0567c6c4-282f-406f-9369-7f876b899c25

procexp.Sys :inline

Description

procexp.Sys is a vulnerable driver and more information will be added as found.

  • UUID: 0567c6c4-282f-406f-9369-7f876b899c25
  • Created: 2023-05-06
  • Author: Nasreddine Bencherchali
  • Acknowledgement: |

Download

This download link contains the vulnerable driver!

Commands

sc.exe create procexp.sys binPath=C:\windows\temp\procexp.Sys type=kernel && sc.exe start procexp.Sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • Internal Research
  • https://malware.news/t/lazarus-group-attack-case-using-vulnerability-of-certificate-software-commonly-used-by-public-institutions-and-universities/67715
  • https://waawaa.github.io/en/Bypass-PPL-Using-Process-Explorer/
  • https://github.com/magicsword-io/LOLDrivers/issues/57
  • https://github.com/elastic/protections-artifacts/search?q=VulnDriver
  • https://github.com/Yaxser/Backstab/blob/master/resources/PROCEXP.sys
  • https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/
  • https://github.com/magicsword-io/LOLDrivers/issues/55#issuecomment-1537161951

  • Known Vulnerable Samples

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2020-04-27 01:35:06
    MD5e6cb1728c50bd020e531d19a14904e1c
    SHA12dd916cb8a9973b5890829361c1f9c0d532ba5d6
    SHA256075de997497262a9d105afeadaaefc6348b25ce0e0126505c24aa9396c251e85
    Authentihash MD5fe54aac5dfae8729c48361d2ea4f7271
    Authentihash SHA12a4e81a1d23e3b7d9c14b6fbc393ecfad5f34133
    Authentihash SHA256c5732937c3ab5e0fd244cc1b820eaa1fb7d97110c213cd6b9dadebafe3ea853d
    RichPEHeaderHash MD5420860e9f312122cbc3065cd4c79b0b8
    RichPEHeaderHash SHA1c4291fc018995b5847a846335c233b91b40f94a0
    RichPEHeaderHash SHA256931eddc74e60814089c8a5da745e1e2fbf6ddd99781ee273379c6debdb9a3ba7
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 330000009484c47568579aafe9000000000094
    FieldValue
    ToBeSigned (TBS) MD5b46a69db7e461e55282dc24dc594e5d6
    ToBeSigned (TBS) SHA13b19241d555a74781e2b63a7c14ad12b1ec68205
    ToBeSigned (TBS) SHA2562a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2020-03-04 19:12:18
    ValidTo2021-03-03 19:12:18
    Signature36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber330000009484c47568579aafe9000000000094
    Version3
    Certificate 610baac1000000000009
    FieldValue
    ToBeSigned (TBS) MD5a569061297e8e824767dbc3184a69bea
    ToBeSigned (TBS) SHA1adbb26a587a8f44b4fccaecb306f980d1c55a150
    ToBeSigned (TBS) SHA256cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
    ValidFrom2012-04-18 23:48:38
    ValidTo2027-04-18 23:58:38
    Signature5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber610baac1000000000009
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strncpy
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • PsGetVersion
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • RtlFreeUnicodeString
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2021-06-01 08:24:35
    MD5fea9319d67177ed6f36438d2bd9392fb
    SHA1db6170ee2ee0a3292deceb2fc88ef26d938ebf2d
    SHA25616a2e578bc8683f17a175480fea4f53c838cfae965f1d4caa47eaf9e0b3415c1
    Authentihash MD5fbc316e1e634e967c5413a200cde7ad6
    Authentihash SHA1a1dd17b946ade947b621e9fec4fe7ad0835f0ac9
    Authentihash SHA2564533a11f4f190354b749f2842b57233e5e9e8b37fa4031bcb976118cff902101
    RichPEHeaderHash MD5b9d3f09e377f3b150f32d6ebfb37c19c
    RichPEHeaderHash SHA137b54bd186c5e76895c75551721d5f8432fb5d72
    RichPEHeaderHash SHA2567f2c741567540cfb1a1f6e79392080387d55b9cb524c21f80c1bf2dc75992c84
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 33000000b20f9ad86794f322f60000000000b2
    FieldValue
    ToBeSigned (TBS) MD5b9dc0ff1a60c3aba24a78d505955bf39
    ToBeSigned (TBS) SHA115a5da2c8aa2955af75615009d249071f91fd252
    ToBeSigned (TBS) SHA256ba7853f855ba7bc325287c11f5f7b20e013716affad372440feb2c3cf02f0bc5
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2020-12-15 22:15:30
    ValidTo2021-12-02 22:15:30
    Signature199acc6a8717c0db5b4b2312dccd8bb1e33ef492731fb8e1d60bd6f690de074b6d92293c8260012dcacc668a68f10e726a37d2ff7ee66b1eea424f56f104249bd6d7e7eba8c1745f4f1143bac7e648e48c1b2a1adf6954b5de1669df19c4be5633b791b7a3cba23641006fd58ac2d494a1d00dadbc3b3fe50a7ad0163cb386693824106b5dd9f9b8a579e45f5c5f8804832b8a773701e0ca31dee9a012fce5911492de93beea44a3822f7a83c448a484eeb937a4fa7f4067879b910e534c966d2650bd5c93f066656aa0f4c7c318161d4a8b367056df42af60a0aad0eb2de3bb47b96b948f2c849f330cfef599f1775bb6d41cf150decb40a83d5800727d977e
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber33000000b20f9ad86794f322f60000000000b2
    Version3
    Certificate 610baac1000000000009
    FieldValue
    ToBeSigned (TBS) MD5a569061297e8e824767dbc3184a69bea
    ToBeSigned (TBS) SHA1adbb26a587a8f44b4fccaecb306f980d1c55a150
    ToBeSigned (TBS) SHA256cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
    ValidFrom2012-04-18 23:48:38
    ValidTo2027-04-18 23:58:38
    Signature5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber610baac1000000000009
    Version3

