Description
Confirmed vulnerable driver from Microsoft Block List
- UUID: 9454a752-233e-4ba2-b585-8da242bf8f31
- Created: 2023-07-22
- Author: Michael Haag
- Acknowledgement: |
Download
| Use Case | Privileges | Operating System |
|---|
| Elevate privileges | kernel | Windows |
Detections
YARA 🏹
Expand
Sigma 🛡️
Expand
Names
detects loading using name only
Hashes
detects loading using hashes only
Resources
https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802cCVE
Known Vulnerable Samples
Download
Certificates
Expand
Certificate 33000000b5213fca1e4aa03de40000000000b5
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a0dd89c33c4973bf6758331e200fb6de |
| ToBeSigned (TBS) SHA1 | 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5 |
| ToBeSigned (TBS) SHA256 | 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2020-12-15 22:15:33 |
| ValidTo | 2021-12-02 22:15:33 |
| Signature | 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000000b5213fca1e4aa03de40000000000b5 |
| Version | 3 |
Certificate 610baac1000000000009
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a569061297e8e824767dbc3184a69bea |
| ToBeSigned (TBS) SHA1 | adbb26a587a8f44b4fccaecb306f980d1c55a150 |
| ToBeSigned (TBS) SHA256 | cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012 |
| ValidFrom | 2012-04-18 23:48:38 |
| ValidTo | 2027-04-18 23:58:38 |
| Signature | 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 610baac1000000000009 |
| Version | 3 |
Imports
Expand
- fwpkclnt.sys
- ntoskrnl.exe
- NETIO.SYS
- HAL.dll
- WDFLDR.SYS
Imported Functions
Expand
- FwpsAcquireClassifyHandle0
- FwpsReleaseClassifyHandle0
- FwpmFilterDeleteById0
- FwpsAcquireWritableLayerDataPointer0
- FwpsApplyModifiedLayerData0
- FwpmFilterAdd0
- FwpmCalloutAdd0
- FwpmSubLayerDeleteByKey0
- FwpmSubLayerAdd0
- FwpmTransactionAbort0
- FwpmTransactionCommit0
- FwpmTransactionBegin0
- FwpmEngineClose0
- FwpmEngineOpen0
- FwpsCalloutUnregisterById0
- FwpsCompleteClassify0
- FwpsCalloutRegister1
- IofCallDriver
- IoCreateFile
- IoFreeIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- ObfDereferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwClose
- IoFileObjectType
- KeEnterCriticalRegion
- KeLeaveCriticalRegion
- PsTerminateSystemThread
- KeSetBasePriorityThread
- sprintf
- CmUnRegisterCallback
- CmRegisterCallbackEx
- CmCallbackGetKeyObjectID
- MmIsAddressValid
- strlen
- strncmp
- strncpy
- wcscat
- wcslen
- wcsncmp
- RtlInitAnsiString
- strcat
- strcmp
- strncat
- ExAllocatePoolWithTag
- ExAcquireSpinLockExclusive
- ExReleaseSpinLockExclusive
- wcscpy
- RtlAnsiStringToUnicodeString
- RtlFreeUnicodeString
- RtlCreateSecurityDescriptor
- RtlSetDaclSecurityDescriptor
- KeResetEvent
- KeInitializeTimerEx
- KeSetTimerEx
- PsCreateSystemThread
- ZwCreateKey
- ZwOpenKey
- ZwFlushKey
- ZwQueryValueKey
- ZwSetValueKey
- NtQueryInformationToken
- RtlLengthSid
- RtlConvertSidToUnicodeString
- RtlCreateAcl
- RtlAddAccessAllowedAce
- RtlSetOwnerSecurityDescriptor
- PsLookupProcessByProcessId
- ObOpenObjectByPointer
- ZwOpenProcessTokenEx
- ZwSetSecurityObject
- PsGetProcessImageFileName
- _allmul
- PsProcessType
- SeExports
- strchr
- strncpy_s
- MmProbeAndLockPages
- MmUnlockPages
- IoAllocateMdl
- IoFreeMdl
- IoReuseIrp
- IoAllocateIrp
- RtlUnwind
- KeWaitForSingleObject
- KeSetEvent
- KeInitializeEvent
- KeGetCurrentThread
- IoDeleteSymbolicLink
- KeBugCheckEx
- ExFreePoolWithTag
- RtlInitUnicodeString
- RtlCopyUnicodeString
- strcpy
- memset
- memcpy
- strstr
- WskDeregister
- WskReleaseProviderNPI
- WskCaptureProviderNPI
- WskRegister
- KeGetCurrentIrql
- WdfVersionBind
- WdfVersionBindClass
- WdfVersionUnbindClass
- WdfVersionUnbind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Signature": "0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "a0dd89c33c4973bf6758331e200fb6de",
"SHA1": "65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5",
"SHA256": "29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47",
"SHA384": "a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e"
},
"ValidFrom": "2020-12-15 22:15:33",
"ValidTo": "2021-12-02 22:15:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610baac1000000000009",
"Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"TBS": {
"MD5": "a569061297e8e824767dbc3184a69bea",
"SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
"SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
"SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
},
"ValidFrom": "2012-04-18 23:48:38",
"ValidTo": "2027-04-18 23:58:38",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Imports
Expand
- fwpkclnt.sys
- ntoskrnl.exe
- NETIO.SYS
- HAL.dll
- WDFLDR.SYS
Imported Functions
Expand
- FwpsAcquireClassifyHandle0
- FwpsReleaseClassifyHandle0
- FwpmFilterDeleteById0
- FwpsAcquireWritableLayerDataPointer0
- FwpsApplyModifiedLayerData0
- FwpmFilterAdd0
- FwpmCalloutAdd0
- FwpmSubLayerDeleteByKey0
- FwpmSubLayerAdd0
- FwpmTransactionAbort0
- FwpmTransactionCommit0
- FwpmTransactionBegin0
- FwpmEngineClose0
- FwpmEngineOpen0
- FwpsCalloutUnregisterById0
- FwpsCompleteClassify0
- FwpsCalloutRegister1
- IofCallDriver
- IoCreateFile
- IoFreeIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- ObfDereferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwClose
- IoFileObjectType
- KeEnterCriticalRegion
- KeLeaveCriticalRegion
- PsTerminateSystemThread
- KeSetBasePriorityThread
- sprintf
- CmUnRegisterCallback
- CmRegisterCallbackEx
- CmCallbackGetKeyObjectID
- MmIsAddressValid
- strlen
- strncmp
- strncpy
- wcscat
- wcslen
- wcsncmp
- RtlInitAnsiString
- strcat
- strcmp
- strncat
- ExAllocatePoolWithTag
- ExAcquireSpinLockExclusive
- ExReleaseSpinLockExclusive
- wcscpy
- RtlAnsiStringToUnicodeString
- RtlFreeUnicodeString
- RtlCreateSecurityDescriptor
- RtlSetDaclSecurityDescriptor
- KeResetEvent
- KeInitializeTimerEx
- KeSetTimerEx
- PsCreateSystemThread
- ZwCreateKey
- ZwOpenKey
- ZwFlushKey
- ZwQueryValueKey
- ZwSetValueKey
- NtQueryInformationToken
- RtlLengthSid
- RtlConvertSidToUnicodeString
- RtlCreateAcl
- RtlAddAccessAllowedAce
- RtlSetOwnerSecurityDescriptor
- PsLookupProcessByProcessId
- ObOpenObjectByPointer
- ZwOpenProcessTokenEx
- ZwSetSecurityObject
- PsGetProcessImageFileName
- _allmul
- PsProcessType
- SeExports
- strchr
- strncpy_s
- MmProbeAndLockPages
- MmUnlockPages
- IoAllocateMdl
- IoFreeMdl
- IoReuseIrp
- IoAllocateIrp
- RtlUnwind
- KeWaitForSingleObject
- KeSetEvent
- KeInitializeEvent
- KeGetCurrentThread
- IoDeleteSymbolicLink
- KeBugCheckEx
- ExFreePoolWithTag
- RtlInitUnicodeString
- RtlCopyUnicodeString
- strcpy
- memset
- memcpy
- strstr
- WskDeregister
- WskReleaseProviderNPI
- WskCaptureProviderNPI
- WskRegister
- KeGetCurrentIrql
- WdfVersionBind
- WdfVersionBindClass
- WdfVersionUnbindClass
- WdfVersionUnbind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Signature": "0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "a0dd89c33c4973bf6758331e200fb6de",
"SHA1": "65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5",
"SHA256": "29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47",
"SHA384": "a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e"
