0567c6c4-282f-406f-9369-7f876b899c25

procexp.Sys

Description

procexp.Sys is a vulnerable driver and more information will be added as found.

UUID: 0567c6c4-282f-406f-9369-7f876b899c25
Created: 2023-05-06
Author: Nasreddine Bencherchali
Acknowledgement: |

This download link contains the vulnerable driver!

Commands

sc.exe create procexp.sys binPath=C:\windows\temp\procexp.Sys type=kernel &amp;&amp; sc.exe start procexp.Sys

Use Case	Privileges	Operating System
Elevate privileges	kernel	Windows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources

Internal Research

https://malware.news/t/lazarus-group-attack-case-using-vulnerability-of-certificate-software-commonly-used-by-public-institutions-and-universities/67715

https://waawaa.github.io/en/Bypass-PPL-Using-Process-Explorer/

https://github.com/magicsword-io/LOLDrivers/issues/57

https://github.com/elastic/protections-artifacts/search?q=VulnDriver

https://github.com/Yaxser/Backstab/blob/master/resources/PROCEXP.sys

https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/

https://github.com/magicsword-io/LOLDrivers/issues/55#issuecomment-1537161951

Known Vulnerable Samples

Property	Value
Filename	procexp.Sys
Creation Timestamp	2020-04-27 01:35:06
MD5	e6cb1728c50bd020e531d19a14904e1c
SHA1	2dd916cb8a9973b5890829361c1f9c0d532ba5d6
SHA256	075de997497262a9d105afeadaaefc6348b25ce0e0126505c24aa9396c251e85
Authentihash MD5	fe54aac5dfae8729c48361d2ea4f7271
Authentihash SHA1	2a4e81a1d23e3b7d9c14b6fbc393ecfad5f34133
Authentihash SHA256	c5732937c3ab5e0fd244cc1b820eaa1fb7d97110c213cd6b9dadebafe3ea853d
RichPEHeaderHash MD5	420860e9f312122cbc3065cd4c79b0b8
RichPEHeaderHash SHA1	c4291fc018995b5847a846335c233b91b40f94a0
RichPEHeaderHash SHA256	931eddc74e60814089c8a5da745e1e2fbf6ddd99781ee273379c6debdb9a3ba7
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 330000009484c47568579aafe9000000000094

Field	Value
ToBeSigned (TBS) MD5	b46a69db7e461e55282dc24dc594e5d6
ToBeSigned (TBS) SHA1	3b19241d555a74781e2b63a7c14ad12b1ec68205
ToBeSigned (TBS) SHA256	2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
ValidFrom	2020-03-04 19:12:18
ValidTo	2021-03-03 19:12:18
Signature	36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	False
SerialNumber	330000009484c47568579aafe9000000000094
Version	3

Certificate 610baac1000000000009

Field	Value
ToBeSigned (TBS) MD5	a569061297e8e824767dbc3184a69bea
ToBeSigned (TBS) SHA1	adbb26a587a8f44b4fccaecb306f980d1c55a150
ToBeSigned (TBS) SHA256	cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
ValidFrom	2012-04-18 23:48:38
ValidTo	2027-04-18 23:58:38
Signature	5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	610baac1000000000009
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
PsGetVersion
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
RtlFreeUnicodeString
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2021-06-01 08:24:35
MD5	fea9319d67177ed6f36438d2bd9392fb
SHA1	db6170ee2ee0a3292deceb2fc88ef26d938ebf2d
SHA256	16a2e578bc8683f17a175480fea4f53c838cfae965f1d4caa47eaf9e0b3415c1
Authentihash MD5	fbc316e1e634e967c5413a200cde7ad6
Authentihash SHA1	a1dd17b946ade947b621e9fec4fe7ad0835f0ac9
Authentihash SHA256	4533a11f4f190354b749f2842b57233e5e9e8b37fa4031bcb976118cff902101
RichPEHeaderHash MD5	b9d3f09e377f3b150f32d6ebfb37c19c
RichPEHeaderHash SHA1	37b54bd186c5e76895c75551721d5f8432fb5d72
RichPEHeaderHash SHA256	7f2c741567540cfb1a1f6e79392080387d55b9cb524c21f80c1bf2dc75992c84
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 33000000b20f9ad86794f322f60000000000b2

Field	Value
ToBeSigned (TBS) MD5	b9dc0ff1a60c3aba24a78d505955bf39
ToBeSigned (TBS) SHA1	15a5da2c8aa2955af75615009d249071f91fd252
ToBeSigned (TBS) SHA256	ba7853f855ba7bc325287c11f5f7b20e013716affad372440feb2c3cf02f0bc5
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
ValidFrom	2020-12-15 22:15:30
ValidTo	2021-12-02 22:15:30
Signature	199acc6a8717c0db5b4b2312dccd8bb1e33ef492731fb8e1d60bd6f690de074b6d92293c8260012dcacc668a68f10e726a37d2ff7ee66b1eea424f56f104249bd6d7e7eba8c1745f4f1143bac7e648e48c1b2a1adf6954b5de1669df19c4be5633b791b7a3cba23641006fd58ac2d494a1d00dadbc3b3fe50a7ad0163cb386693824106b5dd9f9b8a579e45f5c5f8804832b8a773701e0ca31dee9a012fce5911492de93beea44a3822f7a83c448a484eeb937a4fa7f4067879b910e534c966d2650bd5c93f066656aa0f4c7c318161d4a8b367056df42af60a0aad0eb2de3bb47b96b948f2c849f330cfef599f1775bb6d41cf150decb40a83d5800727d977e
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	False
SerialNumber	33000000b20f9ad86794f322f60000000000b2
Version	3

Certificate 610baac1000000000009

Field	Value
ToBeSigned (TBS) MD5	a569061297e8e824767dbc3184a69bea
ToBeSigned (TBS) SHA1	adbb26a587a8f44b4fccaecb306f980d1c55a150
ToBeSigned (TBS) SHA256	cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
ValidFrom	2012-04-18 23:48:38
ValidTo	2027-04-18 23:58:38
Signature	5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	610baac1000000000009
Version	3

Imports

Expand

HAL.dll
ntoskrnl.exe

Imported Functions

Expand

KfRaiseIrql
KfLowerIrql
strncpy
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
SeCaptureSubjectContext
SeReleaseSubjectContext
PsGetVersion
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObCloseHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2010-04-15 03:23:35
MD5	eeb8e039f6d942538eb4b0252117899a
SHA1	bebf97411946749b9050989d9c40352dbe8269ea
SHA256	1b00d6e5d40b1b84ca63da0e99246574cdd2a533122bc83746f06c0d66e63a6e
Authentihash MD5	750ecd21c673a6fda9199887013d3751
Authentihash SHA1	82d3299c06b944895385fd2f3d9d18391273019d
Authentihash SHA256	8e38148ad4ed9946e8600b37f63996bf17c0101e3f50123b3b8513c895a4b521
RichPEHeaderHash MD5	39a696a518c3b3d973af323b4a784aa5
RichPEHeaderHash SHA1	82644e6d5011a7d16fc45795e5476d1a11fd42b3
RichPEHeaderHash SHA256	701cabcf5d588fd9a68480eb11798221b29fdb9be68cb9f919041e1af88534a8
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 4112e632c7b18a029a3a1fac803ab89f

Field	Value
ToBeSigned (TBS) MD5	55a4c08c9404782113330a8cd169ed20
ToBeSigned (TBS) SHA1	74807ba52ae6108b0fbac5031090b3295b2c3bba
ToBeSigned (TBS) SHA256	3fe3c656e859492b0d4bb2c4c2020ae816340f985e054239d3342ffb93269b16
Subject	C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
ValidFrom	2010-03-04 00:00:00
ValidTo	2013-04-18 23:59:59
Signature	699b1e86265a9879a822a8a6699a8c10445951bf2b4f573e73a1d61d4cb8279a8069fc69f009280908b49182f4701c7928c3c2b6d586365f50278ef35f08b6cdf8208a12e1ac531ef354a0ccd6e3e3f2f46cb624ad8e38a40143793950d6c4da6a9aeb3420d16f7edbf1e9394464e64dd68c3a227dc7e39217e3539b630ab82a9ffed252b8a89d32c2d373e53bbfc4d7110f58a7a8fb88fdb9d918251ad2a6e1315725007597a4492ee39b513e0dde05fe421fe4ef18cf7b86f5165ae71a6fe40948f0fa39e3a9d681be276f20295d2132e53043f5db8a1ed02ebbf7f32b574e95cb607aafac1ba41c77151ade1984532df7ac190fb57e17f730a197050c0e32
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	4112e632c7b18a029a3a1fac803ab89f
Version	3

Certificate 655226e1b22e18e1590f2985ac22e75c

Field	Value
ToBeSigned (TBS) MD5	650704c342850095f3288eaf791147d4
ToBeSigned (TBS) SHA1	4cdc38c800761463749c3cbd94a12f32e49877bf
ToBeSigned (TBS) SHA256	07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
Subject	C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2 CA
ValidFrom	2009-05-21 00:00:00
ValidTo	2019-05-20 23:59:59
Signature	8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	655226e1b22e18e1590f2985ac22e75c
Version	3

Certificate 610c120600000000001b

Field	Value
ToBeSigned (TBS) MD5	53c41bc1164e09e0cd1617a5bf913efd
ToBeSigned (TBS) SHA1	93c03aac8951d494ecd5696b1c08658541b18727
ToBeSigned (TBS) SHA256	40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
Subject	C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
ValidFrom	2006-05-23 17:01:29
ValidTo	2016-05-23 17:11:29
Signature	01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610c120600000000001b
Version	3

Imports

Expand

ntoskrnl.exe
HAL.dll

Imported Functions

Expand

ObQueryNameString
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQueryObject
KeDetachProcess
ObReferenceObjectByHandle
KeAttachProcess
ObfDereferenceObject
PsLookupProcessByProcessId
ZwClose
ZwDuplicateObject
ZwOpenProcess
ZwQuerySystemInformation
MmIsAddressValid
memset
ObOpenObjectByPointer
RtlUnicodeStringToAnsiString
NtClose
ZwOpenProcessToken
memcpy
IofCompleteRequest
SeReleaseSubjectContext
SePrivilegeCheck
ExGetPreviousMode
SeCaptureSubjectContext
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
NtBuildNumber
KeTickCount
KeBugCheckEx
strncpy
ZwQueryInformationProcess
RtlFreeAnsiString
RtlUnwind
KfLowerIrql
KfRaiseIrql

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2008-11-03 14:19:45
MD5	c56a9ed0192c5a2b39691e54f2132a2f
SHA1	9099482b26e9ba8e1d303418afc9111a3bffd6b3
SHA256	30abc0cc700fdebc74e62d574addc08f6227f9c7177d9eaa8cbc37d5c017c9bb
Authentihash MD5	eb6ceb9aa0eaedee2d112b167908e871
Authentihash SHA1	4d68ec346d13359525da958af0fada57bc9ff35a
Authentihash SHA256	7a4e4ee169fe0f1f079e5f5c1da38ea70fe717e728faf054deb180f9e37fe574
RichPEHeaderHash MD5	3ea5cd355cba9d9928873cdba35d4bcc
RichPEHeaderHash SHA1	b7e9df380d50227614a9745068a6b50c798b66f9
RichPEHeaderHash SHA256	b3da31bed27ae39b6fd4b9152315a2a81e444cdb54edb34eb6a583538717a4a1
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 4191a15a3978dfcf496566381d4c75c2

Field	Value
ToBeSigned (TBS) MD5	41011f8d0e7c7a6408334ca387914c61
ToBeSigned (TBS) SHA1	c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
ToBeSigned (TBS) SHA256	88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
Subject	C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
ValidFrom	2004-07-16 00:00:00
ValidTo	2014-07-15 23:59:59
Signature	ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	4191a15a3978dfcf496566381d4c75c2
Version	3

Certificate 7d2c89d309e57beef2d791bb8ed6a26f

Field	Value
ToBeSigned (TBS) MD5	ae18dfd140f9414eadf1f611ec1b84b7
ToBeSigned (TBS) SHA1	9aecb2568e995d5965e49acf3ff247bc3d1ab99c
ToBeSigned (TBS) SHA256	f14ce5fe5f508ced18d652e8211edb00c1c773899d03d18dec932df9c54f0a86
Subject	C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
ValidFrom	2007-03-05 00:00:00
ValidTo	2010-04-19 23:59:59
Signature	a1ce9df2911dc8d72282d3c41cc94a5ec63e00dbdf60015908bc703678b1a68e25d1ec5780e425ffb68e3e1bb0ea62cc9ba43c0e262cfa5f6c552458696acb67422328df20215aa22e5e8d4417d8688fcb06c1de0fe431e6811596fb0dcbe8678fe69098653687b041ab4eefd3181964c0a5225fe0a1606ff4c12c3f57d7e620860dcd66a8b856438dfb87d10e50beea9e838964d2584811fa83287ef363e88e4fc5b8d09f2fb4feeb7fd7f2a77661cb75ed56a0d3b60fdeed43674757704753721df8c8801ee85e4818fafb012399b1d36a8e17b8e40cbaa0fd891b6d2e0515dbd4d743e42eea35a9b191bf26a850eff41a5aa6d95790329c8a21a88c11faba
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	7d2c89d309e57beef2d791bb8ed6a26f
Version	3

Certificate 610c120600000000001b

Field	Value
ToBeSigned (TBS) MD5	53c41bc1164e09e0cd1617a5bf913efd
ToBeSigned (TBS) SHA1	93c03aac8951d494ecd5696b1c08658541b18727
ToBeSigned (TBS) SHA256	40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
Subject	C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
ValidFrom	2006-05-23 17:01:29
ValidTo	2016-05-23 17:11:29
Signature	01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610c120600000000001b
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

NtBuildNumber
ZwOpenProcess
PsLookupProcessByProcessId
ZwQueryInformationProcess
IoCreateSymbolicLink
RtlInitUnicodeString
MmIsAddressValid
IoDeleteDevice
ObfDereferenceObject
ExGetPreviousMode
IoCreateDevice
MmGetSystemRoutineAddress
ObOpenObjectByPointer
ZwQueryObject
RtlUnicodeStringToAnsiString
SePrivilegeCheck
ZwQuerySystemInformation
ZwOpenProcessToken
SeReleaseSubjectContext
KeDetachProcess
ObQueryNameString
strncpy
ExAllocatePool
SeCaptureSubjectContext
NtClose
ZwClose
IofCompleteRequest
ObReferenceObjectByHandle
IoDeleteSymbolicLink
ZwDuplicateObject
ExFreePoolWithTag
RtlFreeAnsiString
KeAttachProcess
KeBugCheckEx
__C_specific_handler

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
INIT
.rsrc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2019-06-13 07:35:39
MD5	6ff59faea912903af0ba8e80e58612bc
SHA1	736531c76b8d9c56e26561bf430e10ecabff0186
SHA256	3503ea284b6819f9cb43b3e94c0bb1bf5945ccb37be6a898387e215197a4792a
Authentihash MD5	8b8a646469bdd1bab7b402ac83dba4a5
Authentihash SHA1	075998a905d4afda2e1727f6f31030c4d126dcc5
Authentihash SHA256	083828dd2e4afe22f5d27b56bd7f5a60e43aea7ec8f8cb0a138be84ee639a09c
RichPEHeaderHash MD5	dd10afd0600f2236361f48592587474c
RichPEHeaderHash SHA1	0dbcc0d10e288b15aa0eda2aaffcd2a0edb7850b
RichPEHeaderHash SHA256	c834c4c8ac0c6f8457c4b833e5771b4f273ed815ab2d189a65c4afa9ca9e3975
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 33000001058eca29221e6a345b000000000105

Field	Value
ToBeSigned (TBS) MD5	31c86790d5106374a2387094c9e925f9
ToBeSigned (TBS) SHA1	02effd51d770a6881492009028d3e37d52a353ec
ToBeSigned (TBS) SHA256	4846d6d5238e9900fae36792af3ac2835f6f10aa18de48b558c676e94bb24e05
Subject	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Ireland Operations Limited, OU=Thales TSS ESN:3BD4,4B80,69C3, CN=Microsoft Time,Stamp service
ValidFrom	2018-08-23 20:20:24
ValidTo	2019-11-23 20:20:24
Signature	70b7312f4250cdf1d3def3c43951f5a88b8f263b88f82996cb1cdaa8c9fd2bc5cb16304482e1d4a3cd7c2680f316e8d04d560716707e31ee044018f77802b3e1620e9ddb7a9c4b7266af30fe4d6224225f47eaf7e9d4598e46e9069c9ecdd3c0500570cebcee298bec6254fcc5bf44c88b40b0b228839cf17e2c71689143f6558bcad70c395d627f74f7338012b15fd471a905d91b5a4b26aff62f1d0eef7131633d3b1423cd634e504b5bb9d8ad3ef506ef2ddd2d806c4df1b713395b2b17747e9e5afcaab83a1428b276c5ee6c4d9ec09ced00cc55888ce5ba6fec026cc4c502f7fe6ea6c8e101356f1b508e18b958d3b3bec3b629f1ff9c3ffedee98df4c4
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	33000001058eca29221e6a345b000000000105
Version	3

