey
ZwSetValueKey
IoAllocateIrp
IoAttachDeviceToDeviceStack
IoBuildAsynchronousFsdRequest
IoDetachDevice
IoFreeIrp
PoCallDriver
IoGetDeviceProperty
KeQueryTimeIncrement
ZwOpenFile
ZwReadFile
ZwDeviceIoControlFile
IoGetRelatedDeviceObject
strncmp
IoBuildDeviceIoControlRequest
IoCreateFile
ZwSetInformationFile
KeSetPriorityThread
PsCreateSystemThread
ProbeForRead
ProbeForWrite
KeInitializeSemaphore
KeReleaseSemaphore
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
C:\jenkins_agent\workspace\common\kernel-volume-tracker\10017\product\kernel\win\.output\x64\Release\volume_tracker.pdb
IoGetCurrentProcess
_purecall
IoGetDeviceObjectPointer
ObfDereferenceObject
KeBugCheckEx
IofCompleteRequest
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
__C_specific_handler
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockEx
IoReleaseRemoveLockAndWaitEx
KeWaitForSingleObject
KeInitializeMutex
KeReleaseMutex
ExAllocatePoolWithTag
ExFreePoolWithTag
RtlIntegerToUnicodeString
RtlInitUnicodeString
RtlCompareUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
RtlPrefixUnicodeString
_vsnwprintf
strstr
DbgPrintEx
DbgQueryDebugFilterState
DbgSetDebugFilterState
RtlTimeToTimeFields
RtlGetVersion
KeInitializeDpc
KeInitializeTimerEx
KeCancelTimer
KeSetTimerEx
InitializeSListHead
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExpInterlockedFlushSList
ExQueueWorkItem
ExSystemTimeToLocalTime
MmGetSystemRoutineAddress
ZwCreateFile
ZwWriteFile
ZwClose
_vsnprintf
KdDebuggerEnabled
ObfReferenceObject
IoEnumerateDeviceObjectList
MmMapLockedPagesSpecifyCache
IoIs32bitProcess
PoStartNextPowerIrp
IoGetRequestorProcess
IoBuildSynchronousFsdRequest
IofCallDriver
IoCreateDevice
IoDeleteDevice
IoGetStackLimits
ObQueryNameString
IoCreateSymbolicLink
IoDeleteSymbolicLink
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
PsGetCurrentThreadId
PsGetProcessId
PsInitialSystemProcess
MmUnlockPages
IoFreeMdl
IoRegisterBootDriverReinitialization
RtlCaptureStackBackTrace
IoAllocateIrp
IoAttachDeviceToDeviceStack
IoBuildAsynchronousFsdRequest
IoDetachDevice
IoFreeIrp
PoCallDriver
IoGetDeviceProperty
RtlInitString
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
NlsMbOemCodePageTag
KeInitializeEvent
KeSetEvent
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwWaitForSingleObject
KeStackAttachProcess
KeUnstackDetachProcess
IoBuildDeviceIoControlRequest
ZwOpenFile
ZwDeviceIoControlFile
ZwFsControlFile
ZwOpenKey
ZwQueryValueKey
memchr
strchr
strcmp
ProbeForRead
ProbeForWrite
IoAllocateWorkItem
IoFreeWorkItem
IoQueueWorkItem
KeInitializeSemaphore
KeReleaseSemaphore
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
C:\jenkins_agent\workspace\common\kernel-build-signed-driver\220\product\exe\vsa64\release\snapapi.pdb
GetModuleHandleA
SetErrorMode
GetComputerNameExW
GetModuleFileNameW
GetCurrentProcessId
GetCurrentProcess
OpenProcess
GetDiskFreeSpaceW
DeleteTimerQueueTimer
CreateTimerQueueTimer
LoadLibraryW
GetLastError
FreeLibrary
CloseHandle
GetLogicalDrives
GetProcAddress
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
GetStdHandle
GetProcessHeap
HeapSize
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
LocalAlloc
SetEvent
ReleaseMutex
WaitForMultipleObjects
WaitForSingleObjectEx
CreateMutexA
CreateEventA
OpenEventA