},
"ValidFrom": "2020-12-15 22:15:33",
"ValidTo": "2021-12-02 22:15:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610baac1000000000009",
"Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"TBS": {
"MD5": "a569061297e8e824767dbc3184a69bea",
"SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
"SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
"SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
},
"ValidFrom": "2012-04-18 23:48:38",
"ValidTo": "2027-04-18 23:58:38",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 33000000b5213fca1e4aa03de40000000000b5
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a0dd89c33c4973bf6758331e200fb6de |
| ToBeSigned (TBS) SHA1 | 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5 |
| ToBeSigned (TBS) SHA256 | 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2020-12-15 22:15:33 |
| ValidTo | 2021-12-02 22:15:33 |
| Signature | 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000000b5213fca1e4aa03de40000000000b5 |
| Version | 3 |
Certificate 610baac1000000000009
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a569061297e8e824767dbc3184a69bea |
| ToBeSigned (TBS) SHA1 | adbb26a587a8f44b4fccaecb306f980d1c55a150 |
| ToBeSigned (TBS) SHA256 | cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012 |
| ValidFrom | 2012-04-18 23:48:38 |
| ValidTo | 2027-04-18 23:58:38 |
| Signature | 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 610baac1000000000009 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- RtlInitUnicodeString
- IoDeleteSymbolicLink
- RtlCopyUnicodeString
- WdfVersionUnbindClass
- WdfVersionBindClass
- WdfVersionBind
- WdfVersionUnbind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Signature": "0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "a0dd89c33c4973bf6758331e200fb6de",
"SHA1": "65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5",
"SHA256": "29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47",
"SHA384": "a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e"
},
"ValidFrom": "2020-12-15 22:15:33",
"ValidTo": "2021-12-02 22:15:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610baac1000000000009",
"Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"TBS": {
"MD5": "a569061297e8e824767dbc3184a69bea",
"SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
"SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
"SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
},
"ValidFrom": "2012-04-18 23:48:38",
"ValidTo": "2027-04-18 23:58:38",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Imports
Expand
- fwpkclnt.sys
- ntoskrnl.exe
- NETIO.SYS
- HAL.dll
- WDFLDR.SYS
Imported Functions
Expand
- FwpsAcquireClassifyHandle0
- FwpsReleaseClassifyHandle0
- FwpmFilterDeleteById0
- FwpsAcquireWritableLayerDataPointer0
- FwpsApplyModifiedLayerData0
- FwpmFilterAdd0
- FwpmCalloutAdd0
- FwpmSubLayerDeleteByKey0
- FwpmSubLayerAdd0
- FwpmTransactionAbort0
- FwpmTransactionCommit0
- FwpmTransactionBegin0
- FwpmEngineClose0
- FwpmEngineOpen0
- FwpsCalloutUnregisterById0
- FwpsCompleteClassify0
- FwpsCalloutRegister1
- IofCallDriver
- IoCreateFile
- IoFreeIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- ObfDereferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwClose
- IoFileObjectType
- KeEnterCriticalRegion
- KeLeaveCriticalRegion
- PsTerminateSystemThread
- KeSetBasePriorityThread
- sprintf
- CmUnRegisterCallback
- CmRegisterCallbackEx
- CmCallbackGetKeyObjectID
- MmIsAddressValid
- strlen
- strncmp
- strncpy
- wcscat
- wcslen
- wcsncmp
- RtlInitAnsiString
- strcat
- strcmp
- strncat
- ExAllocatePoolWithTag
- ExAcquireSpinLockExclusive
- ExReleaseSpinLockExclusive
- wcscpy
- RtlAnsiStringToUnicodeString
- RtlFreeUnicodeString
- RtlCreateSecurityDescriptor
- RtlSetDaclSecurityDescriptor
- KeResetEvent
- KeInitializeTimerEx
- KeSetTimerEx
- PsCreateSystemThread
- ZwCreateKey
- ZwOpenKey
- ZwFlushKey
- ZwQueryValueKey
- ZwSetValueKey
- NtQueryInformationToken
- RtlLengthSid
- RtlConvertSidToUnicodeString
- RtlCreateAcl
- RtlAddAccessAllowedAce
- RtlSetOwnerSecurityDescriptor
- PsLookupProcessByProcessId
- ObOpenObjectByPointer
- ZwOpenProcessTokenEx
- ZwSetSecurityObject
- PsGetProcessImageFileName
- _allmul
- PsProcessType
- SeExports
- strchr
- strncpy_s
- MmProbeAndLockPages
- MmUnlockPages
- IoAllocateMdl
- IoFreeMdl
- IoReuseIrp
- IoAllocateIrp
- RtlUnwind
- KeWaitForSingleObject
- KeSetEvent
- KeInitializeEvent
- KeGetCurrentThread
- IoDeleteSymbolicLink
- KeBugCheckEx
- ExFreePoolWithTag
- RtlInitUnicodeString
- RtlCopyUnicodeString
- strcpy
- memset
- memcpy
- strstr
- WskDeregister
- WskReleaseProviderNPI
- WskCaptureProviderNPI
- WskRegister
- KeGetCurrentIrql
- WdfVersionBind
- WdfVersionBindClass
- WdfVersionUnbindClass
- WdfVersionUnbind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Signature": "0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "a0dd89c33c4973bf6758331e200fb6de",
"SHA1": "65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5",
"SHA256": "29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47",
"SHA384": "a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e"
},
"ValidFrom": "2020-12-15 22:15:33",
"ValidTo": "2021-12-02 22:15:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610baac1000000000009",
"Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"TBS": {
"MD5": "a569061297e8e824767dbc3184a69bea",
"SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
"SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
"SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
},
"ValidFrom": "2012-04-18 23:48:38",
"ValidTo": "2027-04-18 23:58:38",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 33000000b5213fca1e4aa03de40000000000b5
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a0dd89c33c4973bf6758331e200fb6de |
| ToBeSigned (TBS) SHA1 | 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5 |
| ToBeSigned (TBS) SHA256 | 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2020-12-15 22:15:33 |
| ValidTo | 2021-12-02 22:15:33 |
| Signature | 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000000b5213fca1e4aa03de40000000000b5 |
| Version | 3 |
Certificate 610baac1000000000009
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a569061297e8e824767dbc3184a69bea |
| ToBeSigned (TBS) SHA1 | adbb26a587a8f44b4fccaecb306f980d1c55a150 |
| ToBeSigned (TBS) SHA256 | cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012 |
| ValidFrom | 2012-04-18 23:48:38 |
| ValidTo | 2027-04-18 23:58:38 |
| Signature | 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 610baac1000000000009 |
| Version | 3 |
Imports
Expand
- fwpkclnt.sys
- ntoskrnl.exe
- NETIO.SYS
- WDFLDR.SYS
Imported Functions
Expand
- FwpmFilterAdd0
- FwpmFilterDeleteById0
- FwpsAcquireClassifyHandle0
- FwpmCalloutAdd0
- FwpsCompleteClassify0
- FwpsAcquireWritableLayerDataPointer0
- FwpsApplyModifiedLayerData0
- FwpmSubLayerDeleteByKey0
- FwpmSubLayerAdd0
- FwpmTransactionAbort0
- FwpmTransactionCommit0
- FwpmTransactionBegin0
- FwpmEngineClose0
- FwpmEngineOpen0
- FwpsCalloutUnregisterById0
- FwpsReleaseClassifyHandle0