Certificate 33000000387a14cce6619d8c51000200000038

Field	Value
ToBeSigned (TBS) MD5	f9a6526d8f83e3d33d925ae95b752dca
ToBeSigned (TBS) SHA1	ad9f086d0642e3b5de60584c44123cf4603c4525
ToBeSigned (TBS) SHA256	7bdb7967d328a3a1cb2d2c4c7399633203668f9a86a271b277a218b639ad12ee
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
ValidFrom	2019-04-18 18:42:23
ValidTo	2020-03-27 18:42:23
Signature	5844e21f86b9788f56cd1d77f3f69287bb20fca894e9fedbba22b6bc952403a6b4c2cd38d003bfdd0ceb0ddcc583331efcad8b4be9516204983e26aaa15594ebc7b5784a3999aa9096a0d877371281c61840e4e57a2f4e33bcb554e3b1c25bcc71215544be72d254435aa7f462028722def36cb7819d9d746296b42f1e2dc0c6176f722fdc51d3913e1afdd3052cc50e1dc3f8dac1aaec4fc9b739973db14c1f1f68b5516a406994297ba034347c781323447d7e6c87dd73db025cea27bba00321aa12287daee740fd07040f293ead6d5f61bc0304daeebc847d5f4da6e712d2868d64a710212080c97dd804c265b6a60b368cceab6e1a4c81ba8361233a0ab2
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	33000000387a14cce6619d8c51000200000038
Version	3

Certificate 610435f1000000000041

Field	Value
ToBeSigned (TBS) MD5	77dab20d8e23cd8e18633adca506cf6e
ToBeSigned (TBS) SHA1	c5506bee3c29254dc5b5a0e6e7a14046522708ef
ToBeSigned (TBS) SHA256	611f1d188d7c39a400a01ee32e2c257be5082445ace6f59acd103a250cc2ec0f
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility PCA
ValidFrom	2018-09-20 17:42:01
ValidTo	2021-05-09 23:28:13
Signature	db595516f66f18e1341f22519cd75bdebec9fe22cf0da8b0b3d16c1da9a402d786bc566b40ee0bbcf93519de693d54a7d10a23c02dbc67986c390faf808cbc4adb87290c6336e5faf85d8f8c233ef9922fb1843a48a325954aeac902617af61fee0538540f210e1e96e2d2fbd710c3d9dcdee31f05054f429bacbd15eea95a19817a77c5be146a41a7307858ced3207157603c07b83c83ca0f35f77a632f148aa6dc8e0f947a8aaf6ad8c8d7c4490526c7f4f6ad021edb776725fe7dfb894a56d92fd032d2197c0e4edb995316a84d28109a61707230317c47c98b01093a263ebe5bcc278ffd669fd49fe1f51ac913b6c3cf714b5fc34381ee4996d59981421916414f0a902e76bd3b0399e4851a6084716df77ce405fe55a53be6f3c95f067a3f46ef77f7ad48d211cac1b08ab7964cfa9e8fdd336d2a84750021c76bffdc3de28b8d81b65134c9bdf6379fedf06b028f3ec0b6f5a6bb72c6745953ef43d67808d0bf11b7fa1d0a74b18f5e3b21f2e940ade8d052a9e19e9eb3bffbe9f5e8439a09ee26abf6d3e9528a1ef984617b5c33cf0d8d6e9daac74135d14fc21e82668e5b9075d3235eb988eec5fcac9753af2e343e2a1c88a19dc94ec1f11ae245eef3a76beccb5bb13fa9f39d9b04ffd6342cbc040e29a161d212d5b6a50c10be6f6b9e681d4747ac7bd030d75c18d61ec0ad03e3cecfc668c49424c26fd4de1072
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610435f1000000000041
Version	3

Certificate 6116683400000000001c

Field	Value
ToBeSigned (TBS) MD5	335713f62536c68d0acc82df3dceb932
ToBeSigned (TBS) SHA1	023cf1c5e99dc2f24133dae6937145bb481306e6
ToBeSigned (TBS) SHA256	65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time,Stamp PCA
ValidFrom	2007-04-03 12:53:09
ValidTo	2021-04-03 13:03:09
Signature	10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	6116683400000000001c
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
PsGetVersion
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
RtlFreeUnicodeString
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2012-06-16 15:21:56
MD5	8e78ab9b9709bafb11695a0a6eddeff9
SHA1	2f9b0cd96d961e49d5d3b416028fd3a0e43d6a28
SHA256	3c7e5b25a33a7805c999d318a9523fcae46695a89f55bbdb8bb9087360323dfc
Authentihash MD5	acacde5c8a3a37b4fa43d9b651df85ea
Authentihash SHA1	f14e20cea5fac19bca02f5b067d12a459a393467
Authentihash SHA256	c286dfac5ca413efeb1936e876688b6bd46d25dc64206f86efb4f52ad83d1889
RichPEHeaderHash MD5	78726760a9bf9be61589052b60d61ff2
RichPEHeaderHash SHA1	6667039bfab04d76be83ed4e99d280965f2a88b2
RichPEHeaderHash SHA256	5ebe6e73c02e720960a435c91c80679ee272f215795d3321969b72820365418e
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 4112e632c7b18a029a3a1fac803ab89f

Field	Value
ToBeSigned (TBS) MD5	55a4c08c9404782113330a8cd169ed20
ToBeSigned (TBS) SHA1	74807ba52ae6108b0fbac5031090b3295b2c3bba
ToBeSigned (TBS) SHA256	3fe3c656e859492b0d4bb2c4c2020ae816340f985e054239d3342ffb93269b16
Subject	C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
ValidFrom	2010-03-04 00:00:00
ValidTo	2013-04-18 23:59:59
Signature	699b1e86265a9879a822a8a6699a8c10445951bf2b4f573e73a1d61d4cb8279a8069fc69f009280908b49182f4701c7928c3c2b6d586365f50278ef35f08b6cdf8208a12e1ac531ef354a0ccd6e3e3f2f46cb624ad8e38a40143793950d6c4da6a9aeb3420d16f7edbf1e9394464e64dd68c3a227dc7e39217e3539b630ab82a9ffed252b8a89d32c2d373e53bbfc4d7110f58a7a8fb88fdb9d918251ad2a6e1315725007597a4492ee39b513e0dde05fe421fe4ef18cf7b86f5165ae71a6fe40948f0fa39e3a9d681be276f20295d2132e53043f5db8a1ed02ebbf7f32b574e95cb607aafac1ba41c77151ade1984532df7ac190fb57e17f730a197050c0e32
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	4112e632c7b18a029a3a1fac803ab89f
Version	3

Certificate 655226e1b22e18e1590f2985ac22e75c

Field	Value
ToBeSigned (TBS) MD5	650704c342850095f3288eaf791147d4
ToBeSigned (TBS) SHA1	4cdc38c800761463749c3cbd94a12f32e49877bf
ToBeSigned (TBS) SHA256	07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
Subject	C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2 CA
ValidFrom	2009-05-21 00:00:00
ValidTo	2019-05-20 23:59:59
Signature	8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	655226e1b22e18e1590f2985ac22e75c
Version	3

Certificate 610c120600000000001b

Field	Value
ToBeSigned (TBS) MD5	53c41bc1164e09e0cd1617a5bf913efd
ToBeSigned (TBS) SHA1	93c03aac8951d494ecd5696b1c08658541b18727
ToBeSigned (TBS) SHA256	40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
Subject	C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
ValidFrom	2006-05-23 17:01:29
ValidTo	2016-05-23 17:11:29
Signature	01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610c120600000000001b
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

ObfDereferenceObject
ObOpenObjectByPointer
ObReferenceObjectByHandle
__C_specific_handler
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ObQueryNameString
ExFreePoolWithTag
strlen
strncpy
wcslen
ExAllocatePoolWithTag
ZwQueryObject
KeUnstackDetachProcess
KeStackAttachProcess
PsLookupProcessByProcessId
ZwClose
ZwDuplicateObject
ZwOpenProcess
ObCloseHandle
IoFileObjectType
ZwQuerySystemInformation
MmIsAddressValid
PsThreadType
ZwQueryInformationProcess
PsProcessType
KeWaitForSingleObject
ZwOpenProcessToken
IofCompleteRequest
SeReleaseSubjectContext
SePrivilegeCheck
ExGetPreviousMode
SeCaptureSubjectContext
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ObOpenObjectByName
IoCreateSymbolicLink
MmGetSystemRoutineAddress
NtBuildNumber
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2010-03-30 18:27:21
MD5	a91a1bc393971a662a3210dac8c17dfd
SHA1	e4fcb363cfe9de0e32096fa5be94a41577a89bb0
SHA256	3ff39728f1c11d1108f65ec5eb3d722fd1a1279c530d79712e0d32b34880baaa
Authentihash MD5	455eb57840b64c8fe0d942ea5da23c6b
Authentihash SHA1	aa8756d00691d3d8959b68c3626ba896cc2709fb
Authentihash SHA256	1a902521c5f82ad9acac815229a00e6ed9137b8d49106b64147b088ff89d0f01
RichPEHeaderHash MD5	0d2827279de53381241bc9e2f3cd3b37
RichPEHeaderHash SHA1	553d0e9497ca6fab0cfe6e576e55a0a8727856c3
RichPEHeaderHash SHA256	6b3aa920729075ad11455f6df6ce1cece1555725d1b570f61aef163ade76c2d3
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 4191a15a3978dfcf496566381d4c75c2

Field	Value
ToBeSigned (TBS) MD5	41011f8d0e7c7a6408334ca387914c61
ToBeSigned (TBS) SHA1	c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
ToBeSigned (TBS) SHA256	88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
Subject	C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
ValidFrom	2004-07-16 00:00:00
ValidTo	2014-07-15 23:59:59
Signature	ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	4191a15a3978dfcf496566381d4c75c2
Version	3

Certificate 7d2c89d309e57beef2d791bb8ed6a26f

Field	Value
ToBeSigned (TBS) MD5	ae18dfd140f9414eadf1f611ec1b84b7
ToBeSigned (TBS) SHA1	9aecb2568e995d5965e49acf3ff247bc3d1ab99c
ToBeSigned (TBS) SHA256	f14ce5fe5f508ced18d652e8211edb00c1c773899d03d18dec932df9c54f0a86
Subject	C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
ValidFrom	2007-03-05 00:00:00
ValidTo	2010-04-19 23:59:59
Signature	a1ce9df2911dc8d72282d3c41cc94a5ec63e00dbdf60015908bc703678b1a68e25d1ec5780e425ffb68e3e1bb0ea62cc9ba43c0e262cfa5f6c552458696acb67422328df20215aa22e5e8d4417d8688fcb06c1de0fe431e6811596fb0dcbe8678fe69098653687b041ab4eefd3181964c0a5225fe0a1606ff4c12c3f57d7e620860dcd66a8b856438dfb87d10e50beea9e838964d2584811fa83287ef363e88e4fc5b8d09f2fb4feeb7fd7f2a77661cb75ed56a0d3b60fdeed43674757704753721df8c8801ee85e4818fafb012399b1d36a8e17b8e40cbaa0fd891b6d2e0515dbd4d743e42eea35a9b191bf26a850eff41a5aa6d95790329c8a21a88c11faba
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	7d2c89d309e57beef2d791bb8ed6a26f
Version	3

Certificate 610c120600000000001b

Field	Value
ToBeSigned (TBS) MD5	53c41bc1164e09e0cd1617a5bf913efd
ToBeSigned (TBS) SHA1	93c03aac8951d494ecd5696b1c08658541b18727
ToBeSigned (TBS) SHA256	40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
Subject	C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
ValidFrom	2006-05-23 17:01:29
ValidTo	2016-05-23 17:11:29
Signature	01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610c120600000000001b
Version	3

Imports

Expand

ntoskrnl.exe
HAL.dll

Imported Functions

Expand

ObQueryNameString
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQueryObject
KeDetachProcess
ObReferenceObjectByHandle
KeAttachProcess
ObfDereferenceObject
PsLookupProcessByProcessId
ZwClose
ZwDuplicateObject
ZwOpenProcess
ZwQuerySystemInformation
MmIsAddressValid
memset
ObOpenObjectByPointer
RtlUnicodeStringToAnsiString
NtClose
ZwOpenProcessToken
memcpy
IofCompleteRequest
SeReleaseSubjectContext
SePrivilegeCheck
ExGetPreviousMode
SeCaptureSubjectContext
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
MmGetSystemRoutineAddress
NtBuildNumber
KeTickCount
KeBugCheckEx
strncpy
ZwQueryInformationProcess
RtlFreeAnsiString
RtlUnwind
ZwSetSecurityObject
IoDeviceObjectType
IoCreateDevice
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
KfLowerIrql
KfRaiseIrql

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2011-12-30 16:49:03
MD5	e4a0bba88605d4c07b58a2cc3fac0fe9
SHA1	ac31d15851c0af14d60cfce23f00c4b7887d3cb7
SHA256	46621554728bc55438c7c241137af401250f062edef6e7efecf1a6f0f6d0c1f7
Authentihash MD5	24263d0e152884eb7d180070164830c8
Authentihash SHA1	929c28f99d550278415c7087b71511e44439a41c
Authentihash SHA256	b4f9272894f926d4f3b957fca673140a3a24dc896f1a49badaa1e04687b223cd
RichPEHeaderHash MD5	06af0fa035494c3b0a64ed4d30b92a1d
RichPEHeaderHash SHA1	a28ec273392c9087398ad288220d05f5a05bfd73
RichPEHeaderHash SHA256	dc52d97ba63a84b49265c1c6d9a802ee7e0d3151f917ed1a9840711caddb6fd5
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 4112e632c7b18a029a3a1fac803ab89f

Field	Value
ToBeSigned (TBS) MD5	55a4c08c9404782113330a8cd169ed20
ToBeSigned (TBS) SHA1	74807ba52ae6108b0fbac5031090b3295b2c3bba
ToBeSigned (TBS) SHA256	3fe3c656e859492b0d4bb2c4c2020ae816340f985e054239d3342ffb93269b16
Subject	C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
ValidFrom	2010-03-04 00:00:00
ValidTo	2013-04-18 23:59:59
Signature	699b1e86265a9879a822a8a6699a8c10445951bf2b4f573e73a1d61d4cb8279a8069fc69f009280908b49182f4701c7928c3c2b6d586365f50278ef35f08b6cdf8208a12e1ac531ef354a0ccd6e3e3f2f46cb624ad8e38a40143793950d6c4da6a9aeb3420d16f7edbf1e9394464e64dd68c3a227dc7e39217e3539b630ab82a9ffed252b8a89d32c2d373e53bbfc4d7110f58a7a8fb88fdb9d918251ad2a6e1315725007597a4492ee39b513e0dde05fe421fe4ef18cf7b86f5165ae71a6fe40948f0fa39e3a9d681be276f20295d2132e53043f5db8a1ed02ebbf7f32b574e95cb607aafac1ba41c77151ade1984532df7ac190fb57e17f730a197050c0e32
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	4112e632c7b18a029a3a1fac803ab89f
Version	3

Certificate 655226e1b22e18e1590f2985ac22e75c

Field	Value
ToBeSigned (TBS) MD5	650704c342850095f3288eaf791147d4
ToBeSigned (TBS) SHA1	4cdc38c800761463749c3cbd94a12f32e49877bf
ToBeSigned (TBS) SHA256	07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
Subject	C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2 CA
ValidFrom	2009-05-21 00:00:00
ValidTo	2019-05-20 23:59:59
Signature	8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	655226e1b22e18e1590f2985ac22e75c
Version	3

Certificate 610c120600000000001b

Field	Value
ToBeSigned (TBS) MD5	53c41bc1164e09e0cd1617a5bf913efd
ToBeSigned (TBS) SHA1	93c03aac8951d494ecd5696b1c08658541b18727
ToBeSigned (TBS) SHA256	40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
Subject	C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
ValidFrom	2006-05-23 17:01:29
ValidTo	2016-05-23 17:11:29
Signature	01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610c120600000000001b
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

ObfDereferenceObject
ObOpenObjectByPointer
ObReferenceObjectByHandle
__C_specific_handler
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ObQueryNameString
ExFreePoolWithTag
strlen
strncpy
wcslen
ExAllocatePoolWithTag
ZwQueryObject
KeDetachProcess
KeAttachProcess
PsLookupProcessByProcessId
ZwClose
ZwDuplicateObject
ZwOpenProcess
ZwQuerySystemInformation
MmIsAddressValid
ZwQueryInformationProcess
KeWaitForSingleObject
NtClose
ZwOpenProcessToken
IofCompleteRequest
SeReleaseSubjectContext
SePrivilegeCheck
ExGetPreviousMode
SeCaptureSubjectContext
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
MmGetSystemRoutineAddress
NtBuildNumber
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2011-04-25 12:19:41
MD5	880686bceaf66bfde3c80569eb1ebfa7
SHA1	10b9ae9286837b3bf6a00771c7e81adbdea3cbfe
SHA256	51e91dd108d974ae809e5fc23f6fbd16e13f672f86aa594dae4a5c4bc629b0b5
Authentihash MD5	5d265a745ca048fb2ee0a59cc7ffc8aa
Authentihash SHA1	e5d5076fca6ed125d14d9f70fff802a1fa992ac6
Authentihash SHA256	17bdeeb4447f0758c3720991d3ed43a405efb49fd2cdbb37f7b5feb349693acb
RichPEHeaderHash MD5	64b3eb9ab6aa05642765b3ed3433f961
RichPEHeaderHash SHA1	33d624aacacbef6591bd60b851034a7b14fac938
RichPEHeaderHash SHA256	ec592d4c182b05a26b286d78201e870e091c9d6d98f5eade5a48be6a060f5ba9
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 4112e632c7b18a029a3a1fac803ab89f