ExpandEnvironmentStringsW
GetSystemTime
CreateDirectoryA
GetFileAttributesA
GetCurrentThread
SetThreadPriority
VerSetConditionMask
VerifyVersionInfoW
CreateThread
WriteFile
SystemTimeToTzSpecificLocalTime
OutputDebugStringW
CreateDirectoryW
CreateFileW
GetSystemTimeAsFileTime
FindClose
SystemTimeToFileTime
DeleteFileW
FindFirstFileW
FindNextFileW
Sleep
LoadLibraryA
GetOverlappedResult
DeviceIoControl
CreateFileA
GetFullPathNameW
GetFileAttributesW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
ReadFile
FlushFileBuffers
GetStringTypeW
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
ExitThread
LoadLibraryExW
HeapFree
HeapReAlloc
GetCPInfo
HeapAlloc
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CompareStringW
LoadLibraryExA
GetProcessImageFileNameW
LookupAccountSidW
GetTokenInformation
OpenThreadToken
OpenProcessToken
RegQueryValueExW
RegOpenKeyW
RegCloseKey
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
ConvertSidToStringSidW
TranslateMessage
GetMessageA
RegisterDeviceNotificationW
DispatchMessageA
SetWindowLongPtrW
GetWindowLongPtrW
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcA
PostMessageA
UnregisterDeviceNotification
SHGetMalloc
SHGetSpecialFolderLocation
SHChangeNotify
SHGetFolderPathW
CoInitializeEx
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoUninitialize
sbAddNotification
sbAddSnapshotVolume
sbAddSnapshotVolumeEx
sbCancel
sbClose
sbCloseUnmovableFile
sbCompleteVssComponentBackup
sbCreateSnapshot
sbCreateSnapshotEx
sbCreateUnmovableFile
sbCreateVolume
sbCreateVolumeEx
sbCreateVssSession
sbCreateVssSnapshot
sbCreateVssSnapshotEx
sbDeleteUnmovableFile
sbDeleteVolume
sbDeleteVolumeEx
sbDisableVssWriters
sbDismountVolume
sbDoneLib
sbExtendVolume
sbFlushUnmovableFile
sbFreeCloseBlock
sbFreeOpenNextBlock
sbFreeReadBlock
sbFreeWriteBlock
sbGetBitmap
sbGetDriveInfo
sbGetDrives
sbGetFirstCluster
sbGetFreeLetters
sbGetInquiryData
sbGetLockDriveOwner
sbGetParams
sbGetReadInfo
sbGetSectorUnmovableFile
sbGetSizeUnmovableFile
sbGetSnapshotDeviceName
sbGetUnmovableFileNames
sbGetVolumeInfo
sbGetVolumeLockType
sbGetVolumeNumber
sbGetVolumeOpenedFileIDs
sbGetVolumeOpenedFiles
sbGetVolumeStat
sbGetVolumeVssInfo
sbGetVolumes
sbGetVssApiStatus
sbGetVssBackupDocument
sbGetVssWriterStatuses
sbInitLib
sbInitLibEx
sbInitializeDrive
sbInvalidateDrive
sbLock
sbLockDrive
sbLockVolume
sbMakeDriveInvisible
sbMakeDriveOffline
sbMakeDriveOnline
sbNotify
sbOpenDrive
sbOpenVolume
sbOpenVolumeByName
sbOpenVssSession
sbQueryDriveIdentify
sbRead
sbReadDrive
sbReadEx
sbReadUnmovableFile
sbReadVolume
sbRemoveNotification
sbRemoveSnapshotVolume
sbSetBitmap
sbSetGlobalFlags
sbSetParams
sbSetSizeUnmovableFile
sbSetVolumeLetter
sbSetVolumeLetterEx
sbStart
sbUnhideVolume
sbUnlock
sbUnlockDrive
sbUnlockVolume
sbVssControl
sbWriteDrive
sbWriteUnmovableFile
sbWriteVolume
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
C:\jenkins_agent\workspace\common\kernel-build-signed-driver\220\product\exe\nt\release\snapapint.pdb
memmove
_allmul
memcpy
memset
ZwClose
ZwCreateEvent
ZwQuerySystemInformation
_aulldiv
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
ZwCreateSemaphore
ZwReleaseSemaphore
ZwWaitForSingleObject
RtlAllocateHeap
RtlCreateHeap
RtlDestroyHeap
RtlFreeHeap
ZwCreateMutant
ZwReleaseMutant