- FwpsCalloutRegister1
- IoCreateFile
- IoFreeIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- ObfDereferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwClose
- IoFileObjectType
- KeEnterCriticalRegion
- KeLeaveCriticalRegion
- PsTerminateSystemThread
- KeSetBasePriorityThread
- sprintf
- CmUnRegisterCallback
- CmRegisterCallbackEx
- CmCallbackGetKeyObjectID
- MmIsAddressValid
- strlen
- strncmp
- strncpy
- wcscat
- wcslen
- wcsncmp
- RtlInitAnsiString
- strcat
- strcmp
- strncat
- IoAllocateIrp
- ExAcquireSpinLockExclusive
- ExReleaseSpinLockExclusive
- wcscpy
- RtlAnsiStringToUnicodeString
- RtlFreeUnicodeString
- RtlCreateSecurityDescriptor
- RtlSetDaclSecurityDescriptor
- KeResetEvent
- KeInitializeTimerEx
- KeSetTimerEx
- PsCreateSystemThread
- ZwCreateKey
- ZwOpenKey
- ZwFlushKey
- ZwQueryValueKey
- ZwSetValueKey
- NtQueryInformationToken
- RtlLengthSid
- RtlConvertSidToUnicodeString
- RtlCreateAcl
- RtlAddAccessAllowedAce
- RtlSetOwnerSecurityDescriptor
- PsLookupProcessByProcessId
- ObOpenObjectByPointer
- ZwOpenProcessTokenEx
- ZwSetSecurityObject
- PsGetProcessImageFileName
- PsProcessType
- SeExports
- strchr
- strncpy_s
- MmProbeAndLockPages
- MmUnlockPages
- IoAllocateMdl
- IoFreeMdl
- IoReuseIrp
- __C_specific_handler
- IofCallDriver
- ExAllocatePoolWithTag
- KeWaitForSingleObject
- KeSetEvent
- KeInitializeEvent
- IoDeleteSymbolicLink
- KeBugCheckEx
- RtlCopyUnicodeString
- ExFreePoolWithTag
- RtlInitUnicodeString
- strcpy
- strstr
- WskCaptureProviderNPI
- WskReleaseProviderNPI
- WskDeregister
- WskRegister
- WdfVersionBind
- WdfVersionBindClass
- WdfVersionUnbindClass
- WdfVersionUnbind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Signature": "0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "a0dd89c33c4973bf6758331e200fb6de",
"SHA1": "65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5",
"SHA256": "29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47",
"SHA384": "a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e"
},
"ValidFrom": "2020-12-15 22:15:33",
"ValidTo": "2021-12-02 22:15:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610baac1000000000009",
"Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"TBS": {
"MD5": "a569061297e8e824767dbc3184a69bea",
"SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
"SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
"SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
},
"ValidFrom": "2012-04-18 23:48:38",
"ValidTo": "2027-04-18 23:58:38",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Imports
Expand
- fwpkclnt.sys
- ntoskrnl.exe
- NETIO.SYS
- WDFLDR.SYS
Imported Functions
Expand
- FwpmFilterAdd0
- FwpmFilterDeleteById0
- FwpsAcquireClassifyHandle0
- FwpmCalloutAdd0
- FwpsCompleteClassify0
- FwpsAcquireWritableLayerDataPointer0
- FwpsApplyModifiedLayerData0
- FwpmSubLayerDeleteByKey0
- FwpmSubLayerAdd0
- FwpmTransactionAbort0
- FwpmTransactionCommit0
- FwpmTransactionBegin0
- FwpmEngineClose0
- FwpmEngineOpen0
- FwpsCalloutUnregisterById0
- FwpsReleaseClassifyHandle0
- FwpsCalloutRegister1
- IoCreateFile
- IoFreeIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- ObfDereferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwClose
- IoFileObjectType
- KeEnterCriticalRegion
- KeLeaveCriticalRegion
- PsTerminateSystemThread
- KeSetBasePriorityThread
- sprintf
- CmUnRegisterCallback
- CmRegisterCallbackEx
- CmCallbackGetKeyObjectID
- MmIsAddressValid
- strlen
- strncmp
- strncpy
- wcscat
- wcslen
- wcsncmp
- RtlInitAnsiString
- strcat
- strcmp
- strncat
- IoAllocateIrp
- ExAcquireSpinLockExclusive
- ExReleaseSpinLockExclusive
- wcscpy
- RtlAnsiStringToUnicodeString
- RtlFreeUnicodeString
- RtlCreateSecurityDescriptor
- RtlSetDaclSecurityDescriptor
- KeResetEvent
- KeInitializeTimerEx
- KeSetTimerEx
- PsCreateSystemThread
- ZwCreateKey
- ZwOpenKey
- ZwFlushKey
- ZwQueryValueKey
- ZwSetValueKey
- NtQueryInformationToken
- RtlLengthSid
- RtlConvertSidToUnicodeString
- RtlCreateAcl
- RtlAddAccessAllowedAce
- RtlSetOwnerSecurityDescriptor
- PsLookupProcessByProcessId
- ObOpenObjectByPointer
- ZwOpenProcessTokenEx
- ZwSetSecurityObject
- PsGetProcessImageFileName
- PsProcessType
- SeExports
- strchr
- strncpy_s
- MmProbeAndLockPages
- MmUnlockPages
- IoAllocateMdl
- IoFreeMdl
- IoReuseIrp
- __C_specific_handler
- IofCallDriver
- ExAllocatePoolWithTag
- KeWaitForSingleObject
- KeSetEvent
- KeInitializeEvent
- IoDeleteSymbolicLink
- KeBugCheckEx
- RtlCopyUnicodeString
- ExFreePoolWithTag
- RtlInitUnicodeString
- strcpy
- strstr
- WskCaptureProviderNPI
- WskReleaseProviderNPI
- WskDeregister
- WskRegister
- WdfVersionBind
- WdfVersionBindClass
- WdfVersionUnbindClass
- WdfVersionUnbind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Signature": "0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "a0dd89c33c4973bf6758331e200fb6de",
"SHA1": "65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5",
"SHA256": "29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47",
"SHA384": "a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e"
},
"ValidFrom": "2020-12-15 22:15:33",
"ValidTo": "2021-12-02 22:15:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610baac1000000000009",
"Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"TBS": {
"MD5": "a569061297e8e824767dbc3184a69bea",
"SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
"SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
"SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
},
"ValidFrom": "2012-04-18 23:48:38",
"ValidTo": "2027-04-18 23:58:38",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 33000000b5213fca1e4aa03de40000000000b5
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a0dd89c33c4973bf6758331e200fb6de |
| ToBeSigned (TBS) SHA1 | 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5 |
| ToBeSigned (TBS) SHA256 | 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2020-12-15 22:15:33 |
| ValidTo | 2021-12-02 22:15:33 |
| Signature | 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000000b5213fca1e4aa03de40000000000b5 |
| Version | 3 |
Certificate 610baac1000000000009
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a569061297e8e824767dbc3184a69bea |
| ToBeSigned (TBS) SHA1 | adbb26a587a8f44b4fccaecb306f980d1c55a150 |
| ToBeSigned (TBS) SHA256 | cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012 |
| ValidFrom | 2012-04-18 23:48:38 |
| ValidTo | 2027-04-18 23:58:38 |
| Signature | 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 610baac1000000000009 |
| Version | 3 |
Imports
Expand
- fwpkclnt.sys
- ntoskrnl.exe
- WDFLDR.SYS
Imported Functions
Expand
- FwpmTransactionCommit0
- FwpmTransactionAbort0
- FwpmSubLayerAdd0
- FwpmSubLayerDeleteByKey0
- FwpmCalloutAdd0
- FwpmTransactionBegin0
- FwpmFilterDeleteById0
- FwpmEngineClose0
- FwpmEngineOpen0
- FwpsCalloutUnregisterById0
- FwpmFilterAdd0
- FwpsCalloutRegister1
- ExAllocatePoolWithTag
- ExFreePoolWithTag
- KeSetEvent
- KeEnterCriticalRegion
- KeLeaveCriticalRegion
- PsTerminateSystemThread
- KeSetBasePriorityThread
- KeInitializeTimerEx
- KeSetTimerEx
- PsCreateSystemThread
- ZwCreateKey
- ZwFlushKey