Field	Value
ToBeSigned (TBS) MD5	55a4c08c9404782113330a8cd169ed20
ToBeSigned (TBS) SHA1	74807ba52ae6108b0fbac5031090b3295b2c3bba
ToBeSigned (TBS) SHA256	3fe3c656e859492b0d4bb2c4c2020ae816340f985e054239d3342ffb93269b16
Subject	C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
ValidFrom	2010-03-04 00:00:00
ValidTo	2013-04-18 23:59:59
Signature	699b1e86265a9879a822a8a6699a8c10445951bf2b4f573e73a1d61d4cb8279a8069fc69f009280908b49182f4701c7928c3c2b6d586365f50278ef35f08b6cdf8208a12e1ac531ef354a0ccd6e3e3f2f46cb624ad8e38a40143793950d6c4da6a9aeb3420d16f7edbf1e9394464e64dd68c3a227dc7e39217e3539b630ab82a9ffed252b8a89d32c2d373e53bbfc4d7110f58a7a8fb88fdb9d918251ad2a6e1315725007597a4492ee39b513e0dde05fe421fe4ef18cf7b86f5165ae71a6fe40948f0fa39e3a9d681be276f20295d2132e53043f5db8a1ed02ebbf7f32b574e95cb607aafac1ba41c77151ade1984532df7ac190fb57e17f730a197050c0e32
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	4112e632c7b18a029a3a1fac803ab89f
Version	3

Certificate 655226e1b22e18e1590f2985ac22e75c

Field	Value
ToBeSigned (TBS) MD5	650704c342850095f3288eaf791147d4
ToBeSigned (TBS) SHA1	4cdc38c800761463749c3cbd94a12f32e49877bf
ToBeSigned (TBS) SHA256	07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
Subject	C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2 CA
ValidFrom	2009-05-21 00:00:00
ValidTo	2019-05-20 23:59:59
Signature	8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	655226e1b22e18e1590f2985ac22e75c
Version	3

Certificate 610c120600000000001b

Field	Value
ToBeSigned (TBS) MD5	53c41bc1164e09e0cd1617a5bf913efd
ToBeSigned (TBS) SHA1	93c03aac8951d494ecd5696b1c08658541b18727
ToBeSigned (TBS) SHA256	40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
Subject	C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
ValidFrom	2006-05-23 17:01:29
ValidTo	2016-05-23 17:11:29
Signature	01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610c120600000000001b
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

ExAllocatePoolWithTag
IoDeleteSymbolicLink
ExFreePoolWithTag
NtBuildNumber
PsLookupProcessByProcessId
RtlInitUnicodeString
IoDeleteDevice
ExGetPreviousMode
MmGetSystemRoutineAddress
ZwQueryObject
RtlUnicodeStringToAnsiString
ZwQuerySystemInformation
ZwOpenProcessToken
SeReleaseSubjectContext
KeDetachProcess
ObQueryNameString
strncpy
SeCaptureSubjectContext
NtClose
ZwClose
IofCompleteRequest
ObReferenceObjectByHandle
ZwDuplicateObject
RtlFreeAnsiString
KeAttachProcess
ZwOpenProcess
ZwQueryInformationProcess
IoCreateSymbolicLink
MmIsAddressValid
ObfDereferenceObject
ObOpenObjectByPointer
SePrivilegeCheck
KeBugCheckEx
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
__C_specific_handler

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2015-05-10 22:52:10
MD5	ad03f225247b58a57584b40a4d1746d3
SHA1	e525f54b762c10703c975132e8fc21b6cd88d39b
SHA256	59b09bd69923c0b3de3239e73205b1846a5f69043546d471b259887bb141d879
Authentihash MD5	9e4c2a2e8832f10ecdd2be70eb6bc300
Authentihash SHA1	2b15e90dc654ce779bd460787352639768cd8baa
Authentihash SHA256	26536758c2247b6251a342d2e80de1753c006a0dce9b3b8a6a5b1d3110c8fc34
RichPEHeaderHash MD5	a052ed4e5d10c66e3e667a42fcdcc54a
RichPEHeaderHash SHA1	04b9d41ef58b5aaaca72f0ce222a8adfbe8ad251
RichPEHeaderHash SHA256	c254feaf8c3e788a6ec9d41de0d7bad054f4347a8347d6806840cd1d9030ed4a
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b

Field	Value
ToBeSigned (TBS) MD5	d0785ad36e427c92b19f6826ab1e8020
ToBeSigned (TBS) SHA1	365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
ToBeSigned (TBS) SHA256	c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
Subject	C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
ValidFrom	2012-12-21 00:00:00
ValidTo	2020-12-30 23:59:59
Signature	03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	7e93ebfb7cc64e59ea4b9a77d406fc3b
Version	3

Certificate 0ecff438c8febf356e04d86a981b1a50

Field	Value
ToBeSigned (TBS) MD5	e9d38360b914c8863f6cba3ee58764d3
ToBeSigned (TBS) SHA1	4cba8eae47b6bf76f20b3504b98b8f062694a89b
ToBeSigned (TBS) SHA256	88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
Subject	C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
ValidFrom	2012-10-18 00:00:00
ValidTo	2020-12-29 23:59:59
Signature	783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	0ecff438c8febf356e04d86a981b1a50
Version	3

Certificate 1efd983a49d3f152ac9cd2941b8a0edd

Field	Value
ToBeSigned (TBS) MD5	1b7ca026e68405de56477b5b7bb3a0a5
ToBeSigned (TBS) SHA1	b2a1bd13d8833154f02e51e25c9f023d54a27d21
ToBeSigned (TBS) SHA256	2018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
Subject	C=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Sysinternals
ValidFrom	2013-04-06 00:00:00
ValidTo	2016-05-05 23:59:59
Signature	dcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	1efd983a49d3f152ac9cd2941b8a0edd
Version	3

Certificate 611993e400000000001c

Field	Value
ToBeSigned (TBS) MD5	78a717e082dcc1cda3458d917e677d14
ToBeSigned (TBS) SHA1	4a872e0e51f9b304469cd1dedb496ee9b8b983a4
ToBeSigned (TBS) SHA256	317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
Subject	C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
ValidFrom	2011-02-22 19:25:17
ValidTo	2021-02-22 19:35:17
Signature	812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	611993e400000000001c
Version	3

Certificate 5200e5aa2556fc1a86ed96c9d44b33c7

Field	Value
ToBeSigned (TBS) MD5	b30c31a572b0409383ed3fbe17e56e81
ToBeSigned (TBS) SHA1	4843a82ed3b1f2bfbee9671960e1940c942f688d
ToBeSigned (TBS) SHA256	03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
Subject	C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
ValidFrom	2010-02-08 00:00:00
ValidTo	2020-02-07 23:59:59
Signature	5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	5200e5aa2556fc1a86ed96c9d44b33c7
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
NtBuildNumber
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2013-10-20 18:16:05
MD5	90f8c1b76f786814d03ef4c51d4abb6d
SHA1	d1c38145addfed1bcd1b400334ff5a5e2ef9a5c6
SHA256	6bfc0f425de9f4e7480aa2d1f2e08892d0553ed0df1c31e9bf3d8d702f38fa2e
Authentihash MD5	028b8d642c1c76b18b74f3e0f76b3522
Authentihash SHA1	1aa871802d7278272172d9d7faabf8c8292996a3
Authentihash SHA256	76adb3fa346058e95ba3fd549fd48a15adaf4920a3109391f52053ebf39e62cc
RichPEHeaderHash MD5	0d17e05fea90e97edacc66532133bb1a
RichPEHeaderHash SHA1	876c6595954f77341bcd153315bd7806af4a7230
RichPEHeaderHash SHA256	219a730631a67f4dcd6e2fc1f918f2532698dde1bb734391fe323b69b7349edd
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 1efd983a49d3f152ac9cd2941b8a0edd

Field	Value
ToBeSigned (TBS) MD5	1b7ca026e68405de56477b5b7bb3a0a5
ToBeSigned (TBS) SHA1	b2a1bd13d8833154f02e51e25c9f023d54a27d21
ToBeSigned (TBS) SHA256	2018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
Subject	C=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Sysinternals
ValidFrom	2013-04-06 00:00:00
ValidTo	2016-05-05 23:59:59
Signature	dcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	1efd983a49d3f152ac9cd2941b8a0edd
Version	3

Certificate 611993e400000000001c

Field	Value
ToBeSigned (TBS) MD5	78a717e082dcc1cda3458d917e677d14
ToBeSigned (TBS) SHA1	4a872e0e51f9b304469cd1dedb496ee9b8b983a4
ToBeSigned (TBS) SHA256	317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
Subject	C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
ValidFrom	2011-02-22 19:25:17
ValidTo	2021-02-22 19:35:17
Signature	812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	611993e400000000001c
Version	3

Certificate 5200e5aa2556fc1a86ed96c9d44b33c7

Field	Value
ToBeSigned (TBS) MD5	b30c31a572b0409383ed3fbe17e56e81
ToBeSigned (TBS) SHA1	4843a82ed3b1f2bfbee9671960e1940c942f688d
ToBeSigned (TBS) SHA256	03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
Subject	C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
ValidFrom	2010-02-08 00:00:00
ValidTo	2020-02-07 23:59:59
Signature	5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	5200e5aa2556fc1a86ed96c9d44b33c7
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

ObfDereferenceObject
ObOpenObjectByPointer
ObReferenceObjectByHandle
__C_specific_handler
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ObQueryNameString
ExFreePoolWithTag
strlen
strncpy
wcslen
ExAllocatePoolWithTag
ZwQueryObject
KeUnstackDetachProcess
KeStackAttachProcess
PsLookupProcessByProcessId
ZwClose
ZwDuplicateObject
ZwOpenProcess
ObCloseHandle
IoFileObjectType
ZwQuerySystemInformation
MmIsAddressValid
PsThreadType
ZwQueryInformationProcess
PsProcessType
KeWaitForSingleObject
ZwOpenProcessToken
IofCompleteRequest
SeReleaseSubjectContext
SePrivilegeCheck
ExGetPreviousMode
SeCaptureSubjectContext
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ObOpenObjectByName
IoCreateSymbolicLink
MmGetSystemRoutineAddress
NtBuildNumber
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2018-11-09 12:21:38
MD5	f9d04e99e4cab90973226a4555bc6d57
SHA1	96ec8c16f6a54b48e9a7f0d0416a529f4bf9ac11
SHA256	6e944ae1bfe43a8a7cd2ea65e518a30172ce8f31223bdfd39701b2cb41d8a9e7
Authentihash MD5	8e66ec7a60a2b67386516a2e9a236d6b
Authentihash SHA1	07dfb6fe9b3876c0e1b1cda010cb3cc24ff2ce25
Authentihash SHA256	6b3316496ab1e2d1ef02be966d9caa171674856e8fb8ea78d6a3bcfe8e2013c1
RichPEHeaderHash MD5	b304340f5a584624dcd7df388088259e
RichPEHeaderHash SHA1	60b9485e04a7fd71335816953eeb57cabab0866d
RichPEHeaderHash SHA256	7d5b2828aba79fcf1d98ba371f54c4ecb1fe7f56fdfad814e98a1074f3ec01bf
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 33000000f6380d9a86d05ca43b0000000000f6

Field	Value
ToBeSigned (TBS) MD5	3094214121c022fb9a5e410920d5eb96
ToBeSigned (TBS) SHA1	388c68e81cfc19e838d5070ac4e6793b32bfd293
ToBeSigned (TBS) SHA256	0fe53b3d3a84a2b9768554a34a64622ed13cd1b915bdacdc4955e12cc24b4da9
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Operations Puerto Rico, OU=Thales TSS ESN:BBEC,30CA,2DBE, CN=Microsoft Time,Stamp Service
ValidFrom	2018-08-23 20:20:02
ValidTo	2019-11-23 20:20:02
Signature	18296d831c69501fcc0fba56af62fea612d3e1df8e88026af0152c003451479cc1ed1574a00da10660272dc5dd446a18c647b100a47b4c65d0ab4004131aebb3c988b6937214ee9dc7c2e381988b8fe0582c47fa97c21c9b0f11e198b8449015b171f00cb487241b0e339902adfd55f0adbc38b374e77f6daa6e5868b6197ba2122f927de072de2aa467f3175f948d3c29dacac8c697f26e08d840876c6c919bc522b59cf1fb5ee1b23bd9047b02b3a9edd5b1ad4b3be3bf7dec5a093e5732f75c5389eb28c6f95f1bd1c81381e96725eaf4df641c32aed1e77a8fdcdaa360c4b39c6257c5c14c57dc1a380e165cc2f3bfffc9c9ce9d36907e2c74cafdd5f722
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	33000000f6380d9a86d05ca43b0000000000f6
Version	3

Certificate 33000000317c61d46115ceba6a000100000031

Field	Value
ToBeSigned (TBS) MD5	9a2de17c0445f3e68c9315347b5805f8
ToBeSigned (TBS) SHA1	df228171e01e890d9b69a749887197af4a3f7602
ToBeSigned (TBS) SHA256	4a7311ef8dd289fa50df104e89c167449e87034901503c7e9423ee9e90d5c528
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
ValidFrom	2018-06-08 17:24:26
ValidTo	2019-05-29 17:24:26
Signature	507e1dabe5c8a200d7b848d718478b9b2278f88da52f23c4c297c0694d76611430bff53bbe64c2bf85fa5ed551cef1d014dcf7f38109ebb5d8474c628715d4c10dd49f303cbe25aaca38d589b581c1e9786abfb23e79aa332cca8ddeeae9958623887375b40836c23f972646b8b8eac96f0b3dcbc88d56062c54a14d1e7f52ed4eb9d6e0e876fab6029355c1c7f791c63ce9ecfe5d78ffb5ba3ffb21fa78edca381c8717d1c23d01c3f0aa36cb01434f68c981c5924f04089d731c26846e466255679fab67bdfc16ab0debbc2d17f9458dcf4176ac6d63e1bb673a2d7daec55618183ae25d420dc2f7874c295fd7a4afef5cf609247c7c50f75aba8f0195fe03
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	33000000317c61d46115ceba6a000100000031
Version	3

Certificate 33000000382e50e86a989d957f000000000038

Field	Value
ToBeSigned (TBS) MD5	cfa5fa49250320f7a3473a82877fabf3
ToBeSigned (TBS) SHA1	6b3242a9a639b0da4d5882c7eeb402be6615ad0c
ToBeSigned (TBS) SHA256	8e7c756d4597e8cca0f627d75647e2f9d5a693f1f263b193347066d214c1d4db
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility PCA
ValidFrom	2012-06-04 21:05:46
ValidTo	2020-06-04 21:15:46
Signature	0ddf98999318a11f177ab1350fbf36a767f19aae9d2b6878f00df46be551e1a2006c7df64f549376a929c92d15cb1e84bfdedb53638c99f519ebc1e0c1316929f808feeb4098a1742a085e1db5f064b29e45d51ec082db948d6627c5c13d8cec31a94e2682c2e3a11d1f795957b5959e2bf15735f165ee532336fd7250472f564b110c033165e9d151e84cbb18166c479bf193ccad7afb4e0a5a7df5554673eebd9cc7e95616c5bdc1f4323698f67e624e5de547179ee8a2ef1a036f6b536790d8b798deb565279a2ef7d60698683e5725829050744c79f570a60ad5a2a42dca8663b4aa403a43ce41ed76053d509dbefe0af8be00a703439e7e30f82c43d04cd5e4e5ccfea8bc7e0d827c931a327b5f60db68d61592a9644fb73be812ed2e8191add55e535695cdeb5791e290e1a2c8a926252280385d048812e033225d8490263e4fdc36ab70425923a78d6aa13ac6f71d126f1110faf5cf3c3f18802621c55edac43561d9002b0cb0287ee37f2ac7159f7f09fee67f8701ed0f39d50e1b9dfeaf16116af301d0c01bde1439992300df9e47077d6293691cbdc4aaa6fcbac071fea8b8f3aec9034128334ac15358409b8b8371503d9fba3f2c884fc648b05b3908ed710ae26c7509ef1253d60fc19641209f4f88d0695992bcf2555e799086f929121acd378057c6d3c68b9b2b63378701a9ccba6e50c0c80c77cd0a53799e
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	33000000382e50e86a989d957f000000000038
Version	3