    Imports

    Expand
    • HAL.dll
    • ntoskrnl.exe

    Imported Functions

    Expand
    • KfRaiseIrql
    • KfLowerIrql
    • strncpy
    • RtlInitUnicodeString
    • MmGetSystemRoutineAddress
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • PsGetVersion
    • IofCompleteRequest
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObCloseHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2010-04-15 03:23:35
    MD5eeb8e039f6d942538eb4b0252117899a
    SHA1bebf97411946749b9050989d9c40352dbe8269ea
    SHA2561b00d6e5d40b1b84ca63da0e99246574cdd2a533122bc83746f06c0d66e63a6e
    Authentihash MD5750ecd21c673a6fda9199887013d3751
    Authentihash SHA182d3299c06b944895385fd2f3d9d18391273019d
    Authentihash SHA2568e38148ad4ed9946e8600b37f63996bf17c0101e3f50123b3b8513c895a4b521
    RichPEHeaderHash MD539a696a518c3b3d973af323b4a784aa5
    RichPEHeaderHash SHA182644e6d5011a7d16fc45795e5476d1a11fd42b3
    RichPEHeaderHash SHA256701cabcf5d588fd9a68480eb11798221b29fdb9be68cb9f919041e1af88534a8
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 4112e632c7b18a029a3a1fac803ab89f
    FieldValue
    ToBeSigned (TBS) MD555a4c08c9404782113330a8cd169ed20
    ToBeSigned (TBS) SHA174807ba52ae6108b0fbac5031090b3295b2c3bba
    ToBeSigned (TBS) SHA2563fe3c656e859492b0d4bb2c4c2020ae816340f985e054239d3342ffb93269b16
    SubjectC=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
    ValidFrom2010-03-04 00:00:00
    ValidTo2013-04-18 23:59:59
    Signature699b1e86265a9879a822a8a6699a8c10445951bf2b4f573e73a1d61d4cb8279a8069fc69f009280908b49182f4701c7928c3c2b6d586365f50278ef35f08b6cdf8208a12e1ac531ef354a0ccd6e3e3f2f46cb624ad8e38a40143793950d6c4da6a9aeb3420d16f7edbf1e9394464e64dd68c3a227dc7e39217e3539b630ab82a9ffed252b8a89d32c2d373e53bbfc4d7110f58a7a8fb88fdb9d918251ad2a6e1315725007597a4492ee39b513e0dde05fe421fe4ef18cf7b86f5165ae71a6fe40948f0fa39e3a9d681be276f20295d2132e53043f5db8a1ed02ebbf7f32b574e95cb607aafac1ba41c77151ade1984532df7ac190fb57e17f730a197050c0e32
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber4112e632c7b18a029a3a1fac803ab89f
    Version3
    Certificate 655226e1b22e18e1590f2985ac22e75c
    FieldValue
    ToBeSigned (TBS) MD5650704c342850095f3288eaf791147d4
    ToBeSigned (TBS) SHA14cdc38c800761463749c3cbd94a12f32e49877bf
    ToBeSigned (TBS) SHA25607b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2 CA
    ValidFrom2009-05-21 00:00:00
    ValidTo2019-05-20 23:59:59
    Signature8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber655226e1b22e18e1590f2985ac22e75c
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • ObQueryNameString
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • ZwQueryObject
    • KeDetachProcess
    • ObReferenceObjectByHandle
    • KeAttachProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • ZwClose
    • ZwDuplicateObject
    • ZwOpenProcess
    • ZwQuerySystemInformation
    • MmIsAddressValid
    • memset
    • ObOpenObjectByPointer
    • RtlUnicodeStringToAnsiString
    • NtClose
    • ZwOpenProcessToken
    • memcpy
    • IofCompleteRequest
    • SeReleaseSubjectContext
    • SePrivilegeCheck
    • ExGetPreviousMode
    • SeCaptureSubjectContext
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • RtlInitUnicodeString
    • IoCreateSymbolicLink
    • IoCreateDevice
    • NtBuildNumber
    • KeTickCount
    • KeBugCheckEx
    • strncpy
    • ZwQueryInformationProcess
    • RtlFreeAnsiString
    • RtlUnwind
    • KfLowerIrql
    • KfRaiseIrql