- ZwSetValueKey
- MmIsAddressValid
- KeWaitForSingleObject
- KeBugCheckEx
- RtlCopyUnicodeString
- KeInitializeEvent
- IoDeleteSymbolicLink
- RtlInitUnicodeString
- ZwClose
- WdfVersionBind
- WdfVersionBindClass
- WdfVersionUnbindClass
- WdfVersionUnbind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Signature": "0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "a0dd89c33c4973bf6758331e200fb6de",
"SHA1": "65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5",
"SHA256": "29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47",
"SHA384": "a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e"
},
"ValidFrom": "2020-12-15 22:15:33",
"ValidTo": "2021-12-02 22:15:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610baac1000000000009",
"Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"TBS": {
"MD5": "a569061297e8e824767dbc3184a69bea",
"SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
"SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
"SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
},
"ValidFrom": "2012-04-18 23:48:38",
"ValidTo": "2027-04-18 23:58:38",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 33000000b5213fca1e4aa03de40000000000b5
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a0dd89c33c4973bf6758331e200fb6de |
| ToBeSigned (TBS) SHA1 | 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5 |
| ToBeSigned (TBS) SHA256 | 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2020-12-15 22:15:33 |
| ValidTo | 2021-12-02 22:15:33 |
| Signature | 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000000b5213fca1e4aa03de40000000000b5 |
| Version | 3 |
Certificate 610baac1000000000009
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a569061297e8e824767dbc3184a69bea |
| ToBeSigned (TBS) SHA1 | adbb26a587a8f44b4fccaecb306f980d1c55a150 |
| ToBeSigned (TBS) SHA256 | cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012 |
| ValidFrom | 2012-04-18 23:48:38 |
| ValidTo | 2027-04-18 23:58:38 |
| Signature | 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 610baac1000000000009 |
| Version | 3 |
Imports
Expand
- fwpkclnt.sys
- ntoskrnl.exe
- NETIO.SYS
- WDFLDR.SYS
Imported Functions
Expand
- FwpmFilterAdd0
- FwpmFilterDeleteById0
- FwpsAcquireClassifyHandle0
- FwpmCalloutAdd0
- FwpsCompleteClassify0
- FwpsAcquireWritableLayerDataPointer0
- FwpsApplyModifiedLayerData0
- FwpmSubLayerDeleteByKey0
- FwpmSubLayerAdd0
- FwpmTransactionAbort0
- FwpmTransactionCommit0
- FwpmTransactionBegin0
- FwpmEngineClose0
- FwpmEngineOpen0
- FwpsCalloutUnregisterById0
- FwpsReleaseClassifyHandle0
- FwpsCalloutRegister1
- KeInitializeEvent
- KeWaitForSingleObject
- IoAllocateIrp
- IofCallDriver
- IoCreateFile
- IoFreeIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- ObfDereferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwClose
- IoFileObjectType
- strchr
- strncat
- strncpy_s
- strstr
- KeResetEvent
- MmProbeAndLockPages
- MmUnlockPages
- IoAllocateMdl
- IoFreeMdl
- IoReuseIrp
- __C_specific_handler
- MmIsAddressValid
- sprintf
- KeEnterCriticalRegion
- KeLeaveCriticalRegion
- PsTerminateSystemThread
- KeSetBasePriorityThread
- CmUnRegisterCallback
- CmRegisterCallbackEx
- CmCallbackGetKeyObjectID
- strncmp
- strncpy
- wcsncmp
- ExAcquireSpinLockExclusive
- ExReleaseSpinLockExclusive
- RtlCreateSecurityDescriptor
- RtlSetDaclSecurityDescriptor
- KeInitializeTimerEx
- KeSetTimerEx
- PsCreateSystemThread
- ZwCreateKey
- ZwOpenKey
- ZwFlushKey
- ZwQueryValueKey
- ZwSetValueKey
- NtQueryInformationToken
- RtlLengthSid
- RtlConvertSidToUnicodeString
- RtlCreateAcl
- RtlAddAccessAllowedAce
- RtlSetOwnerSecurityDescriptor
- PsLookupProcessByProcessId
- ObOpenObjectByPointer
- ZwOpenProcessTokenEx
- ZwSetSecurityObject
- PsGetProcessImageFileName
- PsProcessType
- SeExports
- IoDeleteSymbolicLink
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- KeSetEvent
- RtlFreeUnicodeString
- KeBugCheckEx
- RtlCopyUnicodeString
- RtlAnsiStringToUnicodeString
- RtlInitUnicodeString
- RtlInitAnsiString
- WskCaptureProviderNPI
- WskReleaseProviderNPI
- WskDeregister
- WskRegister
- WdfVersionBind
- WdfVersionBindClass
- WdfVersionUnbindClass
- WdfVersionUnbind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Signature": "0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "a0dd89c33c4973bf6758331e200fb6de",
"SHA1": "65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5",
"SHA256": "29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47",
"SHA384": "a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e"
},
"ValidFrom": "2020-12-15 22:15:33",
"ValidTo": "2021-12-02 22:15:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610baac1000000000009",
"Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"TBS": {
"MD5": "a569061297e8e824767dbc3184a69bea",
"SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
"SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
"SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
},
"ValidFrom": "2012-04-18 23:48:38",
"ValidTo": "2027-04-18 23:58:38",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 33000000b5213fca1e4aa03de40000000000b5
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a0dd89c33c4973bf6758331e200fb6de |
| ToBeSigned (TBS) SHA1 | 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5 |
| ToBeSigned (TBS) SHA256 | 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2020-12-15 22:15:33 |
| ValidTo | 2021-12-02 22:15:33 |
| Signature | 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000000b5213fca1e4aa03de40000000000b5 |
| Version | 3 |
Certificate 610baac1000000000009
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a569061297e8e824767dbc3184a69bea |
| ToBeSigned (TBS) SHA1 | adbb26a587a8f44b4fccaecb306f980d1c55a150 |
| ToBeSigned (TBS) SHA256 | cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012 |
| ValidFrom | 2012-04-18 23:48:38 |
| ValidTo | 2027-04-18 23:58:38 |
| Signature | 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 610baac1000000000009 |
| Version | 3 |
Imports
Expand
- fwpkclnt.sys
- ntoskrnl.exe
- NETIO.SYS
- WDFLDR.SYS
Imported Functions
Expand
- FwpmFilterAdd0
- FwpmFilterDeleteById0
- FwpsAcquireClassifyHandle0
- FwpmCalloutAdd0
- FwpsCompleteClassify0
- FwpsAcquireWritableLayerDataPointer0
- FwpsApplyModifiedLayerData0
- FwpmSubLayerDeleteByKey0
- FwpmSubLayerAdd0
- FwpmTransactionAbort0
- FwpmTransactionCommit0
- FwpmTransactionBegin0
- FwpmEngineClose0
- FwpmEngineOpen0
- FwpsCalloutUnregisterById0
- FwpsReleaseClassifyHandle0
- FwpsCalloutRegister1
- IoCreateFile
- IoFreeIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- ObfDereferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwClose
- IoFileObjectType
- KeEnterCriticalRegion
- KeLeaveCriticalRegion
- PsTerminateSystemThread
- KeSetBasePriorityThread
- sprintf
- CmUnRegisterCallback
- CmRegisterCallbackEx
- CmCallbackGetKeyObjectID
- MmIsAddressValid
- strlen
- strncmp
- strncpy
- wcscat
- wcslen
- wcsncmp
- RtlInitAnsiString
- strcat
- strcmp
- strncat
- IoAllocateIrp
- ExAcquireSpinLockExclusive
- ExReleaseSpinLockExclusive
- wcscpy
- RtlAnsiStringToUnicodeString
- RtlFreeUnicodeString