Certificate 6116683400000000001c

Field	Value
ToBeSigned (TBS) MD5	335713f62536c68d0acc82df3dceb932
ToBeSigned (TBS) SHA1	023cf1c5e99dc2f24133dae6937145bb481306e6
ToBeSigned (TBS) SHA256	65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time,Stamp PCA
ValidFrom	2007-04-03 12:53:09
ValidTo	2021-04-03 13:03:09
Signature	10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	6116683400000000001c
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
PsGetVersion
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2019-06-28 15:02:57
MD5	659a59d7e26b7730361244e12201378e
SHA1	c21510569fd84a5fe04508aa28e3cf9c8cc45b7a
SHA256	77950e2a40ac0447ae7ee1ee3ef1242ce22796a157074e6f04e345b1956e143c
Authentihash MD5	3798eddcccab7da4682f64997533d27d
Authentihash SHA1	0d753c1d21c4e6c6eb74d3436eb4c5f376cc7364
Authentihash SHA256	a4859c5456d03f799de89d2f8cbb36b4518259a6c7c0bc909b1fd16f48363d5a
RichPEHeaderHash MD5	dd10afd0600f2236361f48592587474c
RichPEHeaderHash SHA1	0dbcc0d10e288b15aa0eda2aaffcd2a0edb7850b
RichPEHeaderHash SHA256	c834c4c8ac0c6f8457c4b833e5771b4f273ed815ab2d189a65c4afa9ca9e3975
Company	Sysinternals - www.sysinternals.com
Description
Product
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 3300000109e219d6f9b8a4bebf000000000109

Field	Value
ToBeSigned (TBS) MD5	10a173441d459944d30bbcfc69f7521b
ToBeSigned (TBS) SHA1	500cf2d67d9e3b7c31b2a65d4f121f7201cade0e
ToBeSigned (TBS) SHA256	1994223eadaccd1eaf27c1a3e90dd6142a4ceb8f8fafe5109e2accbccc60e4ed
Subject	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Ireland Operations Limited, OU=Thales TSS ESN:86DF,4BBC,9335, CN=Microsoft Time,Stamp service
ValidFrom	2018-08-23 20:20:28
ValidTo	2019-11-23 20:20:28
Signature	9d7642feb515917887e958cc8890ccc717f8b1b164f2248f2657c2dd3bc82767e8a80b860b39f6469c373f7db0e6bf50975f396197e28b8b47b1c36014316a5fecd78d4528fe00e0c5a92321319a4be66b2359c99f01a27514f95879324fc6c121d6958cade3c4e366f75ebd979c4ee701a63655ae846982f63439c44099f0a18de3b3d9ae023e8c5c49406c94c556a7dee459a92b543f395dde5cfe106e0540f7710430d130862c6693445d18efaac409f2cd7d319e21a12c5184e767993562b324ff9db371cce7a932d3be5ee3396cf1864a609bbe6ebcf8834cbb11c44729119a6a5abc5e3ef8947dcb0bc6b554217a3e39a079e4bd733dc46b77b8f39a3c
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	3300000109e219d6f9b8a4bebf000000000109
Version	3

Certificate 33000000387a14cce6619d8c51000200000038

Field	Value
ToBeSigned (TBS) MD5	f9a6526d8f83e3d33d925ae95b752dca
ToBeSigned (TBS) SHA1	ad9f086d0642e3b5de60584c44123cf4603c4525
ToBeSigned (TBS) SHA256	7bdb7967d328a3a1cb2d2c4c7399633203668f9a86a271b277a218b639ad12ee
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
ValidFrom	2019-04-18 18:42:23
ValidTo	2020-03-27 18:42:23
Signature	5844e21f86b9788f56cd1d77f3f69287bb20fca894e9fedbba22b6bc952403a6b4c2cd38d003bfdd0ceb0ddcc583331efcad8b4be9516204983e26aaa15594ebc7b5784a3999aa9096a0d877371281c61840e4e57a2f4e33bcb554e3b1c25bcc71215544be72d254435aa7f462028722def36cb7819d9d746296b42f1e2dc0c6176f722fdc51d3913e1afdd3052cc50e1dc3f8dac1aaec4fc9b739973db14c1f1f68b5516a406994297ba034347c781323447d7e6c87dd73db025cea27bba00321aa12287daee740fd07040f293ead6d5f61bc0304daeebc847d5f4da6e712d2868d64a710212080c97dd804c265b6a60b368cceab6e1a4c81ba8361233a0ab2
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	33000000387a14cce6619d8c51000200000038
Version	3

Certificate 610435f1000000000041

Field	Value
ToBeSigned (TBS) MD5	77dab20d8e23cd8e18633adca506cf6e
ToBeSigned (TBS) SHA1	c5506bee3c29254dc5b5a0e6e7a14046522708ef
ToBeSigned (TBS) SHA256	611f1d188d7c39a400a01ee32e2c257be5082445ace6f59acd103a250cc2ec0f
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility PCA
ValidFrom	2018-09-20 17:42:01
ValidTo	2021-05-09 23:28:13
Signature	db595516f66f18e1341f22519cd75bdebec9fe22cf0da8b0b3d16c1da9a402d786bc566b40ee0bbcf93519de693d54a7d10a23c02dbc67986c390faf808cbc4adb87290c6336e5faf85d8f8c233ef9922fb1843a48a325954aeac902617af61fee0538540f210e1e96e2d2fbd710c3d9dcdee31f05054f429bacbd15eea95a19817a77c5be146a41a7307858ced3207157603c07b83c83ca0f35f77a632f148aa6dc8e0f947a8aaf6ad8c8d7c4490526c7f4f6ad021edb776725fe7dfb894a56d92fd032d2197c0e4edb995316a84d28109a61707230317c47c98b01093a263ebe5bcc278ffd669fd49fe1f51ac913b6c3cf714b5fc34381ee4996d59981421916414f0a902e76bd3b0399e4851a6084716df77ce405fe55a53be6f3c95f067a3f46ef77f7ad48d211cac1b08ab7964cfa9e8fdd336d2a84750021c76bffdc3de28b8d81b65134c9bdf6379fedf06b028f3ec0b6f5a6bb72c6745953ef43d67808d0bf11b7fa1d0a74b18f5e3b21f2e940ade8d052a9e19e9eb3bffbe9f5e8439a09ee26abf6d3e9528a1ef984617b5c33cf0d8d6e9daac74135d14fc21e82668e5b9075d3235eb988eec5fcac9753af2e343e2a1c88a19dc94ec1f11ae245eef3a76beccb5bb13fa9f39d9b04ffd6342cbc040e29a161d212d5b6a50c10be6f6b9e681d4747ac7bd030d75c18d61ec0ad03e3cecfc668c49424c26fd4de1072
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610435f1000000000041
Version	3

Certificate 6116683400000000001c

Field	Value
ToBeSigned (TBS) MD5	335713f62536c68d0acc82df3dceb932
ToBeSigned (TBS) SHA1	023cf1c5e99dc2f24133dae6937145bb481306e6
ToBeSigned (TBS) SHA256	65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time,Stamp PCA
ValidFrom	2007-04-03 12:53:09
ValidTo	2021-04-03 13:03:09
Signature	10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	6116683400000000001c
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
PsGetVersion
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
RtlFreeUnicodeString
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2021-05-26 08:02:20
MD5	da6f7407c4656a2dbaf16a407aff1a38
SHA1	ed40c1f7da98634869b415530e250f4a665a8c48
SHA256	7a48f92a9c2d95a72e18055cac28c1e7e6cad5f47aa735cbea5c3b82813ccfaf
Authentihash MD5	4eae8421b149baa7d0ce15a86470cde2
Authentihash SHA1	af5ff77f2106b31a8e433c3689b6a65628c2dfce
Authentihash SHA256	19d579e5a08bcb524405bdcbd2ea7247548af9f23ce64582a5be5ae3f184ad23
RichPEHeaderHash MD5	bc95ff65f30c5f18added29541a58004
RichPEHeaderHash SHA1	39d8ca8b59d6aabc2fd11a6fc0d2559dde8e6812
RichPEHeaderHash SHA256	067c4b33292a48a07d12538a048b2c4e9919fff8dc21aad0acdb7ad87549082d
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 33000000b20f9ad86794f322f60000000000b2

Field	Value
ToBeSigned (TBS) MD5	b9dc0ff1a60c3aba24a78d505955bf39
ToBeSigned (TBS) SHA1	15a5da2c8aa2955af75615009d249071f91fd252
ToBeSigned (TBS) SHA256	ba7853f855ba7bc325287c11f5f7b20e013716affad372440feb2c3cf02f0bc5
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
ValidFrom	2020-12-15 22:15:30
ValidTo	2021-12-02 22:15:30
Signature	199acc6a8717c0db5b4b2312dccd8bb1e33ef492731fb8e1d60bd6f690de074b6d92293c8260012dcacc668a68f10e726a37d2ff7ee66b1eea424f56f104249bd6d7e7eba8c1745f4f1143bac7e648e48c1b2a1adf6954b5de1669df19c4be5633b791b7a3cba23641006fd58ac2d494a1d00dadbc3b3fe50a7ad0163cb386693824106b5dd9f9b8a579e45f5c5f8804832b8a773701e0ca31dee9a012fce5911492de93beea44a3822f7a83c448a484eeb937a4fa7f4067879b910e534c966d2650bd5c93f066656aa0f4c7c318161d4a8b367056df42af60a0aad0eb2de3bb47b96b948f2c849f330cfef599f1775bb6d41cf150decb40a83d5800727d977e
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	False
SerialNumber	33000000b20f9ad86794f322f60000000000b2
Version	3

Certificate 610baac1000000000009

Field	Value
ToBeSigned (TBS) MD5	a569061297e8e824767dbc3184a69bea
ToBeSigned (TBS) SHA1	adbb26a587a8f44b4fccaecb306f980d1c55a150
ToBeSigned (TBS) SHA256	cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
ValidFrom	2012-04-18 23:48:38
ValidTo	2027-04-18 23:58:38
Signature	5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	610baac1000000000009
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
PsGetVersion
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
RtlFreeUnicodeString
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2010-03-30 18:30:49
MD5	6b3abe55c4d39e305a11b4d1091dfaac
SHA1	1c537fd17836283364349475c6138e6667cf1164
SHA256	86721ee8161096348ed3dbe1ccbf933ae004c315b1691745a8af4a0df9fed675
Authentihash MD5	4b64921bd05ed4a30830f23facb43bde
Authentihash SHA1	3d9be989fbb447bbf7e4b081d9ee4d9b025476c3
Authentihash SHA256	e2e351efd57c89bc0c7b9d4d440113304d0b8a4c88cdf0126442171aa50634d4
RichPEHeaderHash MD5	d70cbc6a63dcac0a6b5a8131d93c00ad
RichPEHeaderHash SHA1	d3b960226f06fd1b9f08ce080b16d649416e75a3
RichPEHeaderHash SHA256	90085a27428def469bdd2805cc61cde09cc3e95404d6f69ed6c328f0d0e97d9c
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 4191a15a3978dfcf496566381d4c75c2

Field	Value
ToBeSigned (TBS) MD5	41011f8d0e7c7a6408334ca387914c61
ToBeSigned (TBS) SHA1	c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
ToBeSigned (TBS) SHA256	88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
Subject	C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
ValidFrom	2004-07-16 00:00:00
ValidTo	2014-07-15 23:59:59
Signature	ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	4191a15a3978dfcf496566381d4c75c2
Version	3

Certificate 7d2c89d309e57beef2d791bb8ed6a26f

Field	Value
ToBeSigned (TBS) MD5	ae18dfd140f9414eadf1f611ec1b84b7
ToBeSigned (TBS) SHA1	9aecb2568e995d5965e49acf3ff247bc3d1ab99c
ToBeSigned (TBS) SHA256	f14ce5fe5f508ced18d652e8211edb00c1c773899d03d18dec932df9c54f0a86
Subject	C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
ValidFrom	2007-03-05 00:00:00
ValidTo	2010-04-19 23:59:59
Signature	a1ce9df2911dc8d72282d3c41cc94a5ec63e00dbdf60015908bc703678b1a68e25d1ec5780e425ffb68e3e1bb0ea62cc9ba43c0e262cfa5f6c552458696acb67422328df20215aa22e5e8d4417d8688fcb06c1de0fe431e6811596fb0dcbe8678fe69098653687b041ab4eefd3181964c0a5225fe0a1606ff4c12c3f57d7e620860dcd66a8b856438dfb87d10e50beea9e838964d2584811fa83287ef363e88e4fc5b8d09f2fb4feeb7fd7f2a77661cb75ed56a0d3b60fdeed43674757704753721df8c8801ee85e4818fafb012399b1d36a8e17b8e40cbaa0fd891b6d2e0515dbd4d743e42eea35a9b191bf26a850eff41a5aa6d95790329c8a21a88c11faba
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	7d2c89d309e57beef2d791bb8ed6a26f
Version	3

Certificate 610c120600000000001b

Field	Value
ToBeSigned (TBS) MD5	53c41bc1164e09e0cd1617a5bf913efd
ToBeSigned (TBS) SHA1	93c03aac8951d494ecd5696b1c08658541b18727
ToBeSigned (TBS) SHA256	40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
Subject	C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
ValidFrom	2006-05-23 17:01:29
ValidTo	2016-05-23 17:11:29
Signature	01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610c120600000000001b
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

ExAllocatePoolWithTag
IoDeleteSymbolicLink
ExFreePoolWithTag
NtBuildNumber
PsLookupProcessByProcessId
RtlInitUnicodeString
IoDeleteDevice
ExGetPreviousMode
MmGetSystemRoutineAddress
ZwQueryObject
RtlUnicodeStringToAnsiString
ZwQuerySystemInformation
ZwOpenProcessToken
SeReleaseSubjectContext
KeDetachProcess
ObQueryNameString
strncpy
SeCaptureSubjectContext
NtClose
ZwClose
IofCompleteRequest
ObReferenceObjectByHandle
ZwDuplicateObject
RtlFreeAnsiString
KeRaiseIrql
KeAttachProcess
KeLowerIrql
ZwOpenProcess
ZwQueryInformationProcess
IoCreateSymbolicLink
MmIsAddressValid
ObfDereferenceObject
ObOpenObjectByPointer
SePrivilegeCheck
KeTickCount
KeBugCheckEx
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
__C_specific_handler

Exported Functions

Expand

Sections

Expand

.text
.rdata
.pdata
.srdata
.sdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2017-04-30 17:23:14
MD5	cec257dcac9e708cefb17f8984dd0a70
SHA1	da361c56c18ea98e1c442aac7c322ff20f64486b
SHA256	88e2e6a705d3fb71b966d9fb46dc5a4b015548daf585fb54dfcd81dc0bd3ebdc
Authentihash MD5	df8e20e6fb1d2a22135e155763bf9588
Authentihash SHA1	1915e95974b6f75f4793e81b85e148ebdaa35515
Authentihash SHA256	0c2d8e8487de5e7749f9899f6fefa6e7d40b394479449b5027a895392af23349
RichPEHeaderHash MD5	a052ed4e5d10c66e3e667a42fcdcc54a
RichPEHeaderHash SHA1	04b9d41ef58b5aaaca72f0ce222a8adfbe8ad251
RichPEHeaderHash SHA256	c254feaf8c3e788a6ec9d41de0d7bad054f4347a8347d6806840cd1d9030ed4a
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 33000000cccbb813eb5d722d450000000000cc

Field	Value
ToBeSigned (TBS) MD5	b23d5388c0fa7b32ff0a91fccb5cce6d
ToBeSigned (TBS) SHA1	ab5d6cc2d03e34f4fe2e51fa524401d5806f9a9f
ToBeSigned (TBS) SHA256	a072644961dcfa16259c4aac9cb7faf1431c48b41f616551827dd3f41a849976
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, OU=nCipher DSE ESN:148C,C4B9,2066, CN=Microsoft Time,Stamp Service
ValidFrom	2016-09-07 17:58:56
ValidTo	2018-09-07 17:58:56
Signature	96812d8a1bf7a71c8efb5c46a525ff9d7e890e935f85a824261bfa37f7b0cb6040b77890b3e9081ff67fcbae65e3dff7049d8c2bb648f16dd4fc7abc9cac5e4d81eeb45e611dc0f06d12b2852ffe709d163a7776daf7966db190c536c2fe4ec7804ee097fed2f4fdfacdcf6cb9cf64afc68d427589d5921b4b0aa5782aee6a52c3d495ee32238dd3346eea41776c4b08a7e87318d88abe546095a20bc0b491bfffe85f3f24bfe7d46af54f2ee665d8858d6e050442314d4debd049c0aad3affced1c0292ee0bd015d69162c651a0411aa503fc5140b2daba2de3e6a18a7897a28d84b34498136392f6d486dbb95e9aac8ad98692642f4e7d42880a0458239a22
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	33000000cccbb813eb5d722d450000000000cc
Version	3