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2008-11-03 14:19:45
    MD5c56a9ed0192c5a2b39691e54f2132a2f
    SHA19099482b26e9ba8e1d303418afc9111a3bffd6b3
    SHA25630abc0cc700fdebc74e62d574addc08f6227f9c7177d9eaa8cbc37d5c017c9bb
    Authentihash MD5eb6ceb9aa0eaedee2d112b167908e871
    Authentihash SHA14d68ec346d13359525da958af0fada57bc9ff35a
    Authentihash SHA2567a4e4ee169fe0f1f079e5f5c1da38ea70fe717e728faf054deb180f9e37fe574
    RichPEHeaderHash MD53ea5cd355cba9d9928873cdba35d4bcc
    RichPEHeaderHash SHA1b7e9df380d50227614a9745068a6b50c798b66f9
    RichPEHeaderHash SHA256b3da31bed27ae39b6fd4b9152315a2a81e444cdb54edb34eb6a583538717a4a1
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 4191a15a3978dfcf496566381d4c75c2
    FieldValue
    ToBeSigned (TBS) MD541011f8d0e7c7a6408334ca387914c61
    ToBeSigned (TBS) SHA1c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
    ToBeSigned (TBS) SHA25688dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
    ValidFrom2004-07-16 00:00:00
    ValidTo2014-07-15 23:59:59
    Signatureae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber4191a15a3978dfcf496566381d4c75c2
    Version3
    Certificate 7d2c89d309e57beef2d791bb8ed6a26f
    FieldValue
    ToBeSigned (TBS) MD5ae18dfd140f9414eadf1f611ec1b84b7
    ToBeSigned (TBS) SHA19aecb2568e995d5965e49acf3ff247bc3d1ab99c
    ToBeSigned (TBS) SHA256f14ce5fe5f508ced18d652e8211edb00c1c773899d03d18dec932df9c54f0a86
    SubjectC=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
    ValidFrom2007-03-05 00:00:00
    ValidTo2010-04-19 23:59:59
    Signaturea1ce9df2911dc8d72282d3c41cc94a5ec63e00dbdf60015908bc703678b1a68e25d1ec5780e425ffb68e3e1bb0ea62cc9ba43c0e262cfa5f6c552458696acb67422328df20215aa22e5e8d4417d8688fcb06c1de0fe431e6811596fb0dcbe8678fe69098653687b041ab4eefd3181964c0a5225fe0a1606ff4c12c3f57d7e620860dcd66a8b856438dfb87d10e50beea9e838964d2584811fa83287ef363e88e4fc5b8d09f2fb4feeb7fd7f2a77661cb75ed56a0d3b60fdeed43674757704753721df8c8801ee85e4818fafb012399b1d36a8e17b8e40cbaa0fd891b6d2e0515dbd4d743e42eea35a9b191bf26a850eff41a5aa6d95790329c8a21a88c11faba
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber7d2c89d309e57beef2d791bb8ed6a26f
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • NtBuildNumber
    • ZwOpenProcess
    • PsLookupProcessByProcessId
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • RtlInitUnicodeString
    • MmIsAddressValid
    • IoDeleteDevice
    • ObfDereferenceObject
    • ExGetPreviousMode
    • IoCreateDevice
    • MmGetSystemRoutineAddress
    • ObOpenObjectByPointer
    • ZwQueryObject
    • RtlUnicodeStringToAnsiString
    • SePrivilegeCheck
    • ZwQuerySystemInformation
    • ZwOpenProcessToken
    • SeReleaseSubjectContext
    • KeDetachProcess
    • ObQueryNameString
    • strncpy
    • ExAllocatePool
    • SeCaptureSubjectContext
    • NtClose
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • IoDeleteSymbolicLink
    • ZwDuplicateObject
    • ExFreePoolWithTag
    • RtlFreeAnsiString
    • KeAttachProcess
    • KeBugCheckEx
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2019-06-13 07:35:39
    MD56ff59faea912903af0ba8e80e58612bc