- RtlCreateSecurityDescriptor
- RtlSetDaclSecurityDescriptor
- KeResetEvent
- KeInitializeTimerEx
- KeSetTimerEx
- PsCreateSystemThread
- ZwCreateKey
- ZwOpenKey
- ZwFlushKey
- ZwQueryValueKey
- ZwSetValueKey
- NtQueryInformationToken
- RtlLengthSid
- RtlConvertSidToUnicodeString
- RtlCreateAcl
- RtlAddAccessAllowedAce
- RtlSetOwnerSecurityDescriptor
- PsLookupProcessByProcessId
- ObOpenObjectByPointer
- ZwOpenProcessTokenEx
- ZwSetSecurityObject
- PsGetProcessImageFileName
- PsProcessType
- SeExports
- strchr
- strncpy_s
- MmProbeAndLockPages
- MmUnlockPages
- IoAllocateMdl
- IoFreeMdl
- IoReuseIrp
- __C_specific_handler
- IofCallDriver
- ExAllocatePoolWithTag
- KeWaitForSingleObject
- KeSetEvent
- KeInitializeEvent
- IoDeleteSymbolicLink
- KeBugCheckEx
- RtlCopyUnicodeString
- ExFreePoolWithTag
- RtlInitUnicodeString
- strcpy
- strstr
- WskCaptureProviderNPI
- WskReleaseProviderNPI
- WskDeregister
- WskRegister
- WdfVersionBind
- WdfVersionBindClass
- WdfVersionUnbindClass
- WdfVersionUnbind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Signature": "0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "a0dd89c33c4973bf6758331e200fb6de",
"SHA1": "65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5",
"SHA256": "29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47",
"SHA384": "a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e"
},
"ValidFrom": "2020-12-15 22:15:33",
"ValidTo": "2021-12-02 22:15:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610baac1000000000009",
"Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"TBS": {
"MD5": "a569061297e8e824767dbc3184a69bea",
"SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
"SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
"SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
},
"ValidFrom": "2012-04-18 23:48:38",
"ValidTo": "2027-04-18 23:58:38",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 33000000b5213fca1e4aa03de40000000000b5
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a0dd89c33c4973bf6758331e200fb6de |
| ToBeSigned (TBS) SHA1 | 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5 |
| ToBeSigned (TBS) SHA256 | 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2020-12-15 22:15:33 |
| ValidTo | 2021-12-02 22:15:33 |
| Signature | 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000000b5213fca1e4aa03de40000000000b5 |
| Version | 3 |
Certificate 610baac1000000000009
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a569061297e8e824767dbc3184a69bea |
| ToBeSigned (TBS) SHA1 | adbb26a587a8f44b4fccaecb306f980d1c55a150 |
| ToBeSigned (TBS) SHA256 | cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012 |
| ValidFrom | 2012-04-18 23:48:38 |
| ValidTo | 2027-04-18 23:58:38 |
| Signature | 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 610baac1000000000009 |
| Version | 3 |
Imports
Expand
- fwpkclnt.sys
- ntoskrnl.exe
- NETIO.SYS
- HAL.dll
- WDFLDR.SYS
Imported Functions
Expand
- FwpsAcquireClassifyHandle0
- FwpsReleaseClassifyHandle0
- FwpmFilterDeleteById0
- FwpsAcquireWritableLayerDataPointer0
- FwpsApplyModifiedLayerData0
- FwpmFilterAdd0
- FwpmCalloutAdd0
- FwpmSubLayerDeleteByKey0
- FwpmSubLayerAdd0
- FwpmTransactionAbort0
- FwpmTransactionCommit0
- FwpmTransactionBegin0
- FwpmEngineClose0
- FwpmEngineOpen0
- FwpsCalloutUnregisterById0
- FwpsCompleteClassify0
- FwpsCalloutRegister1
- KeGetCurrentThread
- KeInitializeEvent
- KeWaitForSingleObject
- IoAllocateIrp
- IofCallDriver
- IoCreateFile
- IoFreeIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- ObfDereferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwClose
- IoFileObjectType
- strchr
- strncat
- strncpy_s
- strstr
- KeResetEvent
- MmProbeAndLockPages
- MmUnlockPages
- IoAllocateMdl
- IoFreeMdl
- IoReuseIrp
- IoDeleteSymbolicLink
- sprintf
- KeEnterCriticalRegion
- KeLeaveCriticalRegion
- PsTerminateSystemThread
- KeSetBasePriorityThread
- CmUnRegisterCallback
- CmRegisterCallbackEx
- CmCallbackGetKeyObjectID
- strncmp
- strncpy
- wcsncmp
- ExAcquireSpinLockExclusive
- ExReleaseSpinLockExclusive
- RtlCreateSecurityDescriptor
- RtlSetDaclSecurityDescriptor
- KeInitializeTimerEx
- KeSetTimerEx
- PsCreateSystemThread
- ZwCreateKey
- ZwOpenKey
- ZwFlushKey
- ZwQueryValueKey
- ZwSetValueKey
- NtQueryInformationToken
- RtlLengthSid
- RtlConvertSidToUnicodeString
- RtlCreateAcl
- RtlAddAccessAllowedAce
- RtlSetOwnerSecurityDescriptor
- PsLookupProcessByProcessId
- ObOpenObjectByPointer
- ZwOpenProcessTokenEx
- ZwSetSecurityObject
- PsGetProcessImageFileName
- _allmul
- PsProcessType
- SeExports
- memcpy
- RtlUnwind
- memset
- MmIsAddressValid
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- KeSetEvent
- KeBugCheckEx
- RtlFreeUnicodeString
- RtlCopyUnicodeString
- RtlAnsiStringToUnicodeString
- RtlInitUnicodeString
- RtlInitAnsiString
- WskDeregister
- WskReleaseProviderNPI
- WskCaptureProviderNPI
- WskRegister
- KeGetCurrentIrql
- WdfVersionBind
- WdfVersionBindClass
- WdfVersionUnbindClass
- WdfVersionUnbind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Signature": "0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "a0dd89c33c4973bf6758331e200fb6de",
"SHA1": "65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5",
"SHA256": "29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47",
"SHA384": "a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e"
},
"ValidFrom": "2020-12-15 22:15:33",
"ValidTo": "2021-12-02 22:15:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610baac1000000000009",
"Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"TBS": {
"MD5": "a569061297e8e824767dbc3184a69bea",
"SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
"SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
"SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
},
"ValidFrom": "2012-04-18 23:48:38",
"ValidTo": "2027-04-18 23:58:38",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 33000000b5213fca1e4aa03de40000000000b5
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a0dd89c33c4973bf6758331e200fb6de |
| ToBeSigned (TBS) SHA1 | 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5 |
| ToBeSigned (TBS) SHA256 | 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2020-12-15 22:15:33 |
| ValidTo | 2021-12-02 22:15:33 |
| Signature | 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000000b5213fca1e4aa03de40000000000b5 |
| Version | 3 |
Certificate 610baac1000000000009
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a569061297e8e824767dbc3184a69bea |
| ToBeSigned (TBS) SHA1 | adbb26a587a8f44b4fccaecb306f980d1c55a150 |
| ToBeSigned (TBS) SHA256 | cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012 |
| ValidFrom | 2012-04-18 23:48:38 |
| ValidTo | 2027-04-18 23:58:38 |
| Signature | 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 610baac1000000000009 |
| Version | 3 |
Imports
Expand
- fwpkclnt.sys
- ntoskrnl.exe
- NETIO.SYS
- HAL.dll
- WDFLDR.SYS
Imported Functions
Expand
- FwpsAcquireClassifyHandle0
- FwpsReleaseClassifyHandle0
- FwpmFilterDeleteById0
- FwpsAcquireWritableLayerDataPointer0
- FwpsApplyModifiedLayerData0
- FwpmFilterAdd0
- FwpmCalloutAdd0