Certificate 33000000244d59538809906ea7000100000024

Field	Value
ToBeSigned (TBS) MD5	16a85b0d3a49b45acb03c9165240f78a
ToBeSigned (TBS) SHA1	d21820acd2d9a023556d949773b2177b63552ea3
ToBeSigned (TBS) SHA256	0c0eaf6cf17b0b0a74d5a8f6286ec93e43001ee82f2481278e009c57366c63d5
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows Hardware Compatibility Publisher
ValidFrom	2016-10-12 20:32:53
ValidTo	2018-01-05 20:32:53
Signature	9fcff5d0683abc4c8daea4cc93841a3b037f2512114b780e6d1d0baf20ca63f15baf12e15392d0952d7ad3d6e270182085d8dd2a78af8a585f557506c975546138a087c58dcac5b9e5879a21dcaf4f026b9a97dc57c5b8a7e85f57861dedf618421b036a4b332cd12a4f6e2aba0aa1ff5249e9d93d7669d13eba761d5dddd495b86ac46eac38f724f525060c90079045e305a8ee0ccb626e4cd6722decd56f824d6e36eca2016fcbccf5479e9df7b3b123f6d1aa429d73808cf59f65b75e7f2da16f7d5c81b05430dc587c008f3fbf5afc42c99cf40b7f2ea7b27a314c22cb33eb2ebadfe904b7b6ea40f57eee80cc058229a617e31dead3909aad73885d21e7
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	33000000244d59538809906ea7000100000024
Version	3

Certificate 33000000382e50e86a989d957f000000000038

Field	Value
ToBeSigned (TBS) MD5	cfa5fa49250320f7a3473a82877fabf3
ToBeSigned (TBS) SHA1	6b3242a9a639b0da4d5882c7eeb402be6615ad0c
ToBeSigned (TBS) SHA256	8e7c756d4597e8cca0f627d75647e2f9d5a693f1f263b193347066d214c1d4db
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility PCA
ValidFrom	2012-06-04 21:05:46
ValidTo	2020-06-04 21:15:46
Signature	0ddf98999318a11f177ab1350fbf36a767f19aae9d2b6878f00df46be551e1a2006c7df64f549376a929c92d15cb1e84bfdedb53638c99f519ebc1e0c1316929f808feeb4098a1742a085e1db5f064b29e45d51ec082db948d6627c5c13d8cec31a94e2682c2e3a11d1f795957b5959e2bf15735f165ee532336fd7250472f564b110c033165e9d151e84cbb18166c479bf193ccad7afb4e0a5a7df5554673eebd9cc7e95616c5bdc1f4323698f67e624e5de547179ee8a2ef1a036f6b536790d8b798deb565279a2ef7d60698683e5725829050744c79f570a60ad5a2a42dca8663b4aa403a43ce41ed76053d509dbefe0af8be00a703439e7e30f82c43d04cd5e4e5ccfea8bc7e0d827c931a327b5f60db68d61592a9644fb73be812ed2e8191add55e535695cdeb5791e290e1a2c8a926252280385d048812e033225d8490263e4fdc36ab70425923a78d6aa13ac6f71d126f1110faf5cf3c3f18802621c55edac43561d9002b0cb0287ee37f2ac7159f7f09fee67f8701ed0f39d50e1b9dfeaf16116af301d0c01bde1439992300df9e47077d6293691cbdc4aaa6fcbac071fea8b8f3aec9034128334ac15358409b8b8371503d9fba3f2c884fc648b05b3908ed710ae26c7509ef1253d60fc19641209f4f88d0695992bcf2555e799086f929121acd378057c6d3c68b9b2b63378701a9ccba6e50c0c80c77cd0a53799e
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	33000000382e50e86a989d957f000000000038
Version	3

Certificate 6116683400000000001c

Field	Value
ToBeSigned (TBS) MD5	335713f62536c68d0acc82df3dceb932
ToBeSigned (TBS) SHA1	023cf1c5e99dc2f24133dae6937145bb481306e6
ToBeSigned (TBS) SHA256	65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time,Stamp PCA
ValidFrom	2007-04-03 12:53:09
ValidTo	2021-04-03 13:03:09
Signature	10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	6116683400000000001c
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
NtBuildNumber
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2014-07-08 00:28:27
MD5	bf74d0706f5ab9c34067192260f4efb0
SHA1	6b090c558b877b6abb0d1051610cadbc6335ecbb
SHA256	89b9823ed974a5b71de8468324d45b7e9d6dc914f93615ba86c6209b25b3cbf7
Authentihash MD5	c292f0024a454f42fba117b3505b12e9
Authentihash SHA1	d9ebe7ff8318eeece457fc72bec2b582d3350b61
Authentihash SHA256	f0fb06748758082263e252050904f2fd8a29a77ae71dfdb390346bd2046ebfd4
RichPEHeaderHash MD5	aff0aa7b20b4b7a5a981901f3d77237c
RichPEHeaderHash SHA1	263eefe8940d88cce62ddce6fba55eacf2b36ab8
RichPEHeaderHash SHA256	205571b9130bfcc537bcf92e2898431e4afb0dfeabff2c2079146702745ea250
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b

Field	Value
ToBeSigned (TBS) MD5	d0785ad36e427c92b19f6826ab1e8020
ToBeSigned (TBS) SHA1	365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
ToBeSigned (TBS) SHA256	c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
Subject	C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
ValidFrom	2012-12-21 00:00:00
ValidTo	2020-12-30 23:59:59
Signature	03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	7e93ebfb7cc64e59ea4b9a77d406fc3b
Version	3

Certificate 0ecff438c8febf356e04d86a981b1a50

Field	Value
ToBeSigned (TBS) MD5	e9d38360b914c8863f6cba3ee58764d3
ToBeSigned (TBS) SHA1	4cba8eae47b6bf76f20b3504b98b8f062694a89b
ToBeSigned (TBS) SHA256	88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
Subject	C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
ValidFrom	2012-10-18 00:00:00
ValidTo	2020-12-29 23:59:59
Signature	783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	0ecff438c8febf356e04d86a981b1a50
Version	3

Certificate 1efd983a49d3f152ac9cd2941b8a0edd

Field	Value
ToBeSigned (TBS) MD5	1b7ca026e68405de56477b5b7bb3a0a5
ToBeSigned (TBS) SHA1	b2a1bd13d8833154f02e51e25c9f023d54a27d21
ToBeSigned (TBS) SHA256	2018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
Subject	C=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Sysinternals
ValidFrom	2013-04-06 00:00:00
ValidTo	2016-05-05 23:59:59
Signature	dcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	1efd983a49d3f152ac9cd2941b8a0edd
Version	3

Certificate 611993e400000000001c

Field	Value
ToBeSigned (TBS) MD5	78a717e082dcc1cda3458d917e677d14
ToBeSigned (TBS) SHA1	4a872e0e51f9b304469cd1dedb496ee9b8b983a4
ToBeSigned (TBS) SHA256	317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
Subject	C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
ValidFrom	2011-02-22 19:25:17
ValidTo	2021-02-22 19:35:17
Signature	812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	611993e400000000001c
Version	3

Certificate 5200e5aa2556fc1a86ed96c9d44b33c7

Field	Value
ToBeSigned (TBS) MD5	b30c31a572b0409383ed3fbe17e56e81
ToBeSigned (TBS) SHA1	4843a82ed3b1f2bfbee9671960e1940c942f688d
ToBeSigned (TBS) SHA256	03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
Subject	C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
ValidFrom	2010-02-08 00:00:00
ValidTo	2020-02-07 23:59:59
Signature	5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	5200e5aa2556fc1a86ed96c9d44b33c7
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
NtBuildNumber
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2021-06-01 08:24:37
MD5	92927c47d6ff139c9b19674c9d0088f6
SHA1	a98734cd388f5b4b3caca5ce61cb03b05a8ad570
SHA256	98a123b314cba2de65f899cdbfa386532f178333389e0f0fbd544aff85be02eb
Authentihash MD5	26f48296b5ef64120e55008690060a6e
Authentihash SHA1	8d59ed924e8c76b0ab8b7ee653510f43062eaa3e
Authentihash SHA256	cd1beb64cd67169d57ca4dbc602a94f74891962221bb49c09abf3339ce35bc90
RichPEHeaderHash MD5	bc95ff65f30c5f18added29541a58004
RichPEHeaderHash SHA1	39d8ca8b59d6aabc2fd11a6fc0d2559dde8e6812
RichPEHeaderHash SHA256	067c4b33292a48a07d12538a048b2c4e9919fff8dc21aad0acdb7ad87549082d
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 33000000b20f9ad86794f322f60000000000b2

Field	Value
ToBeSigned (TBS) MD5	b9dc0ff1a60c3aba24a78d505955bf39
ToBeSigned (TBS) SHA1	15a5da2c8aa2955af75615009d249071f91fd252
ToBeSigned (TBS) SHA256	ba7853f855ba7bc325287c11f5f7b20e013716affad372440feb2c3cf02f0bc5
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
ValidFrom	2020-12-15 22:15:30
ValidTo	2021-12-02 22:15:30
Signature	199acc6a8717c0db5b4b2312dccd8bb1e33ef492731fb8e1d60bd6f690de074b6d92293c8260012dcacc668a68f10e726a37d2ff7ee66b1eea424f56f104249bd6d7e7eba8c1745f4f1143bac7e648e48c1b2a1adf6954b5de1669df19c4be5633b791b7a3cba23641006fd58ac2d494a1d00dadbc3b3fe50a7ad0163cb386693824106b5dd9f9b8a579e45f5c5f8804832b8a773701e0ca31dee9a012fce5911492de93beea44a3822f7a83c448a484eeb937a4fa7f4067879b910e534c966d2650bd5c93f066656aa0f4c7c318161d4a8b367056df42af60a0aad0eb2de3bb47b96b948f2c849f330cfef599f1775bb6d41cf150decb40a83d5800727d977e
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	False
SerialNumber	33000000b20f9ad86794f322f60000000000b2
Version	3

Certificate 610baac1000000000009

Field	Value
ToBeSigned (TBS) MD5	a569061297e8e824767dbc3184a69bea
ToBeSigned (TBS) SHA1	adbb26a587a8f44b4fccaecb306f980d1c55a150
ToBeSigned (TBS) SHA256	cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
ValidFrom	2012-04-18 23:48:38
ValidTo	2027-04-18 23:58:38
Signature	5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	610baac1000000000009
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
PsGetVersion
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
RtlFreeUnicodeString
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2015-12-05 14:43:50
MD5	2e219df70fccb79351f0452cba86623e
SHA1	2740cd167a9ccb81c8e8719ce0d2ae31babc631c
SHA256	9d5ebd0f4585ec20a5fe3c5276df13ece5a2645d3d6f70cedcda979bd1248fc2
Authentihash MD5	0f461053add90ebe0bac9e8be9d9a8e5
Authentihash SHA1	5b27248685b909d5ae4c8ec77e2d3dcb02d6cc4b
Authentihash SHA256	cddd341f267a6094f7bd7d1b56427ebc029ccb348e7f0714d9301c2c67fdd5df
RichPEHeaderHash MD5	2730904f5b7710d90214612e812b40e7
RichPEHeaderHash SHA1	816b6dc12f26d2e229f388b1b6332983f6f84435
RichPEHeaderHash SHA256	a9105aa56ee389cdb89ef2b3cf9ddbf176c8d60493879497875b6db003a3ebbc
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b

Field	Value
ToBeSigned (TBS) MD5	d0785ad36e427c92b19f6826ab1e8020
ToBeSigned (TBS) SHA1	365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
ToBeSigned (TBS) SHA256	c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
Subject	C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
ValidFrom	2012-12-21 00:00:00
ValidTo	2020-12-30 23:59:59
Signature	03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	7e93ebfb7cc64e59ea4b9a77d406fc3b
Version	3

Certificate 6a0b994fc0004aab11df8adce1e027aa

Field	Value
ToBeSigned (TBS) MD5	8ee8b5683b30c385e8f50ba39c817ecf
ToBeSigned (TBS) SHA1	0bead658f967af350cfce561ac851470f0bea7a7
ToBeSigned (TBS) SHA256	09763f5805c8295309022c7ef0dab73421a992d49902824b93a2a39f639c1ae7
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Test PCA
ValidFrom	2010-05-10 07:00:00
ValidTo	2020-12-29 07:00:00
Signature	a5e89be29a34018c5eb99e6500101e7bde49d04c42f76ece04cacdaaac0de80f586b1ba7bbc841d892fe7477ab3c28f2a507ca45c4e65cfe487d0add256644c366d8f417666a7f11e622a8c31b09663524d9da9f092f3576291e00a4186ae9c857d0af477baa74d02fa3bbbb1f13e37dcd2855295be421278d806e2d597c72ff42aab3fef101b0bfd34d94e14a54f1394a541d08ee74119115dc5079db43cd1cad7ca84c57f843f68ef6f75e1d917e0ddbb1b6724be9a53df535c8cb77f59eb4
SignatureAlgorithmOID	1.3.14.3.2.29
IsCertificateAuthority	True
SerialNumber	6a0b994fc0004aab11df8adce1e027aa
Version	3

Certificate 0ecff438c8febf356e04d86a981b1a50

Field	Value
ToBeSigned (TBS) MD5	e9d38360b914c8863f6cba3ee58764d3
ToBeSigned (TBS) SHA1	4cba8eae47b6bf76f20b3504b98b8f062694a89b
ToBeSigned (TBS) SHA256	88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
Subject	C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
ValidFrom	2012-10-18 00:00:00
ValidTo	2020-12-29 23:59:59
Signature	783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	0ecff438c8febf356e04d86a981b1a50
Version	3

Certificate 3300000021dd626c1271c15d6f000100000021

Field	Value
ToBeSigned (TBS) MD5	af75bafa171badc569c547f8cb748b04
ToBeSigned (TBS) SHA1	ca9e1727c61692a1894e9f78f646a34f1a4046c1
ToBeSigned (TBS) SHA256	6f3fc63b80ab900fb038ca2bff158a031615bf33c8e4a069e309e7985b30f9ca
Subject	DC=com, DC=microsoft, DC=corp, DC=redmond, CN=MSIT Test CodeSign CA 2
ValidFrom	2014-01-03 23:17:17
ValidTo	2018-01-03 23:17:17
Signature	600ff8df535a796bbfced445b646d9269fe514eabe10b53277af5085fa3e5e54e21e649f474d88898b7a3dc3256b7397224f7055466bc237465c153b87ee9529e08a3f0d2076719b25f9b3bb421b3ba628448696e986ee3a204078c0c2652735080ef7577a6b3e47a09174e5e863929dac616d67a63f6741a99f7ad7647a3ce18fb9541cb3b79b96ac18e68af065442cad6915e597b2758f33957345c682658eefc1da2f56580b15630e4e0dbeeadbe57bffb975fdbedcde81ed18bc34562ab05d52f9005126dd43a5a5ea46b0a6ec62d3a040c0f804650cabb2f8fd55e7cb7108172f71fee99a648a869fb1d73e9fc2700a6efad07bad0aa21be22e8ea8914e
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	3300000021dd626c1271c15d6f000100000021
Version	3

Certificate 77005ec5ff32646dcbf76aac900003005ec5ff

Field	Value
ToBeSigned (TBS) MD5	d47b1f71468f38d938a59072612c5a81
ToBeSigned (TBS) SHA1	f029c7017324e858115d76088dd21ab0106145d2
ToBeSigned (TBS) SHA256	400790acf2a3847c7021865e7213b25eec9b9354cf5ec47ec1d3cadf2e8be539
Subject	CN=Mark Russinovich
ValidFrom	2015-06-30 15:50:49
ValidTo	2016-06-29 15:50:49
Signature	a5e48ed2bb14b9940826f88cb72b09bf1cd99dcf8f9816164bb14db8dc7805b2b1aa0e197e3dbc2ca73d591759a93077ea140b9d62d80e29b1d3bfdd9cbe8055064139c70256c5d4ca4f7a23671a00a94963ed2fccf1a618391343b96cabe8c075be2b6ffa0dc0f1ffc2d832185f3010fd555d1d8a7ec669dd872eb8856624f480a3ed5ad27ddcf485fe761ecea5f90754d956f07132ac9e68e78c84f875fe72790c6581a6e22d1d0ab22f637b87668d930f664299dbf1ca09d65647521fff791d3ca79fe2dc01c8d97d41a8332bc383eac81578243ebde8c9ff1f6a87bea0b1eeda190920d020e775b6216d04cb9dcbdcd299745e5fbcb91d919a7d41d61125
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	77005ec5ff32646dcbf76aac900003005ec5ff
Version	3

Imports

Expand

ntoskrnl.exe
HAL.dll

Imported Functions

Expand

RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
ZwOpenProcess
RtlInitUnicodeString
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
memcpy
memset
IoFileObjectType
PsProcessType
PsThreadType
NtBuildNumber
strncpy
KeStackAttachProcess
memmove
ZwSetSecurityObject
IoDeviceObjectType
IoCreateDevice
RtlUnwind
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
KeTickCount
KeBugCheckEx
KfLowerIrql
KfRaiseIrql

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2006-01-06 15:04:34
MD5	0ef05030abd55ba6b02faa2c0970f67f
SHA1	f6d826d73bf819dbc9a058f2b55c88d6d4b634e3
SHA256	bced04bdefad6a08c763265d6993f07aa2feb57d33ed057f162a947cf0e6668f
Authentihash MD5	82ece436a712985b767d42a178872ab3
Authentihash SHA1	e7bedb9528d3da5e7e161a14db260140a02facca
Authentihash SHA256	d28acafeb6a85294d2672fa894a2934599713aa9ce1b21184dc1ec34131af7bb
RichPEHeaderHash MD5	7ed4474ed84b1f8f736a1628b81bd13c
RichPEHeaderHash SHA1	4456cd303246bff5ac1095977b7c56a1c4ba02fa
RichPEHeaderHash SHA256	1379bea6cc6236eca70f97ba7fc73338ade1f24a85c4bf1c08992e573a48fad2
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 4191a15a3978dfcf496566381d4c75c2