ZwSetEvent
ZwWaitForMultipleObjects
RtlInitString
RtlInitAnsiString
RtlInitUnicodeString
RtlCompareString
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
RtlCompareUnicodeString
RtlxAnsiStringToUnicodeSize
RtlUnicodeStringToAnsiSize
_vsnprintf
NlsMbCodePageTag
RtlTimeToTimeFields
ZwDisplayString
NtDisplayString
ZwTerminateProcess
RtlRaiseException
_alldiv
RtlUnwind
DbgPrint
ZwSetInformationThread
ZwAllocateVirtualMemory
ZwProtectVirtualMemory
ZwFreeVirtualMemory
ZwCreateThread
ZwTerminateThread
ZwCreateFile
ZwReadFile
_vsnwprintf
NtQuerySystemTime
ZwOpenKey
ZwQueryValueKey
ZwOpenFile
ZwWriteFile
ZwDeviceIoControlFile
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
NtAdjustPrivilegesToken
NtOpenProcessToken
NtOpenThreadToken
NtQueryVirtualMemory
_sbGetVolumeLockType@8
sbAddNotification
sbAddSnapshotVolume
sbAddSnapshotVolumeEx
sbCancel
sbClose
sbCloseUnmovableFile
sbCompleteVssComponentBackup
sbCreateSnapshot
sbCreateSnapshotEx
sbCreateUnmovableFile
sbCreateVolume
sbCreateVolumeEx
sbCreateVssSession
sbCreateVssSnapshot
sbCreateVssSnapshotEx
sbDeleteUnmovableFile
sbDeleteVolume
sbDeleteVolumeEx
sbDisableVssWriters
sbDismountVolume
sbDoneLib
sbExtendVolume
sbFlushUnmovableFile
sbFreeCloseBlock
sbFreeOpenNextBlock
sbFreeReadBlock
sbFreeWriteBlock
sbGetBitmap
sbGetDriveInfo
sbGetDrives
sbGetFirstCluster
sbGetFreeLetters
sbGetInquiryData
sbGetLockDriveOwner
sbGetParams
sbGetReadInfo
sbGetSectorUnmovableFile
sbGetSizeUnmovableFile
sbGetSnapshotDeviceName
sbGetUnmovableFileNames
sbGetVolumeInfo
sbGetVolumeNumber
sbGetVolumeOpenedFileIDs
sbGetVolumeOpenedFiles
sbGetVolumeStat
sbGetVolumeVssInfo
sbGetVolumes
sbGetVssApiStatus
sbGetVssBackupDocument
sbGetVssWriterStatuses
sbInitLib
sbInitLibEx
sbInitializeDrive
sbInvalidateDrive
sbLock
sbLockDrive
sbLockVolume
sbMakeDriveInvisible
sbMakeDriveOffline
sbMakeDriveOnline
sbNotify
sbOpenDrive
sbOpenVolume
sbOpenVolumeByName
sbOpenVssSession
sbQueryDriveIdentify
sbRead
sbReadDrive
sbReadEx
sbReadUnmovableFile
sbReadVolume
sbRemoveNotification
sbRemoveSnapshotVolume
sbSetBitmap
sbSetGlobalFlags
sbSetParams
sbSetSizeUnmovableFile
sbSetVolumeLetter
sbSetVolumeLetterEx
sbStart
sbUnhideVolume
sbUnlock
sbUnlockDrive
sbUnlockVolume
sbVssControl
sbWriteDrive
sbWriteUnmovableFile
sbWriteVolume
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
C:\jenkins_agent\workspace\common\kernel-build-signed-driver\220\product\exe\nta64\release\snapapint64.pdb
memmove
memcpy
memset
ZwClose
ZwCreateEvent
ZwQuerySystemInformation
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
memcmp
ZwCreateSemaphore
ZwReleaseSemaphore
ZwWaitForSingleObject
RtlAllocateHeap
RtlCreateHeap
RtlDestroyHeap
RtlFreeHeap
ZwCreateMutant
ZwReleaseMutant
ZwSetEvent
ZwWaitForMultipleObjects
RtlInitString
RtlInitAnsiString
RtlInitUnicodeString
RtlCompareString
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
RtlCompareUnicodeString
RtlxAnsiStringToUnicodeSize
RtlUnicodeStringToAnsiSize
_vsnprintf
NlsMbCodePageTag
RtlTimeToTimeFields
ZwDisplayString
NtDisplayString
ZwTerminateProcess
RtlRaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
__C_specific_handler
DbgPrint
ZwSetInformationThread
ZwAllocateVirtualMemory
ZwProtectVirtualMemory
ZwFreeVirtualMemory
ZwCreateThread
ZwTerminateThread