- FwpmSubLayerDeleteByKey0
- FwpmSubLayerAdd0
- FwpmTransactionAbort0
- FwpmTransactionCommit0
- FwpmTransactionBegin0
- FwpmEngineClose0
- FwpmEngineOpen0
- FwpsCalloutUnregisterById0
- FwpsCompleteClassify0
- FwpsCalloutRegister1
- IofCallDriver
- IoCreateFile
- IoFreeIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- ObfDereferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwClose
- IoFileObjectType
- KeEnterCriticalRegion
- KeLeaveCriticalRegion
- PsTerminateSystemThread
- KeSetBasePriorityThread
- sprintf
- CmUnRegisterCallback
- CmRegisterCallbackEx
- CmCallbackGetKeyObjectID
- MmIsAddressValid
- strlen
- strncmp
- strncpy
- wcscat
- wcslen
- wcsncmp
- RtlInitAnsiString
- strcat
- strcmp
- strncat
- ExAllocatePoolWithTag
- ExAcquireSpinLockExclusive
- ExReleaseSpinLockExclusive
- wcscpy
- RtlAnsiStringToUnicodeString
- RtlFreeUnicodeString
- RtlCreateSecurityDescriptor
- RtlSetDaclSecurityDescriptor
- KeResetEvent
- KeInitializeTimerEx
- KeSetTimerEx
- PsCreateSystemThread
- ZwCreateKey
- ZwOpenKey
- ZwFlushKey
- ZwQueryValueKey
- ZwSetValueKey
- NtQueryInformationToken
- RtlLengthSid
- RtlConvertSidToUnicodeString
- RtlCreateAcl
- RtlAddAccessAllowedAce
- RtlSetOwnerSecurityDescriptor
- PsLookupProcessByProcessId
- ObOpenObjectByPointer
- ZwOpenProcessTokenEx
- ZwSetSecurityObject
- PsGetProcessImageFileName
- _allmul
- PsProcessType
- SeExports
- strchr
- strncpy_s
- MmProbeAndLockPages
- MmUnlockPages
- IoAllocateMdl
- IoFreeMdl
- IoReuseIrp
- IoAllocateIrp
- RtlUnwind
- KeWaitForSingleObject
- KeSetEvent
- KeInitializeEvent
- KeGetCurrentThread
- IoDeleteSymbolicLink
- KeBugCheckEx
- ExFreePoolWithTag
- RtlInitUnicodeString
- RtlCopyUnicodeString
- strcpy
- memset
- memcpy
- strstr
- WskDeregister
- WskReleaseProviderNPI
- WskCaptureProviderNPI
- WskRegister
- KeGetCurrentIrql
- WdfVersionBind
- WdfVersionBindClass
- WdfVersionUnbindClass
- WdfVersionUnbind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Signature": "0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "a0dd89c33c4973bf6758331e200fb6de",
"SHA1": "65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5",
"SHA256": "29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47",
"SHA384": "a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e"
},
"ValidFrom": "2020-12-15 22:15:33",
"ValidTo": "2021-12-02 22:15:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610baac1000000000009",
"Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"TBS": {
"MD5": "a569061297e8e824767dbc3184a69bea",
"SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
"SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
"SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
},
"ValidFrom": "2012-04-18 23:48:38",
"ValidTo": "2027-04-18 23:58:38",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 09b92d7a420083c94eaf18145cfaedd1
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 62acdecc22447b159a7e2efb0350bd63 |
| ToBeSigned (TBS) SHA1 | ddd0bd1dded2c9189fc5b8563f8210deb83c590b |
| ToBeSigned (TBS) SHA256 | ae3a19b6b64e739d5d2abb0e1471874b7d8b6b1e3f1e38ed483166a664355a4e |
| Subject | ??=CN, ??=Shanghai, ??=Private Organization, serialNumber=9131010707118381X9, C=CN, ST=Shanghai, L=Shanghai, O=, CN= |
| ValidFrom | 2019-08-27 00:00:00 |
| ValidTo | 2022-08-19 12:00:00 |
| Signature | 3a72522da9ea787347ffe4ac96c364ffda35372ea83b3427ca0bb30d1478767ed738daaf84648998b3557ff959565e4000ffadb512d64361834b9ad550365a25a69f95ef9e7a4a38294ae14e9edd1724230f84b35deb1cedb5dc3f53d80ddfe9488df913ce93bf1a3989c325424bc35b601a0e85af646c3d764688e1922ba094b4c0e1de92186f4a0d0c1cad81673f9fca92b58e180101d9215fae80d2d42fe02c20fb1602a1cb72ec472d1d4725f1de0f76849cbd02cb7397920c623dbdebe4ea5d94b273ca1180cc5f29b45cc7c064a1bb7fa22f2d8e8e43d85c5e716481cb7beea87bb70eb5672220cec0ba61f08cbffb48114e48c11b1cdc3a13de5d221a |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 09b92d7a420083c94eaf18145cfaedd1 |
| Version | 3 |
Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | f92649915476229b093c211c2b18e6c4 |
| ToBeSigned (TBS) SHA1 | 2d54c16a8f8b69ccdea48d0603c132f547a5cf75 |
| ToBeSigned (TBS) SHA256 | 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA |
| ValidFrom | 2012-04-18 12:00:00 |
| ValidTo | 2027-04-18 12:00:00 |
| Signature | 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 0dd0e3374ac95bdbfa6b434b2a48ec06 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- MmUnmapLockedPages
- KeClearEvent
- IoDeleteSymbolicLink
- ExFreePoolWithTag
- IoRegisterPlugPlayNotification
- KeReadStateEvent
- MmMapLockedPages
- RtlInitUnicodeString
- IoDeleteDevice
- KeSetEvent
- KeInitializeEvent
- KeReleaseSpinLock
- IoDetachDevice
- MmBuildMdlForNonPagedPool
- IoFreeMdl
- IoCancelIrp
- KeDelayExecutionThread
- ObQueryNameString
- IoDriverObjectType
- wcsstr
- MmMapLockedPagesSpecifyCache
- ExInterlockedInsertHeadList
- ExAllocatePool
- ExInterlockedInsertTailList
- PoStartNextPowerIrp
- IoUnregisterPlugPlayNotification
- IofCompleteRequest
- ObReferenceObjectByHandle
- IoAttachDeviceToDeviceStack
- PoCallDriver
- ExInterlockedRemoveHeadList
- IoCreateSymbolicLink
- ObfDereferenceObject
- ObReferenceObjectByName
- IoCreateDevice
- DbgPrint
- IoAllocateMdl
- IofCallDriver
- KeAcquireSpinLockRaiseToDpc
- KeBugCheckEx
- __C_specific_handler
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Signature": "0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "a0dd89c33c4973bf6758331e200fb6de",
"SHA1": "65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5",
"SHA256": "29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47",
"SHA384": "a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e"
},
"ValidFrom": "2020-12-15 22:15:33",
"ValidTo": "2021-12-02 22:15:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610baac1000000000009",
"Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"TBS": {
"MD5": "a569061297e8e824767dbc3184a69bea",
"SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
"SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
"SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
},
"ValidFrom": "2012-04-18 23:48:38",
"ValidTo": "2027-04-18 23:58:38",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Imports
Expand
- fwpkclnt.sys
- ntoskrnl.exe
- NETIO.SYS
- WDFLDR.SYS
Imported Functions
Expand
- FwpmFilterAdd0
- FwpmFilterDeleteById0
- FwpsAcquireClassifyHandle0
- FwpmCalloutAdd0
- FwpsCompleteClassify0
- FwpsAcquireWritableLayerDataPointer0
- FwpsApplyModifiedLayerData0
- FwpmSubLayerDeleteByKey0
- FwpmSubLayerAdd0
- FwpmTransactionAbort0
- FwpmTransactionCommit0
- FwpmTransactionBegin0
- FwpmEngineClose0
- FwpmEngineOpen0
- FwpsCalloutUnregisterById0
- FwpsReleaseClassifyHandle0
- FwpsCalloutRegister1
- IoCreateFile
- IoFreeIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- ObfDereferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwClose
- IoFileObjectType
- KeEnterCriticalRegion
- KeLeaveCriticalRegion
- PsTerminateSystemThread
- KeSetBasePriorityThread
- sprintf
- CmUnRegisterCallback
- CmRegisterCallbackEx
- CmCallbackGetKeyObjectID
- MmIsAddressValid
- strlen
- strncmp
- strncpy
- wcscat