Field	Value
ToBeSigned (TBS) MD5	41011f8d0e7c7a6408334ca387914c61
ToBeSigned (TBS) SHA1	c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
ToBeSigned (TBS) SHA256	88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
Subject	C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
ValidFrom	2004-07-16 00:00:00
ValidTo	2014-07-15 23:59:59
Signature	ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	4191a15a3978dfcf496566381d4c75c2
Version	3

Certificate 610c120600000000001b

Field	Value
ToBeSigned (TBS) MD5	53c41bc1164e09e0cd1617a5bf913efd
ToBeSigned (TBS) SHA1	93c03aac8951d494ecd5696b1c08658541b18727
ToBeSigned (TBS) SHA256	40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
Subject	C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
ValidFrom	2006-05-23 17:01:29
ValidTo	2016-05-23 17:11:29
Signature	01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610c120600000000001b
Version	3

Certificate 75c1a798b875894335c78cddbf05cbff

Field	Value
ToBeSigned (TBS) MD5	a41a1fbfc85b812b2a1570204015b8b4
ToBeSigned (TBS) SHA1	a7e0f6ba7402a18a3a4e861e57a3ffacb582e8c0
ToBeSigned (TBS) SHA256	c770e31a5ae65a0ae2b2b2c550ebaa2aa3594d872c08b31dde6d8105fc8b6687
Subject	C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
ValidFrom	2006-02-02 00:00:00
ValidTo	2007-04-04 23:59:59
Signature	5af17754974b15636dc46a7e5295ee11668ae831cec469f15925a66f796b3aa4f912b02278957d3faf1a4df6a88b6e4720c082286400fcf2ca9b56c64197ff5c13a01dd81af41255c57cd1acf1cd790b613446332e716235469f0b2fd62d02d3ebea5965dcb2c6bc7e389e09308a895ef339ff981c4f3c8f5c8d907df45d44eb385e787cfded041491e9d72532a9ef8c8ee1d3931583c078656d1ce3d0316d8806faa8921b4837f0b5f0af1a50b2a798904ebde9bb438b06e2558c97a56145614d7e32193dcc85482bbaf4cc632094946b45ff6c1fde47cc0808344ec175d3555b66ebedd451d88e6bbf3463faf9bf65a0595d37d9e2033ae65ab7e08e081078
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	75c1a798b875894335c78cddbf05cbff
Version	3

Imports

Expand

ntoskrnl.exe
HAL.dll

Imported Functions

Expand

ObQueryNameString
ZwClose
ZwDuplicateObject
ZwOpenProcess
KeDetachProcess
ObfDereferenceObject
ObReferenceObjectByHandle
KeAttachProcess
PsLookupProcessByProcessId
MmIsAddressValid
ObOpenObjectByPointer
ZwQueryInformationProcess
NtBuildNumber
RtlUnicodeStringToAnsiString
IofCompleteRequest
SeReleaseSubjectContext
SePrivilegeCheck
ExGetPreviousMode
SeCaptureSubjectContext
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
ExAllocatePoolWithTag
RtlUnwind
strncpy
ZwOpenProcessToken
RtlFreeAnsiString
KfLowerIrql
KfRaiseIrql

Exported Functions

Expand

Sections

Expand

.text
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2008-07-21 14:42:49
MD5	b7ca4c32c844df9b61634052ae276387
SHA1	6df6d5b30d04b9adb9d2c99de18ed108b011d52b
SHA256	bdbceca41e576841cad2f2b38ee6dbf92fd77fbbfdfe6ecf99f0623d44ef182c
Authentihash MD5	1694c87131cee15e63d71936859506b8
Authentihash SHA1	5eb106f413ad1d8de4c04661a1c5162410164d50
Authentihash SHA256	120f7983011211e6740d7a3a4cd2354507866ef7d36a48e2e3a9bd5b52c21c8a
RichPEHeaderHash MD5	3ea5cd355cba9d9928873cdba35d4bcc
RichPEHeaderHash SHA1	b7e9df380d50227614a9745068a6b50c798b66f9
RichPEHeaderHash SHA256	b3da31bed27ae39b6fd4b9152315a2a81e444cdb54edb34eb6a583538717a4a1
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 4191a15a3978dfcf496566381d4c75c2

Field	Value
ToBeSigned (TBS) MD5	41011f8d0e7c7a6408334ca387914c61
ToBeSigned (TBS) SHA1	c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
ToBeSigned (TBS) SHA256	88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
Subject	C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
ValidFrom	2004-07-16 00:00:00
ValidTo	2014-07-15 23:59:59
Signature	ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	4191a15a3978dfcf496566381d4c75c2
Version	3

Certificate 7d2c89d309e57beef2d791bb8ed6a26f

Field	Value
ToBeSigned (TBS) MD5	ae18dfd140f9414eadf1f611ec1b84b7
ToBeSigned (TBS) SHA1	9aecb2568e995d5965e49acf3ff247bc3d1ab99c
ToBeSigned (TBS) SHA256	f14ce5fe5f508ced18d652e8211edb00c1c773899d03d18dec932df9c54f0a86
Subject	C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
ValidFrom	2007-03-05 00:00:00
ValidTo	2010-04-19 23:59:59
Signature	a1ce9df2911dc8d72282d3c41cc94a5ec63e00dbdf60015908bc703678b1a68e25d1ec5780e425ffb68e3e1bb0ea62cc9ba43c0e262cfa5f6c552458696acb67422328df20215aa22e5e8d4417d8688fcb06c1de0fe431e6811596fb0dcbe8678fe69098653687b041ab4eefd3181964c0a5225fe0a1606ff4c12c3f57d7e620860dcd66a8b856438dfb87d10e50beea9e838964d2584811fa83287ef363e88e4fc5b8d09f2fb4feeb7fd7f2a77661cb75ed56a0d3b60fdeed43674757704753721df8c8801ee85e4818fafb012399b1d36a8e17b8e40cbaa0fd891b6d2e0515dbd4d743e42eea35a9b191bf26a850eff41a5aa6d95790329c8a21a88c11faba
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	7d2c89d309e57beef2d791bb8ed6a26f
Version	3

Certificate 610c120600000000001b

Field	Value
ToBeSigned (TBS) MD5	53c41bc1164e09e0cd1617a5bf913efd
ToBeSigned (TBS) SHA1	93c03aac8951d494ecd5696b1c08658541b18727
ToBeSigned (TBS) SHA256	40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
Subject	C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
ValidFrom	2006-05-23 17:01:29
ValidTo	2016-05-23 17:11:29
Signature	01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610c120600000000001b
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

NtBuildNumber
ZwOpenProcess
PsLookupProcessByProcessId
ZwQueryInformationProcess
IoCreateSymbolicLink
RtlInitUnicodeString
MmIsAddressValid
IoDeleteDevice
ObfDereferenceObject
ExGetPreviousMode
IoCreateDevice
MmGetSystemRoutineAddress
ObOpenObjectByPointer
ZwQueryObject
RtlUnicodeStringToAnsiString
SePrivilegeCheck
ZwQuerySystemInformation
ZwOpenProcessToken
SeReleaseSubjectContext
KeDetachProcess
ObQueryNameString
strncpy
ExAllocatePool
SeCaptureSubjectContext
NtClose
ZwClose
IofCompleteRequest
ObReferenceObjectByHandle
IoDeleteSymbolicLink
ZwDuplicateObject
ExFreePoolWithTag
RtlFreeAnsiString
KeAttachProcess
KeBugCheckEx
__C_specific_handler

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
INIT
.rsrc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2014-07-08 00:28:27
MD5	9beecfb3146f19400880da61476ef940
SHA1	d5beca70469e0dcb099ba35979155e7c91876fd2
SHA256	c089a31ac95d41ed02d1e4574962f53376b36a9e60ff87769d221dc7d1a3ecfa
Authentihash MD5	c292f0024a454f42fba117b3505b12e9
Authentihash SHA1	d9ebe7ff8318eeece457fc72bec2b582d3350b61
Authentihash SHA256	f0fb06748758082263e252050904f2fd8a29a77ae71dfdb390346bd2046ebfd4
RichPEHeaderHash MD5	aff0aa7b20b4b7a5a981901f3d77237c
RichPEHeaderHash SHA1	263eefe8940d88cce62ddce6fba55eacf2b36ab8
RichPEHeaderHash SHA256	205571b9130bfcc537bcf92e2898431e4afb0dfeabff2c2079146702745ea250
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b

Field	Value
ToBeSigned (TBS) MD5	d0785ad36e427c92b19f6826ab1e8020
ToBeSigned (TBS) SHA1	365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
ToBeSigned (TBS) SHA256	c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
Subject	C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
ValidFrom	2012-12-21 00:00:00
ValidTo	2020-12-30 23:59:59
Signature	03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	7e93ebfb7cc64e59ea4b9a77d406fc3b
Version	3

Certificate 0ecff438c8febf356e04d86a981b1a50

Field	Value
ToBeSigned (TBS) MD5	e9d38360b914c8863f6cba3ee58764d3
ToBeSigned (TBS) SHA1	4cba8eae47b6bf76f20b3504b98b8f062694a89b
ToBeSigned (TBS) SHA256	88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
Subject	C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
ValidFrom	2012-10-18 00:00:00
ValidTo	2020-12-29 23:59:59
Signature	783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	0ecff438c8febf356e04d86a981b1a50
Version	3

Certificate 1efd983a49d3f152ac9cd2941b8a0edd

Field	Value
ToBeSigned (TBS) MD5	1b7ca026e68405de56477b5b7bb3a0a5
ToBeSigned (TBS) SHA1	b2a1bd13d8833154f02e51e25c9f023d54a27d21
ToBeSigned (TBS) SHA256	2018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
Subject	C=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Sysinternals
ValidFrom	2013-04-06 00:00:00
ValidTo	2016-05-05 23:59:59
Signature	dcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	1efd983a49d3f152ac9cd2941b8a0edd
Version	3

Certificate 611993e400000000001c

Field	Value
ToBeSigned (TBS) MD5	78a717e082dcc1cda3458d917e677d14
ToBeSigned (TBS) SHA1	4a872e0e51f9b304469cd1dedb496ee9b8b983a4
ToBeSigned (TBS) SHA256	317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
Subject	C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
ValidFrom	2011-02-22 19:25:17
ValidTo	2021-02-22 19:35:17
Signature	812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	611993e400000000001c
Version	3

Certificate 5200e5aa2556fc1a86ed96c9d44b33c7

Field	Value
ToBeSigned (TBS) MD5	b30c31a572b0409383ed3fbe17e56e81
ToBeSigned (TBS) SHA1	4843a82ed3b1f2bfbee9671960e1940c942f688d
ToBeSigned (TBS) SHA256	03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
Subject	C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
ValidFrom	2010-02-08 00:00:00
ValidTo	2020-02-07 23:59:59
Signature	5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	5200e5aa2556fc1a86ed96c9d44b33c7
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
NtBuildNumber
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2020-09-11 15:57:25
MD5	b79475c4783efdd8122694c6b5669a79
SHA1	d612165251d5f1dcfb1f1a762c88d956f49ce344
SHA256	cdfbe62ef515546f1728189260d0bdf77167063b6dbb77f1db6ed8b61145a2bc
Authentihash MD5	bee5a87f72b42f3bb5958ba541f4caff
Authentihash SHA1	9e0516a6ce73163e2ff5bf0740b57da46846228b
Authentihash SHA256	74716032cc2f63c67b9df0882c6794b4bf66147d943329db5f233a04c2fd9b12
RichPEHeaderHash MD5	43d9cd97a9af9d2018a2e3b912ceee7b
RichPEHeaderHash SHA1	8376f05ff6ebd3001f063c022d6878ae5f3b0adc
RichPEHeaderHash SHA256	8affa451179e3e28a8f4f5e5ce035ec16f661d943ec0acc9ac6e987e7640dfc9
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 330000009484c47568579aafe9000000000094

Field	Value
ToBeSigned (TBS) MD5	b46a69db7e461e55282dc24dc594e5d6
ToBeSigned (TBS) SHA1	3b19241d555a74781e2b63a7c14ad12b1ec68205
ToBeSigned (TBS) SHA256	2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
ValidFrom	2020-03-04 19:12:18
ValidTo	2021-03-03 19:12:18
Signature	36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	False
SerialNumber	330000009484c47568579aafe9000000000094
Version	3

Certificate 610baac1000000000009

Field	Value
ToBeSigned (TBS) MD5	a569061297e8e824767dbc3184a69bea
ToBeSigned (TBS) SHA1	adbb26a587a8f44b4fccaecb306f980d1c55a150
ToBeSigned (TBS) SHA256	cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
ValidFrom	2012-04-18 23:48:38
ValidTo	2027-04-18 23:58:38
Signature	5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	610baac1000000000009
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
PsGetVersion
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
RtlFreeUnicodeString
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2018-11-16 16:15:17
MD5	318e309e11199ec69d8928c46a4d901b
SHA1	63bb17160115f16b3fca1f028b13033af4e468c6
SHA256	d6827cd3a8f273a66ecc33bb915df6c7dea5cc1b8134b0c348303ef50db33476
Authentihash MD5	decbda17e27f012c72e5ff39c8c19089
Authentihash SHA1	ecdaa78f29e1f1a27d28b45a9de5f93af9f18f15
Authentihash SHA256	ee24071d9a0ef38dc98929cfb4d316f9fb010de107c110fad2403022cf1eebfc
RichPEHeaderHash MD5	b304340f5a584624dcd7df388088259e
RichPEHeaderHash SHA1	60b9485e04a7fd71335816953eeb57cabab0866d
RichPEHeaderHash SHA256	7d5b2828aba79fcf1d98ba371f54c4ecb1fe7f56fdfad814e98a1074f3ec01bf
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 33000000f6380d9a86d05ca43b0000000000f6

Field	Value
ToBeSigned (TBS) MD5	3094214121c022fb9a5e410920d5eb96
ToBeSigned (TBS) SHA1	388c68e81cfc19e838d5070ac4e6793b32bfd293
ToBeSigned (TBS) SHA256	0fe53b3d3a84a2b9768554a34a64622ed13cd1b915bdacdc4955e12cc24b4da9
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Operations Puerto Rico, OU=Thales TSS ESN:BBEC,30CA,2DBE, CN=Microsoft Time,Stamp Service
ValidFrom	2018-08-23 20:20:02
ValidTo	2019-11-23 20:20:02
Signature	18296d831c69501fcc0fba56af62fea612d3e1df8e88026af0152c003451479cc1ed1574a00da10660272dc5dd446a18c647b100a47b4c65d0ab4004131aebb3c988b6937214ee9dc7c2e381988b8fe0582c47fa97c21c9b0f11e198b8449015b171f00cb487241b0e339902adfd55f0adbc38b374e77f6daa6e5868b6197ba2122f927de072de2aa467f3175f948d3c29dacac8c697f26e08d840876c6c919bc522b59cf1fb5ee1b23bd9047b02b3a9edd5b1ad4b3be3bf7dec5a093e5732f75c5389eb28c6f95f1bd1c81381e96725eaf4df641c32aed1e77a8fdcdaa360c4b39c6257c5c14c57dc1a380e165cc2f3bfffc9c9ce9d36907e2c74cafdd5f722
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	33000000f6380d9a86d05ca43b0000000000f6
Version	3

Certificate 33000000317c61d46115ceba6a000100000031

Field	Value
ToBeSigned (TBS) MD5	9a2de17c0445f3e68c9315347b5805f8
ToBeSigned (TBS) SHA1	df228171e01e890d9b69a749887197af4a3f7602
ToBeSigned (TBS) SHA256	4a7311ef8dd289fa50df104e89c167449e87034901503c7e9423ee9e90d5c528
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
ValidFrom	2018-06-08 17:24:26
ValidTo	2019-05-29 17:24:26
Signature	507e1dabe5c8a200d7b848d718478b9b2278f88da52f23c4c297c0694d76611430bff53bbe64c2bf85fa5ed551cef1d014dcf7f38109ebb5d8474c628715d4c10dd49f303cbe25aaca38d589b581c1e9786abfb23e79aa332cca8ddeeae9958623887375b40836c23f972646b8b8eac96f0b3dcbc88d56062c54a14d1e7f52ed4eb9d6e0e876fab6029355c1c7f791c63ce9ecfe5d78ffb5ba3ffb21fa78edca381c8717d1c23d01c3f0aa36cb01434f68c981c5924f04089d731c26846e466255679fab67bdfc16ab0debbc2d17f9458dcf4176ac6d63e1bb673a2d7daec55618183ae25d420dc2f7874c295fd7a4afef5cf609247c7c50f75aba8f0195fe03
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	33000000317c61d46115ceba6a000100000031
Version	3