ZwCreateFile
ZwReadFile
_vsnwprintf
NtQuerySystemTime
ZwOpenKey
ZwQueryValueKey
ZwOpenFile
ZwWriteFile
ZwDeviceIoControlFile
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
NtAdjustPrivilegesToken
NtOpenProcessToken
NtOpenThreadToken
sbAddNotification
sbAddSnapshotVolume
sbAddSnapshotVolumeEx
sbCancel
sbClose
sbCloseUnmovableFile
sbCompleteVssComponentBackup
sbCreateSnapshot
sbCreateSnapshotEx
sbCreateUnmovableFile
sbCreateVolume
sbCreateVolumeEx
sbCreateVssSession
sbCreateVssSnapshot
sbCreateVssSnapshotEx
sbDeleteUnmovableFile
sbDeleteVolume
sbDeleteVolumeEx
sbDisableVssWriters
sbDismountVolume
sbDoneLib
sbExtendVolume
sbFlushUnmovableFile
sbFreeCloseBlock
sbFreeOpenNextBlock
sbFreeReadBlock
sbFreeWriteBlock
sbGetBitmap
sbGetDriveInfo
sbGetDrives
sbGetFirstCluster
sbGetFreeLetters
sbGetInquiryData
sbGetLockDriveOwner
sbGetParams
sbGetReadInfo
sbGetSectorUnmovableFile
sbGetSizeUnmovableFile
sbGetSnapshotDeviceName
sbGetUnmovableFileNames
sbGetVolumeInfo
sbGetVolumeLockType
sbGetVolumeNumber
sbGetVolumeOpenedFileIDs
sbGetVolumeOpenedFiles
sbGetVolumeStat
sbGetVolumeVssInfo
sbGetVolumes
sbGetVssApiStatus
sbGetVssBackupDocument
sbGetVssWriterStatuses
sbInitLib
sbInitLibEx
sbInitializeDrive
sbInvalidateDrive
sbLock
sbLockDrive
sbLockVolume
sbMakeDriveInvisible
sbMakeDriveOffline
sbMakeDriveOnline
sbNotify
sbOpenDrive
sbOpenVolume
sbOpenVolumeByName
sbOpenVssSession
sbQueryDriveIdentify
sbRead
sbReadDrive
sbReadEx
sbReadUnmovableFile
sbReadVolume
sbRemoveNotification
sbRemoveSnapshotVolume
sbSetBitmap
sbSetGlobalFlags
sbSetParams
sbSetSizeUnmovableFile
sbSetVolumeLetter
sbSetVolumeLetterEx
sbStart
sbUnhideVolume
sbUnlock
sbUnlockDrive
sbUnlockVolume
sbVssControl
sbWriteDrive
sbWriteUnmovableFile
sbWriteVolume
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
C:\jenkins_agent\workspace\common\kernel-build-signed-driver\219\product\exe\vsa64\release\english\volume_tracker_driver_api.pdb
SetErrorMode
VerifyVersionInfoW
VerSetConditionMask
LocalFree
FormatMessageW
GetModuleHandleA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetSystemTime
GetSystemTimeAsFileTime
GetCurrentProcessId
CreateThread
GetLastError
WaitForSingleObject
WriteFile
CloseHandle
SystemTimeToTzSpecificLocalTime
GetModuleFileNameW
OutputDebugStringW
CreateDirectoryW
CreateFileW
ExpandEnvironmentStringsW
FindClose
SystemTimeToFileTime
DeleteFileW
FindFirstFileW
FindNextFileW
SetEvent
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
CreateEventA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetOverlappedResult
DeviceIoControl
CreateFileA
FreeLibrary
Sleep
LoadLibraryA
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleExW
HeapSize
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcessHeap
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers
RegCloseKey
RegOpenKeyW
RegQueryValueExW
VolumeTrackerCreateCheckpoint
VolumeTrackerCreateSession
VolumeTrackerDeleteCheckpoint
VolumeTrackerDeleteSession
VolumeTrackerFreezeCheckpoint
VolumeTrackerGetFinalizedCheckpointName
VolumeTrackerGetSessionNames
VolumeTrackerGetSessionState
VolumeTrackerGetSessionVolume
VolumeTrackerHasChanges
VolumeTrackerQueryChangeListInfo
VolumeTrackerReadChangeList
VolumeTrackerRollbackCheckpoint
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