- wcslen
- wcsncmp
- RtlInitAnsiString
- strcat
- strcmp
- strncat
- IoAllocateIrp
- ExAcquireSpinLockExclusive
- ExReleaseSpinLockExclusive
- wcscpy
- RtlAnsiStringToUnicodeString
- RtlFreeUnicodeString
- RtlCreateSecurityDescriptor
- RtlSetDaclSecurityDescriptor
- KeResetEvent
- KeInitializeTimerEx
- KeSetTimerEx
- PsCreateSystemThread
- ZwCreateKey
- ZwOpenKey
- ZwFlushKey
- ZwQueryValueKey
- ZwSetValueKey
- NtQueryInformationToken
- RtlLengthSid
- RtlConvertSidToUnicodeString
- RtlCreateAcl
- RtlAddAccessAllowedAce
- RtlSetOwnerSecurityDescriptor
- PsLookupProcessByProcessId
- ObOpenObjectByPointer
- ZwOpenProcessTokenEx
- ZwSetSecurityObject
- PsGetProcessImageFileName
- PsProcessType
- SeExports
- strchr
- strncpy_s
- MmProbeAndLockPages
- MmUnlockPages
- IoAllocateMdl
- IoFreeMdl
- IoReuseIrp
- __C_specific_handler
- IofCallDriver
- ExAllocatePoolWithTag
- KeWaitForSingleObject
- KeSetEvent
- KeInitializeEvent
- IoDeleteSymbolicLink
- KeBugCheckEx
- RtlCopyUnicodeString
- ExFreePoolWithTag
- RtlInitUnicodeString
- strcpy
- strstr
- WskCaptureProviderNPI
- WskReleaseProviderNPI
- WskDeregister
- WskRegister
- WdfVersionBind
- WdfVersionBindClass
- WdfVersionUnbindClass
- WdfVersionUnbind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Signature": "0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "a0dd89c33c4973bf6758331e200fb6de",
"SHA1": "65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5",
"SHA256": "29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47",
"SHA384": "a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e"
},
"ValidFrom": "2020-12-15 22:15:33",
"ValidTo": "2021-12-02 22:15:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610baac1000000000009",
"Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"TBS": {
"MD5": "a569061297e8e824767dbc3184a69bea",
"SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
"SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
"SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
},
"ValidFrom": "2012-04-18 23:48:38",
"ValidTo": "2027-04-18 23:58:38",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 33000000b5213fca1e4aa03de40000000000b5
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a0dd89c33c4973bf6758331e200fb6de |
| ToBeSigned (TBS) SHA1 | 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5 |
| ToBeSigned (TBS) SHA256 | 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2020-12-15 22:15:33 |
| ValidTo | 2021-12-02 22:15:33 |
| Signature | 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000000b5213fca1e4aa03de40000000000b5 |
| Version | 3 |
Certificate 610baac1000000000009
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a569061297e8e824767dbc3184a69bea |
| ToBeSigned (TBS) SHA1 | adbb26a587a8f44b4fccaecb306f980d1c55a150 |
| ToBeSigned (TBS) SHA256 | cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012 |
| ValidFrom | 2012-04-18 23:48:38 |
| ValidTo | 2027-04-18 23:58:38 |
| Signature | 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 610baac1000000000009 |
| Version | 3 |
Imports
Expand
- fwpkclnt.sys
- ntoskrnl.exe
- NETIO.SYS
- WDFLDR.SYS
Imported Functions
Expand
- FwpmFilterAdd0
- FwpmFilterDeleteById0
- FwpsAcquireClassifyHandle0
- FwpmCalloutAdd0
- FwpsCompleteClassify0
- FwpsAcquireWritableLayerDataPointer0
- FwpsApplyModifiedLayerData0
- FwpmSubLayerDeleteByKey0
- FwpmSubLayerAdd0
- FwpmTransactionAbort0
- FwpmTransactionCommit0
- FwpmTransactionBegin0
- FwpmEngineClose0
- FwpmEngineOpen0
- FwpsCalloutUnregisterById0
- FwpsReleaseClassifyHandle0
- FwpsCalloutRegister1
- IoCreateFile
- IoFreeIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- ObfDereferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwClose
- IoFileObjectType
- KeEnterCriticalRegion
- KeLeaveCriticalRegion
- PsTerminateSystemThread
- KeSetBasePriorityThread
- sprintf
- CmUnRegisterCallback
- CmRegisterCallbackEx
- CmCallbackGetKeyObjectID
- MmIsAddressValid
- strlen
- strncmp
- strncpy
- wcscat
- wcslen
- wcsncmp
- RtlInitAnsiString
- strcat
- strcmp
- strncat
- IoAllocateIrp
- ExAcquireSpinLockExclusive
- ExReleaseSpinLockExclusive
- wcscpy
- RtlAnsiStringToUnicodeString
- RtlFreeUnicodeString
- RtlCreateSecurityDescriptor
- RtlSetDaclSecurityDescriptor
- KeResetEvent
- KeInitializeTimerEx
- KeSetTimerEx
- PsCreateSystemThread
- ZwCreateKey
- ZwOpenKey
- ZwFlushKey
- ZwQueryValueKey
- ZwSetValueKey
- NtQueryInformationToken
- RtlLengthSid
- RtlConvertSidToUnicodeString
- RtlCreateAcl
- RtlAddAccessAllowedAce
- RtlSetOwnerSecurityDescriptor
- PsLookupProcessByProcessId
- ObOpenObjectByPointer
- ZwOpenProcessTokenEx
- ZwSetSecurityObject
- PsGetProcessImageFileName
- PsProcessType
- SeExports
- strchr
- strncpy_s
- MmProbeAndLockPages
- MmUnlockPages
- IoAllocateMdl
- IoFreeMdl
- IoReuseIrp
- __C_specific_handler
- IofCallDriver
- ExAllocatePoolWithTag
- KeWaitForSingleObject
- KeSetEvent
- KeInitializeEvent
- IoDeleteSymbolicLink
- KeBugCheckEx
- RtlCopyUnicodeString
- ExFreePoolWithTag
- RtlInitUnicodeString
- strcpy
- strstr
- WskCaptureProviderNPI
- WskReleaseProviderNPI
- WskDeregister
- WskRegister
- WdfVersionBind
- WdfVersionBindClass
- WdfVersionUnbindClass
- WdfVersionUnbind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Signature": "0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "a0dd89c33c4973bf6758331e200fb6de",
"SHA1": "65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5",
"SHA256": "29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47",
"SHA384": "a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e"
},
"ValidFrom": "2020-12-15 22:15:33",
"ValidTo": "2021-12-02 22:15:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610baac1000000000009",
"Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"TBS": {
"MD5": "a569061297e8e824767dbc3184a69bea",
"SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
"SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
"SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
},
"ValidFrom": "2012-04-18 23:48:38",
"ValidTo": "2027-04-18 23:58:38",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 33000000b5213fca1e4aa03de40000000000b5
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a0dd89c33c4973bf6758331e200fb6de |
| ToBeSigned (TBS) SHA1 | 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5 |
| ToBeSigned (TBS) SHA256 | 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2020-12-15 22:15:33 |
| ValidTo | 2021-12-02 22:15:33 |
| Signature | 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000000b5213fca1e4aa03de40000000000b5 |
| Version | 3 |
Certificate 610baac1000000000009
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a569061297e8e824767dbc3184a69bea |
| ToBeSigned (TBS) SHA1 | adbb26a587a8f44b4fccaecb306f980d1c55a150 |
| ToBeSigned (TBS) SHA256 | cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012 |
| ValidFrom | 2012-04-18 23:48:38 |
| ValidTo | 2027-04-18 23:58:38 |
| Signature | 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 610baac1000000000009 |
| Version | 3 |
Imports
Expand
- fwpkclnt.sys
- ntoskrnl.exe
- NETIO.SYS
- HAL.dll
- WDFLDR.SYS
Imported Functions