Certificate 33000000382e50e86a989d957f000000000038

Field	Value
ToBeSigned (TBS) MD5	cfa5fa49250320f7a3473a82877fabf3
ToBeSigned (TBS) SHA1	6b3242a9a639b0da4d5882c7eeb402be6615ad0c
ToBeSigned (TBS) SHA256	8e7c756d4597e8cca0f627d75647e2f9d5a693f1f263b193347066d214c1d4db
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility PCA
ValidFrom	2012-06-04 21:05:46
ValidTo	2020-06-04 21:15:46
Signature	0ddf98999318a11f177ab1350fbf36a767f19aae9d2b6878f00df46be551e1a2006c7df64f549376a929c92d15cb1e84bfdedb53638c99f519ebc1e0c1316929f808feeb4098a1742a085e1db5f064b29e45d51ec082db948d6627c5c13d8cec31a94e2682c2e3a11d1f795957b5959e2bf15735f165ee532336fd7250472f564b110c033165e9d151e84cbb18166c479bf193ccad7afb4e0a5a7df5554673eebd9cc7e95616c5bdc1f4323698f67e624e5de547179ee8a2ef1a036f6b536790d8b798deb565279a2ef7d60698683e5725829050744c79f570a60ad5a2a42dca8663b4aa403a43ce41ed76053d509dbefe0af8be00a703439e7e30f82c43d04cd5e4e5ccfea8bc7e0d827c931a327b5f60db68d61592a9644fb73be812ed2e8191add55e535695cdeb5791e290e1a2c8a926252280385d048812e033225d8490263e4fdc36ab70425923a78d6aa13ac6f71d126f1110faf5cf3c3f18802621c55edac43561d9002b0cb0287ee37f2ac7159f7f09fee67f8701ed0f39d50e1b9dfeaf16116af301d0c01bde1439992300df9e47077d6293691cbdc4aaa6fcbac071fea8b8f3aec9034128334ac15358409b8b8371503d9fba3f2c884fc648b05b3908ed710ae26c7509ef1253d60fc19641209f4f88d0695992bcf2555e799086f929121acd378057c6d3c68b9b2b63378701a9ccba6e50c0c80c77cd0a53799e
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	33000000382e50e86a989d957f000000000038
Version	3

Certificate 6116683400000000001c

Field	Value
ToBeSigned (TBS) MD5	335713f62536c68d0acc82df3dceb932
ToBeSigned (TBS) SHA1	023cf1c5e99dc2f24133dae6937145bb481306e6
ToBeSigned (TBS) SHA256	65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time,Stamp PCA
ValidFrom	2007-04-03 12:53:09
ValidTo	2021-04-03 13:03:09
Signature	10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	6116683400000000001c
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
PsGetVersion
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2016-02-04 15:04:43
MD5	c69c292e0b76b25a5fa0e16136770e11
SHA1	05eff2001f595f9e2894c6b5eee756ae72379a6d
SHA256	e07211224b02aaf68a5e4b73fc1049376623793509d9581cdaee9e601020af06
Authentihash MD5	92c56a03fbcd375d9569e1cf60bf78cd
Authentihash SHA1	be428ed7b322ad13b2207294b934b0a67aa8345d
Authentihash SHA256	fa959c48c055ec149d434a5adeb9f9938d1c260a65ee8a4ea1d67bfbdceab83f
RichPEHeaderHash MD5	a052ed4e5d10c66e3e667a42fcdcc54a
RichPEHeaderHash SHA1	04b9d41ef58b5aaaca72f0ce222a8adfbe8ad251
RichPEHeaderHash SHA256	c254feaf8c3e788a6ec9d41de0d7bad054f4347a8347d6806840cd1d9030ed4a
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 330000008a57ea89a349eb8be800000000008a

Field	Value
ToBeSigned (TBS) MD5	fc736157189c18985ff54e87edc06166
ToBeSigned (TBS) SHA1	9c4ab0e49bf223f88f1a9cd4be69e53db6f59ef2
ToBeSigned (TBS) SHA256	8daf9edee56dd74ee0c24f9f618f2fac6eb78e8cd688c733bc8ba9c3a9d6303e
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, OU=nCipher DSE ESN:B1B7,F67F,FEC2, CN=Microsoft Time,Stamp Service
ValidFrom	2015-10-07 18:14:02
ValidTo	2017-01-07 18:14:02
Signature	01d47ac81233981cb030b0fbeeabdd39641bb136ee8863bea04f5ea087ad995f71743f3525cc1e89f20ba37b31e60e2b8e6838f8820ed9ba2201fef412b9831a62d323f9e0a752bc92dd2da8a110e7eb47ce16bd0b933a624a7554d44eaf30e718572ab6968e3234701ded6156b8ecdd53c36cac5ca802437198616ce6b84e707c80548ca7e638ea7acdc0ef56430f030e89c83a701d9ac7541d637b31f2e616a122db3a08ab044a93cc61e2fc4a31a61df406ad6f634bc04d9c1244e0a986c60bebf7f82b44cb769bc5f016f01cf32877adc0cd23e78494c23597207de815f1abe1217416477b62b0dacb176b10a8a9e0663e1f5ad41fec1fb51d2ddc6c8491
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	330000008a57ea89a349eb8be800000000008a
Version	3

Certificate 330000010a2c79aed7797ba6ac00010000010a

Field	Value
ToBeSigned (TBS) MD5	14e79171202b9f17d8770ee3e9e1a04c
ToBeSigned (TBS) SHA1	ce13da3e20f06d1c9ebef5646f4b763f423fbffa
ToBeSigned (TBS) SHA256	37823fe17d235fa83b5231f159e969bcf0d0c6c134d4a89a5f91a92143c7472f
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Corporation
ValidFrom	2015-06-04 17:42:45
ValidTo	2016-09-04 17:42:45
Signature	a6a85391df3b01fe615d065aeb66f00cd8f7d984d300510e10d1a4d11728e78c33382bd843c6038b75eb3392f4a9e267fd02dba51d4e43455d1b49e3e04f16f07e8ff08811ca82ada4fba6a95ff59760c87bc4bf7c9b69ed1f82c1f1cd8e784b62f5d70d1cd75312d69652ef35bd198ea04093a10aa52d169cc2467408ebdbf4d8a549365412115503b37b16fb47fefb68fcc0455ce23f127933a2ef82c5de401907ee15c50a9b590541a9d0979e819e035bfc4ae31a2e05ac50472f8cfa79d81e20f805fb296b1814fa7204b70ba79a64ec115d4f45498d291a2dfbd0b609535f3494e016c4b9ea7335e857efe1eb16c318c706b33bcf6184e2b6448994a386
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	330000010a2c79aed7797ba6ac00010000010a
Version	3

Certificate 6133261a000000000031

Field	Value
ToBeSigned (TBS) MD5	482f91c72e48878971dcf15579a96bd8
ToBeSigned (TBS) SHA1	27543a3f7612de2261c7228321722402f63a07de
ToBeSigned (TBS) SHA256	d372e474aa3b4ca8c060f6adbab1dd488b720b0314aeaf05d49448180ff8afc6
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA
ValidFrom	2010-08-31 22:19:32
ValidTo	2020-08-31 22:29:32
Signature	59393e7f2646afeb6f40b132b56aeb0e2f6ea849f7eb5f75ed4c3b2dd743ad0bfecbe92d31a323cc7c509880215dac3d2f4cbaa2a8569ce370bbb8b4f879b54972f73eea417fcae10c1769cba59c202dfa0b50c456cd2de34ad2bc70e7a80da203a556e0b88a4b57f295429cf1f3efeee3861f343cb8569af05323852aa4821c93e294071df2e24ef88ca1cae813a5914ec81bd28f72952a716d9b1af81cf053d667cc22ff5c1dcda28cbd27b279635644a251cdf9e9a35856dd9b0245442f5ff4daaed482326efca49513e4eb69e7a9a22cbec82b100e658e99dbf5a2fa122609653894f17a1f4abbd1e156e8d07896185cc935165fdd931d498e2dbead34441cee10151a005ddd355b21ce98c709ee850e8c4f6d0e134e3d7c29489c72d1f36ccac1ec70a35792577d948da01b48035af7cfa3670a74a536ed2d2f17c8e6723712f46fb13c6782f952b28d3316651e0e8add10de64f46fce46d4d317e979c404b4d3fb2cdf1f8a9eac0afb132740ade4f9e1a97f46bb0760476560404eb042ec4eedb37679d80a34096d1c80311fe20e54dde5a1fbe54710ad6498ff50162e7cbf05217ae295412769c3938f95c98dd89b21ae0d5c9cf0a2ae8668830c6a2dbb766b001d96adf2167bf6168324b988cf6aa847312f9adce3713dd7007e6247d1ce88c9b818fa0e728dc1a33daf02406aff699b96e210a810b4375008d6c33d
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	6133261a000000000031
Version	3

Certificate 6116683400000000001c

Field	Value
ToBeSigned (TBS) MD5	335713f62536c68d0acc82df3dceb932
ToBeSigned (TBS) SHA1	023cf1c5e99dc2f24133dae6937145bb481306e6
ToBeSigned (TBS) SHA256	65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time,Stamp PCA
ValidFrom	2007-04-03 12:53:09
ValidTo	2021-04-03 13:03:09
Signature	10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	6116683400000000001c
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
NtBuildNumber
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2019-06-28 15:02:57
MD5	9982da703f13140997e137b1e745a2e3
SHA1	511b06898770337609ee065547dbf14ce3de5a95
SHA256	e3f2ee22dec15061919583e4beb8abb3b29b283e2bcb46badf2bfde65f5ea8dd
Authentihash MD5	db32843b80c6e8c9173847c3faab2200
Authentihash SHA1	fffeec16afdeedd2bee22860f0942c846ba9ee1a
Authentihash SHA256	cee01c69cb0c06dd0d98ff05aeb2b0a34a4aa1a71d35a3033bf9c1a35b637c55
RichPEHeaderHash MD5	dd10afd0600f2236361f48592587474c
RichPEHeaderHash SHA1	0dbcc0d10e288b15aa0eda2aaffcd2a0edb7850b
RichPEHeaderHash SHA256	c834c4c8ac0c6f8457c4b833e5771b4f273ed815ab2d189a65c4afa9ca9e3975
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 3300000109e219d6f9b8a4bebf000000000109

Field	Value
ToBeSigned (TBS) MD5	10a173441d459944d30bbcfc69f7521b
ToBeSigned (TBS) SHA1	500cf2d67d9e3b7c31b2a65d4f121f7201cade0e
ToBeSigned (TBS) SHA256	1994223eadaccd1eaf27c1a3e90dd6142a4ceb8f8fafe5109e2accbccc60e4ed
Subject	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Ireland Operations Limited, OU=Thales TSS ESN:86DF,4BBC,9335, CN=Microsoft Time,Stamp service
ValidFrom	2018-08-23 20:20:28
ValidTo	2019-11-23 20:20:28
Signature	9d7642feb515917887e958cc8890ccc717f8b1b164f2248f2657c2dd3bc82767e8a80b860b39f6469c373f7db0e6bf50975f396197e28b8b47b1c36014316a5fecd78d4528fe00e0c5a92321319a4be66b2359c99f01a27514f95879324fc6c121d6958cade3c4e366f75ebd979c4ee701a63655ae846982f63439c44099f0a18de3b3d9ae023e8c5c49406c94c556a7dee459a92b543f395dde5cfe106e0540f7710430d130862c6693445d18efaac409f2cd7d319e21a12c5184e767993562b324ff9db371cce7a932d3be5ee3396cf1864a609bbe6ebcf8834cbb11c44729119a6a5abc5e3ef8947dcb0bc6b554217a3e39a079e4bd733dc46b77b8f39a3c
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	3300000109e219d6f9b8a4bebf000000000109
Version	3

Certificate 33000000387a14cce6619d8c51000200000038

Field	Value
ToBeSigned (TBS) MD5	f9a6526d8f83e3d33d925ae95b752dca
ToBeSigned (TBS) SHA1	ad9f086d0642e3b5de60584c44123cf4603c4525
ToBeSigned (TBS) SHA256	7bdb7967d328a3a1cb2d2c4c7399633203668f9a86a271b277a218b639ad12ee
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
ValidFrom	2019-04-18 18:42:23
ValidTo	2020-03-27 18:42:23
Signature	5844e21f86b9788f56cd1d77f3f69287bb20fca894e9fedbba22b6bc952403a6b4c2cd38d003bfdd0ceb0ddcc583331efcad8b4be9516204983e26aaa15594ebc7b5784a3999aa9096a0d877371281c61840e4e57a2f4e33bcb554e3b1c25bcc71215544be72d254435aa7f462028722def36cb7819d9d746296b42f1e2dc0c6176f722fdc51d3913e1afdd3052cc50e1dc3f8dac1aaec4fc9b739973db14c1f1f68b5516a406994297ba034347c781323447d7e6c87dd73db025cea27bba00321aa12287daee740fd07040f293ead6d5f61bc0304daeebc847d5f4da6e712d2868d64a710212080c97dd804c265b6a60b368cceab6e1a4c81ba8361233a0ab2
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	33000000387a14cce6619d8c51000200000038
Version	3

Certificate 610435f1000000000041

Field	Value
ToBeSigned (TBS) MD5	77dab20d8e23cd8e18633adca506cf6e
ToBeSigned (TBS) SHA1	c5506bee3c29254dc5b5a0e6e7a14046522708ef
ToBeSigned (TBS) SHA256	611f1d188d7c39a400a01ee32e2c257be5082445ace6f59acd103a250cc2ec0f
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility PCA
ValidFrom	2018-09-20 17:42:01
ValidTo	2021-05-09 23:28:13
Signature	db595516f66f18e1341f22519cd75bdebec9fe22cf0da8b0b3d16c1da9a402d786bc566b40ee0bbcf93519de693d54a7d10a23c02dbc67986c390faf808cbc4adb87290c6336e5faf85d8f8c233ef9922fb1843a48a325954aeac902617af61fee0538540f210e1e96e2d2fbd710c3d9dcdee31f05054f429bacbd15eea95a19817a77c5be146a41a7307858ced3207157603c07b83c83ca0f35f77a632f148aa6dc8e0f947a8aaf6ad8c8d7c4490526c7f4f6ad021edb776725fe7dfb894a56d92fd032d2197c0e4edb995316a84d28109a61707230317c47c98b01093a263ebe5bcc278ffd669fd49fe1f51ac913b6c3cf714b5fc34381ee4996d59981421916414f0a902e76bd3b0399e4851a6084716df77ce405fe55a53be6f3c95f067a3f46ef77f7ad48d211cac1b08ab7964cfa9e8fdd336d2a84750021c76bffdc3de28b8d81b65134c9bdf6379fedf06b028f3ec0b6f5a6bb72c6745953ef43d67808d0bf11b7fa1d0a74b18f5e3b21f2e940ade8d052a9e19e9eb3bffbe9f5e8439a09ee26abf6d3e9528a1ef984617b5c33cf0d8d6e9daac74135d14fc21e82668e5b9075d3235eb988eec5fcac9753af2e343e2a1c88a19dc94ec1f11ae245eef3a76beccb5bb13fa9f39d9b04ffd6342cbc040e29a161d212d5b6a50c10be6f6b9e681d4747ac7bd030d75c18d61ec0ad03e3cecfc668c49424c26fd4de1072
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610435f1000000000041
Version	3

Certificate 6116683400000000001c

Field	Value
ToBeSigned (TBS) MD5	335713f62536c68d0acc82df3dceb932
ToBeSigned (TBS) SHA1	023cf1c5e99dc2f24133dae6937145bb481306e6
ToBeSigned (TBS) SHA256	65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time,Stamp PCA
ValidFrom	2007-04-03 12:53:09
ValidTo	2021-04-03 13:03:09
Signature	10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	6116683400000000001c
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
PsGetVersion
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
RtlFreeUnicodeString
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2019-06-13 08:03:46
MD5	9b9d367cb53df0a2e0850760c840d016
SHA1	631fdd1ef2d6f2d98e36f8fc7adbf90fbfb0a1e8
SHA256	f29073dc99cb52fa890aae80037b48a172138f112474a1aecddae21179c93478
Authentihash MD5	dafa4bdbdbbd96532d03022cd6900fed
Authentihash SHA1	f2ff9b749f7c5f21043b42d97b8a386c702d4435
Authentihash SHA256	ab5324c992c7547020f85de3456516e0dba2c3c5aab10371723a96188354abaf
RichPEHeaderHash MD5	dd10afd0600f2236361f48592587474c
RichPEHeaderHash SHA1	0dbcc0d10e288b15aa0eda2aaffcd2a0edb7850b
RichPEHeaderHash SHA256	c834c4c8ac0c6f8457c4b833e5771b4f273ed815ab2d189a65c4afa9ca9e3975
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 33000000eb69aacc3e299f2d390000000000eb

Field	Value
ToBeSigned (TBS) MD5	474aa22f78903fa7bca0bf6ff4dabe03
ToBeSigned (TBS) SHA1	1745a1caaa7a8dd0da3ae4b2c3037b327e66ca86
ToBeSigned (TBS) SHA256	a8662656da96725e4dedea5cd1234e9d64281228f08f87462cdcf378d7ff4a03
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Operations Puerto Rico, OU=Thales TSS ESN:B8EC,30A4,7144, CN=Microsoft Time,Stamp Service
ValidFrom	2018-08-23 20:19:30
ValidTo	2019-11-23 20:19:30
Signature	7be0d660424af8eac275a9459174b3ce3f76e30006b180babd8949b702315798d46cfdc5fb6e6f0b489316944aab7252418e255760c2550c6404f8feea766d14fcf7ab9529c10737079214ba8fc5f789160b14cd0fb3f5fb47e12f7e217f95ee8d0707856807dd90f5075de7a1ea44915a2f36eca695c9a525db6ddb6b0638dfa21612ae4ce571e75643ab00363b309586d9e1c5b1183101dda77c613ccb9cf66d7306384789f8f543a751abc6fcd074b494546cc38ee1fc9400c06be11db4b58b9d82fa1744af0155511f60fea641ad501ba321de896e25bde327ba58a437cc3115e1dd2f58ea9a1fbbaeeda1dc5b2fb69f9f5562d7577afdb8cde903074a76
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	33000000eb69aacc3e299f2d390000000000eb
Version	3

Certificate 33000000387a14cce6619d8c51000200000038

Field	Value
ToBeSigned (TBS) MD5	f9a6526d8f83e3d33d925ae95b752dca
ToBeSigned (TBS) SHA1	ad9f086d0642e3b5de60584c44123cf4603c4525
ToBeSigned (TBS) SHA256	7bdb7967d328a3a1cb2d2c4c7399633203668f9a86a271b277a218b639ad12ee
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
ValidFrom	2019-04-18 18:42:23
ValidTo	2020-03-27 18:42:23
Signature	5844e21f86b9788f56cd1d77f3f69287bb20fca894e9fedbba22b6bc952403a6b4c2cd38d003bfdd0ceb0ddcc583331efcad8b4be9516204983e26aaa15594ebc7b5784a3999aa9096a0d877371281c61840e4e57a2f4e33bcb554e3b1c25bcc71215544be72d254435aa7f462028722def36cb7819d9d746296b42f1e2dc0c6176f722fdc51d3913e1afdd3052cc50e1dc3f8dac1aaec4fc9b739973db14c1f1f68b5516a406994297ba034347c781323447d7e6c87dd73db025cea27bba00321aa12287daee740fd07040f293ead6d5f61bc0304daeebc847d5f4da6e712d2868d64a710212080c97dd804c265b6a60b368cceab6e1a4c81ba8361233a0ab2
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	33000000387a14cce6619d8c51000200000038
Version	3

Certificate 610435f1000000000041

Field	Value
ToBeSigned (TBS) MD5	77dab20d8e23cd8e18633adca506cf6e
ToBeSigned (TBS) SHA1	c5506bee3c29254dc5b5a0e6e7a14046522708ef
ToBeSigned (TBS) SHA256	611f1d188d7c39a400a01ee32e2c257be5082445ace6f59acd103a250cc2ec0f
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility PCA
ValidFrom	2018-09-20 17:42:01
ValidTo	2021-05-09 23:28:13
Signature	db595516f66f18e1341f22519cd75bdebec9fe22cf0da8b0b3d16c1da9a402d786bc566b40ee0bbcf93519de693d54a7d10a23c02dbc67986c390faf808cbc4adb87290c6336e5faf85d8f8c233ef9922fb1843a48a325954aeac902617af61fee0538540f210e1e96e2d2fbd710c3d9dcdee31f05054f429bacbd15eea95a19817a77c5be146a41a7307858ced3207157603c07b83c83ca0f35f77a632f148aa6dc8e0f947a8aaf6ad8c8d7c4490526c7f4f6ad021edb776725fe7dfb894a56d92fd032d2197c0e4edb995316a84d28109a61707230317c47c98b01093a263ebe5bcc278ffd669fd49fe1f51ac913b6c3cf714b5fc34381ee4996d59981421916414f0a902e76bd3b0399e4851a6084716df77ce405fe55a53be6f3c95f067a3f46ef77f7ad48d211cac1b08ab7964cfa9e8fdd336d2a84750021c76bffdc3de28b8d81b65134c9bdf6379fedf06b028f3ec0b6f5a6bb72c6745953ef43d67808d0bf11b7fa1d0a74b18f5e3b21f2e940ade8d052a9e19e9eb3bffbe9f5e8439a09ee26abf6d3e9528a1ef984617b5c33cf0d8d6e9daac74135d14fc21e82668e5b9075d3235eb988eec5fcac9753af2e343e2a1c88a19dc94ec1f11ae245eef3a76beccb5bb13fa9f39d9b04ffd6342cbc040e29a161d212d5b6a50c10be6f6b9e681d4747ac7bd030d75c18d61ec0ad03e3cecfc668c49424c26fd4de1072
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610435f1000000000041
Version	3

Certificate 6116683400000000001c

Field	Value
ToBeSigned (TBS) MD5	335713f62536c68d0acc82df3dceb932
ToBeSigned (TBS) SHA1	023cf1c5e99dc2f24133dae6937145bb481306e6
ToBeSigned (TBS) SHA256	65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time,Stamp PCA
ValidFrom	2007-04-03 12:53:09
ValidTo	2021-04-03 13:03:09
Signature	10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	6116683400000000001c
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
PsGetVersion
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
RtlFreeUnicodeString
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp152.sys
Creation Timestamp	2015-05-10 22:52:10
MD5	ad03f225247b58a57584b40a4d1746d3
SHA1	e525f54b762c10703c975132e8fc21b6cd88d39b
SHA256	59b09bd69923c0b3de3239e73205b1846a5f69043546d471b259887bb141d879
Authentihash MD5	9e4c2a2e8832f10ecdd2be70eb6bc300
Authentihash SHA1	2b15e90dc654ce779bd460787352639768cd8baa
Authentihash SHA256	26536758c2247b6251a342d2e80de1753c006a0dce9b3b8a6a5b1d3110c8fc34
RichPEHeaderHash MD5	a052ed4e5d10c66e3e667a42fcdcc54a
RichPEHeaderHash SHA1	04b9d41ef58b5aaaca72f0ce222a8adfbe8ad251
RichPEHeaderHash SHA256	c254feaf8c3e788a6ec9d41de0d7bad054f4347a8347d6806840cd1d9030ed4a
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b

Field	Value
ToBeSigned (TBS) MD5	d0785ad36e427c92b19f6826ab1e8020
ToBeSigned (TBS) SHA1	365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
ToBeSigned (TBS) SHA256	c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
Subject	C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
ValidFrom	2012-12-21 00:00:00
ValidTo	2020-12-30 23:59:59
Signature	03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	7e93ebfb7cc64e59ea4b9a77d406fc3b
Version	3

Certificate 0ecff438c8febf356e04d86a981b1a50

Field	Value
ToBeSigned (TBS) MD5	e9d38360b914c8863f6cba3ee58764d3
ToBeSigned (TBS) SHA1	4cba8eae47b6bf76f20b3504b98b8f062694a89b
ToBeSigned (TBS) SHA256	88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
Subject	C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
ValidFrom	2012-10-18 00:00:00
ValidTo	2020-12-29 23:59:59
Signature	783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	0ecff438c8febf356e04d86a981b1a50
Version	3

Certificate 1efd983a49d3f152ac9cd2941b8a0edd

Field	Value
ToBeSigned (TBS) MD5	1b7ca026e68405de56477b5b7bb3a0a5
ToBeSigned (TBS) SHA1	b2a1bd13d8833154f02e51e25c9f023d54a27d21
ToBeSigned (TBS) SHA256	2018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
Subject	C=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Sysinternals
ValidFrom	2013-04-06 00:00:00
ValidTo	2016-05-05 23:59:59
Signature	dcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	1efd983a49d3f152ac9cd2941b8a0edd
Version	3

Certificate 611993e400000000001c

Field	Value
ToBeSigned (TBS) MD5	78a717e082dcc1cda3458d917e677d14
ToBeSigned (TBS) SHA1	4a872e0e51f9b304469cd1dedb496ee9b8b983a4
ToBeSigned (TBS) SHA256	317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
Subject	C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
ValidFrom	2011-02-22 19:25:17
ValidTo	2021-02-22 19:35:17
Signature	812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	611993e400000000001c
Version	3

Certificate 5200e5aa2556fc1a86ed96c9d44b33c7

Field	Value
ToBeSigned (TBS) MD5	b30c31a572b0409383ed3fbe17e56e81
ToBeSigned (TBS) SHA1	4843a82ed3b1f2bfbee9671960e1940c942f688d
ToBeSigned (TBS) SHA256	03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
Subject	C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
ValidFrom	2010-02-08 00:00:00
ValidTo	2020-02-07 23:59:59
Signature	5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	5200e5aa2556fc1a86ed96c9d44b33c7
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
NtBuildNumber
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.Sys
Creation Timestamp	2021-08-16 20:01:16
MD5	97e3a44ec4ae58c8cc38eefc613e950e
SHA1	bc47e15537fa7c32dfefd23168d7e1741f8477ed
SHA256	440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c
Authentihash MD5	0a7106a04e6e3b13eb105b013f76e031
Authentihash SHA1	0c74316dfb9c21b7ff2dc288c005f9474dc26589
Authentihash SHA256	c7fef94e329bd9b66b281539265f989313356cbd9c345df9e670e9c4b6e0edce
RichPEHeaderHash MD5	10ece32f0d8e8124966ad20948a21790
RichPEHeaderHash SHA1	e70413e4c5de0ddabaeb3b871f170e42cc2c98d3
RichPEHeaderHash SHA256	70581f2de67d48a583a4ee59062315c053f9419dc879e246c6a4efc9f1ec6506
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 33000000b20f9ad86794f322f60000000000b2

Field	Value
ToBeSigned (TBS) MD5	b9dc0ff1a60c3aba24a78d505955bf39
ToBeSigned (TBS) SHA1	15a5da2c8aa2955af75615009d249071f91fd252
ToBeSigned (TBS) SHA256	ba7853f855ba7bc325287c11f5f7b20e013716affad372440feb2c3cf02f0bc5
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
ValidFrom	2020-12-15 22:15:30
ValidTo	2021-12-02 22:15:30
Signature	199acc6a8717c0db5b4b2312dccd8bb1e33ef492731fb8e1d60bd6f690de074b6d92293c8260012dcacc668a68f10e726a37d2ff7ee66b1eea424f56f104249bd6d7e7eba8c1745f4f1143bac7e648e48c1b2a1adf6954b5de1669df19c4be5633b791b7a3cba23641006fd58ac2d494a1d00dadbc3b3fe50a7ad0163cb386693824106b5dd9f9b8a579e45f5c5f8804832b8a773701e0ca31dee9a012fce5911492de93beea44a3822f7a83c448a484eeb937a4fa7f4067879b910e534c966d2650bd5c93f066656aa0f4c7c318161d4a8b367056df42af60a0aad0eb2de3bb47b96b948f2c849f330cfef599f1775bb6d41cf150decb40a83d5800727d977e
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	False
SerialNumber	33000000b20f9ad86794f322f60000000000b2
Version	3

Certificate 610baac1000000000009

Field	Value
ToBeSigned (TBS) MD5	a569061297e8e824767dbc3184a69bea
ToBeSigned (TBS) SHA1	adbb26a587a8f44b4fccaecb306f980d1c55a150
ToBeSigned (TBS) SHA256	cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
ValidFrom	2012-04-18 23:48:38
ValidTo	2027-04-18 23:58:38
Signature	5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	610baac1000000000009
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
PsGetVersion
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
RtlFreeUnicodeString
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp.sys
Creation Timestamp	2020-09-11 15:57:25
MD5	b79475c4783efdd8122694c6b5669a79
SHA1	d612165251d5f1dcfb1f1a762c88d956f49ce344
SHA256	cdfbe62ef515546f1728189260d0bdf77167063b6dbb77f1db6ed8b61145a2bc
Authentihash MD5	bee5a87f72b42f3bb5958ba541f4caff
Authentihash SHA1	9e0516a6ce73163e2ff5bf0740b57da46846228b
Authentihash SHA256	74716032cc2f63c67b9df0882c6794b4bf66147d943329db5f233a04c2fd9b12
RichPEHeaderHash MD5	43d9cd97a9af9d2018a2e3b912ceee7b
RichPEHeaderHash SHA1	8376f05ff6ebd3001f063c022d6878ae5f3b0adc
RichPEHeaderHash SHA256	8affa451179e3e28a8f4f5e5ce035ec16f661d943ec0acc9ac6e987e7640dfc9
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 330000009484c47568579aafe9000000000094

Field	Value
ToBeSigned (TBS) MD5	b46a69db7e461e55282dc24dc594e5d6
ToBeSigned (TBS) SHA1	3b19241d555a74781e2b63a7c14ad12b1ec68205
ToBeSigned (TBS) SHA256	2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
ValidFrom	2020-03-04 19:12:18
ValidTo	2021-03-03 19:12:18
Signature	36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	False
SerialNumber	330000009484c47568579aafe9000000000094
Version	3

Certificate 610baac1000000000009

Field	Value
ToBeSigned (TBS) MD5	a569061297e8e824767dbc3184a69bea
ToBeSigned (TBS) SHA1	adbb26a587a8f44b4fccaecb306f980d1c55a150
ToBeSigned (TBS) SHA256	cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
ValidFrom	2012-04-18 23:48:38
ValidTo	2027-04-18 23:58:38
Signature	5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	610baac1000000000009
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
PsGetVersion
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
RtlFreeUnicodeString
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename	procexp1627.sys
Creation Timestamp	2019-12-13 09:37:59
MD5	c06dda757b92e79540551efd00b99d4b
SHA1	3296844d22c87dd5eba3aa378a8242b41d59db7a
SHA256	9b6a84f7c40ea51c38cc4d2e93efb3375e9d98d4894a85941190d94fbe73a4e4
Authentihash MD5	f57e986673aee44bf51e7e6bb3ed0113
Authentihash SHA1	edc10781eb6d1e3bdf9d15cfebddbe1a1fb804d9
Authentihash SHA256	decba65bbf2232ac55a698539304cab211b45eef0ed17c05dd7995bef2b98fc6
RichPEHeaderHash MD5	fb1a18f749889fe0e199b0f3663bd343
RichPEHeaderHash SHA1	9a992dfb873710e2066c04fcfd782ba5b28b26a0
RichPEHeaderHash SHA256	5926062150b4490d7e6f74618065b30be72dce302a8ae31b808bc8ba87e22694
Company	Sysinternals - www.sysinternals.com
Description	Process Explorer
Product	Process Explorer
OriginalFilename	procexp.Sys

Download

Certificates

Expand

Certificate 3300000082c88ba15b1c3ef710000000000082

Field	Value
ToBeSigned (TBS) MD5	d47b44dce52973327e0283b8aaa49df4
ToBeSigned (TBS) SHA1	d8c5ee55191da114e9e73f01e6222025ede696ac
ToBeSigned (TBS) SHA256	2d7cd230c57a7af8093369126606854002ea799a5d9b72fdb636988bdec5b451
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
ValidFrom	2019-05-02 20:49:42
ValidTo	2020-05-02 20:49:42
Signature	9c38927cf34cadf6121bbacca605cb2423a311565e3a71c4449c2cb81936d3ed3aa79d7a0914e19ab121d788f1803cdf9f023a352823ad4175f5389c193fb1efba47e33ab8ff227e68742a875f3932dfa7bc39950353653e664de0049ba8f09914e5dd7d78dff13d50096d20de210e49c3ea01713741c88ed65805d4eb08ded809a5c70a116c7648c0c55951004b1d249575bed351fbee3361cf822e02b437c702c7948496eb784dbf6102839ceb3e1e26f344a6aa2a9b1b0b7c6f56f3c145cbecd9a9661adc7446b5c368f782f5fd50a5a244618ae30b3dc4616c59992a28192174906653bc878dec57075ce37a4e8ceeabd2b8eeff742443fee80af5ee6482
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	False
SerialNumber	3300000082c88ba15b1c3ef710000000000082
Version	3

Certificate 610baac1000000000009

Field	Value
ToBeSigned (TBS) MD5	a569061297e8e824767dbc3184a69bea
ToBeSigned (TBS) SHA1	adbb26a587a8f44b4fccaecb306f980d1c55a150
ToBeSigned (TBS) SHA256	cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
ValidFrom	2012-04-18 23:48:38
ValidTo	2027-04-18 23:58:38
Signature	5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	610baac1000000000009
Version	3

Imports

Expand

ntoskrnl.exe

Imported Functions

Expand

strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
PsGetVersion
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
RtlFreeUnicodeString
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
KeBugCheckEx

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "b46a69db7e461e55282dc24dc594e5d6",
        "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
        "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
        "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
      },
      "ValidFrom": "2020-03-04 19:12:18",
      "ValidTo": "2021-03-03 19:12:18",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610baac1000000000009",
      "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "TBS": {
        "MD5": "a569061297e8e824767dbc3184a69bea",
        "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
        "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
        "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
      },
      "ValidFrom": "2012-04-18 23:48:38",
      "ValidTo": "2027-04-18 23:58:38",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
      "SerialNumber": "330000009484c47568579aafe9000000000094",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

source

last_updated: 2024-09-26