Expand
- FwpsAcquireClassifyHandle0
- FwpsReleaseClassifyHandle0
- FwpmFilterDeleteById0
- FwpsAcquireWritableLayerDataPointer0
- FwpsApplyModifiedLayerData0
- FwpmFilterAdd0
- FwpmCalloutAdd0
- FwpmSubLayerDeleteByKey0
- FwpmSubLayerAdd0
- FwpmTransactionAbort0
- FwpmTransactionCommit0
- FwpmTransactionBegin0
- FwpmEngineClose0
- FwpmEngineOpen0
- FwpsCalloutUnregisterById0
- FwpsCompleteClassify0
- FwpsCalloutRegister1
- memcpy
- KeGetCurrentThread
- KeInitializeEvent
- KeWaitForSingleObject
- IoAllocateIrp
- IofCallDriver
- IoCreateFile
- IoFreeIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- ObfDereferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwClose
- IoFileObjectType
- strchr
- strncat
- strncpy_s
- KeResetEvent
- MmProbeAndLockPages
- MmUnlockPages
- IoAllocateMdl
- IoFreeMdl
- IoReuseIrp
- memset
- sprintf
- KeEnterCriticalRegion
- KeLeaveCriticalRegion
- PsTerminateSystemThread
- KeSetBasePriorityThread
- CmUnRegisterCallback
- CmRegisterCallbackEx
- CmCallbackGetKeyObjectID
- strncmp
- strncpy
- wcsncmp
- ExAcquireSpinLockExclusive
- ExReleaseSpinLockExclusive
- RtlCreateSecurityDescriptor
- RtlSetDaclSecurityDescriptor
- KeInitializeTimerEx
- KeSetTimerEx
- PsCreateSystemThread
- ZwCreateKey
- ZwOpenKey
- ZwFlushKey
- ZwQueryValueKey
- ZwSetValueKey
- NtQueryInformationToken
- RtlLengthSid
- RtlConvertSidToUnicodeString
- RtlCreateAcl
- RtlAddAccessAllowedAce
- RtlSetOwnerSecurityDescriptor
- PsLookupProcessByProcessId
- ObOpenObjectByPointer
- ZwOpenProcessTokenEx
- ZwSetSecurityObject
- PsGetProcessImageFileName
- _allmul
- PsProcessType
- SeExports
- IoDeleteSymbolicLink
- RtlUnwind
- MmIsAddressValid
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- KeSetEvent
- RtlFreeUnicodeString
- KeBugCheckEx
- RtlAnsiStringToUnicodeString
- RtlCopyUnicodeString
- RtlInitUnicodeString
- RtlInitAnsiString
- strstr
- WskDeregister
- WskReleaseProviderNPI
- WskCaptureProviderNPI
- WskRegister
- KeGetCurrentIrql
- WdfVersionBind
- WdfVersionBindClass
- WdfVersionUnbindClass
- WdfVersionUnbind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Signature": "0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "a0dd89c33c4973bf6758331e200fb6de",
"SHA1": "65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5",
"SHA256": "29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47",
"SHA384": "a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e"
},
"ValidFrom": "2020-12-15 22:15:33",
"ValidTo": "2021-12-02 22:15:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610baac1000000000009",
"Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"TBS": {
"MD5": "a569061297e8e824767dbc3184a69bea",
"SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
"SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
"SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
},
"ValidFrom": "2012-04-18 23:48:38",
"ValidTo": "2027-04-18 23:58:38",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 33000000b5213fca1e4aa03de40000000000b5
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a0dd89c33c4973bf6758331e200fb6de |
| ToBeSigned (TBS) SHA1 | 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5 |
| ToBeSigned (TBS) SHA256 | 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2020-12-15 22:15:33 |
| ValidTo | 2021-12-02 22:15:33 |
| Signature | 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000000b5213fca1e4aa03de40000000000b5 |
| Version | 3 |
Certificate 610baac1000000000009
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a569061297e8e824767dbc3184a69bea |
| ToBeSigned (TBS) SHA1 | adbb26a587a8f44b4fccaecb306f980d1c55a150 |
| ToBeSigned (TBS) SHA256 | cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012 |
| ValidFrom | 2012-04-18 23:48:38 |
| ValidTo | 2027-04-18 23:58:38 |
| Signature | 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 610baac1000000000009 |
| Version | 3 |
Imports
Expand
- fwpkclnt.sys
- ntoskrnl.exe
- NETIO.SYS
- HAL.dll
- WDFLDR.SYS
Imported Functions
Expand
- FwpsAcquireClassifyHandle0
- FwpsReleaseClassifyHandle0
- FwpmFilterDeleteById0
- FwpsAcquireWritableLayerDataPointer0
- FwpsApplyModifiedLayerData0
- FwpmFilterAdd0
- FwpmCalloutAdd0
- FwpmSubLayerDeleteByKey0
- FwpmSubLayerAdd0
- FwpmTransactionAbort0
- FwpmTransactionCommit0
- FwpmTransactionBegin0
- FwpmEngineClose0
- FwpmEngineOpen0
- FwpsCalloutUnregisterById0
- FwpsCompleteClassify0
- FwpsCalloutRegister1
- IofCallDriver
- IoCreateFile
- IoFreeIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- ObfDereferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwClose
- IoFileObjectType
- KeEnterCriticalRegion
- KeLeaveCriticalRegion
- PsTerminateSystemThread
- KeSetBasePriorityThread
- sprintf
- CmUnRegisterCallback
- CmRegisterCallbackEx
- CmCallbackGetKeyObjectID
- MmIsAddressValid
- strlen
- strncmp
- strncpy
- wcscat
- wcslen
- wcsncmp
- RtlInitAnsiString
- strcat
- strcmp
- strncat
- ExAllocatePoolWithTag
- ExAcquireSpinLockExclusive
- ExReleaseSpinLockExclusive
- wcscpy
- RtlAnsiStringToUnicodeString
- RtlFreeUnicodeString
- RtlCreateSecurityDescriptor
- RtlSetDaclSecurityDescriptor
- KeResetEvent
- KeInitializeTimerEx
- KeSetTimerEx
- PsCreateSystemThread
- ZwCreateKey
- ZwOpenKey
- ZwFlushKey
- ZwQueryValueKey
- ZwSetValueKey
- NtQueryInformationToken
- RtlLengthSid
- RtlConvertSidToUnicodeString
- RtlCreateAcl
- RtlAddAccessAllowedAce
- RtlSetOwnerSecurityDescriptor
- PsLookupProcessByProcessId
- ObOpenObjectByPointer
- ZwOpenProcessTokenEx
- ZwSetSecurityObject
- PsGetProcessImageFileName
- _allmul
- PsProcessType
- SeExports
- strchr
- strncpy_s
- MmProbeAndLockPages
- MmUnlockPages
- IoAllocateMdl
- IoFreeMdl
- IoReuseIrp
- IoAllocateIrp
- RtlUnwind
- KeWaitForSingleObject
- KeSetEvent
- KeInitializeEvent
- KeGetCurrentThread
- IoDeleteSymbolicLink
- KeBugCheckEx
- ExFreePoolWithTag
- RtlInitUnicodeString
- RtlCopyUnicodeString
- strcpy
- memset
- memcpy
- strstr
- WskDeregister
- WskReleaseProviderNPI
- WskCaptureProviderNPI
- WskRegister
- KeGetCurrentIrql
- WdfVersionBind
- WdfVersionBindClass
- WdfVersionUnbindClass
- WdfVersionUnbind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Signature": "0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "a0dd89c33c4973bf6758331e200fb6de",
"SHA1": "65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5",
"SHA256": "29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47",
"SHA384": "a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e"
},
"ValidFrom": "2020-12-15 22:15:33",
"ValidTo": "2021-12-02 22:15:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610baac1000000000009",
"Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"TBS": {
"MD5": "a569061297e8e824767dbc3184a69bea",
"SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
"SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
"SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
},
"ValidFrom": "2012-04-18 23:48:38",
"ValidTo": "2027-04-18 23:58:38",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
"SerialNumber": "33000000b5213fca1e4aa03de40000000000b5",
"Version": 1
}
],
"SignerInfo": ""
}
source
last_updated: 2024-04-09