    SHA1736531c76b8d9c56e26561bf430e10ecabff0186
    SHA2563503ea284b6819f9cb43b3e94c0bb1bf5945ccb37be6a898387e215197a4792a
    Authentihash MD58b8a646469bdd1bab7b402ac83dba4a5
    Authentihash SHA1075998a905d4afda2e1727f6f31030c4d126dcc5
    Authentihash SHA256083828dd2e4afe22f5d27b56bd7f5a60e43aea7ec8f8cb0a138be84ee639a09c
    RichPEHeaderHash MD5dd10afd0600f2236361f48592587474c
    RichPEHeaderHash SHA10dbcc0d10e288b15aa0eda2aaffcd2a0edb7850b
    RichPEHeaderHash SHA256c834c4c8ac0c6f8457c4b833e5771b4f273ed815ab2d189a65c4afa9ca9e3975
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 33000001058eca29221e6a345b000000000105
    FieldValue
    ToBeSigned (TBS) MD531c86790d5106374a2387094c9e925f9
    ToBeSigned (TBS) SHA102effd51d770a6881492009028d3e37d52a353ec
    ToBeSigned (TBS) SHA2564846d6d5238e9900fae36792af3ac2835f6f10aa18de48b558c676e94bb24e05
    SubjectC=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Ireland Operations Limited, OU=Thales TSS ESN:3BD4,4B80,69C3, CN=Microsoft Time,Stamp service
    ValidFrom2018-08-23 20:20:24
    ValidTo2019-11-23 20:20:24
    Signature70b7312f4250cdf1d3def3c43951f5a88b8f263b88f82996cb1cdaa8c9fd2bc5cb16304482e1d4a3cd7c2680f316e8d04d560716707e31ee044018f77802b3e1620e9ddb7a9c4b7266af30fe4d6224225f47eaf7e9d4598e46e9069c9ecdd3c0500570cebcee298bec6254fcc5bf44c88b40b0b228839cf17e2c71689143f6558bcad70c395d627f74f7338012b15fd471a905d91b5a4b26aff62f1d0eef7131633d3b1423cd634e504b5bb9d8ad3ef506ef2ddd2d806c4df1b713395b2b17747e9e5afcaab83a1428b276c5ee6c4d9ec09ced00cc55888ce5ba6fec026cc4c502f7fe6ea6c8e101356f1b508e18b958d3b3bec3b629f1ff9c3ffedee98df4c4
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber33000001058eca29221e6a345b000000000105
    Version3
    Certificate 33000000387a14cce6619d8c51000200000038
    FieldValue
    ToBeSigned (TBS) MD5f9a6526d8f83e3d33d925ae95b752dca
    ToBeSigned (TBS) SHA1ad9f086d0642e3b5de60584c44123cf4603c4525
    ToBeSigned (TBS) SHA2567bdb7967d328a3a1cb2d2c4c7399633203668f9a86a271b277a218b639ad12ee
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2019-04-18 18:42:23
    ValidTo2020-03-27 18:42:23
    Signature5844e21f86b9788f56cd1d77f3f69287bb20fca894e9fedbba22b6bc952403a6b4c2cd38d003bfdd0ceb0ddcc583331efcad8b4be9516204983e26aaa15594ebc7b5784a3999aa9096a0d877371281c61840e4e57a2f4e33bcb554e3b1c25bcc71215544be72d254435aa7f462028722def36cb7819d9d746296b42f1e2dc0c6176f722fdc51d3913e1afdd3052cc50e1dc3f8dac1aaec4fc9b739973db14c1f1f68b5516a406994297ba034347c781323447d7e6c87dd73db025cea27bba00321aa12287daee740fd07040f293ead6d5f61bc0304daeebc847d5f4da6e712d2868d64a710212080c97dd804c265b6a60b368cceab6e1a4c81ba8361233a0ab2
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber33000000387a14cce6619d8c51000200000038
    Version3
    Certificate 610435f1000000000041
    FieldValue
    ToBeSigned (TBS) MD577dab20d8e23cd8e18633adca506cf6e
    ToBeSigned (TBS) SHA1c5506bee3c29254dc5b5a0e6e7a14046522708ef
    ToBeSigned (TBS) SHA256611f1d188d7c39a400a01ee32e2c257be5082445ace6f59acd103a250cc2ec0f
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility PCA
    ValidFrom2018-09-20 17:42:01
    ValidTo2021-05-09 23:28:13
    Signaturedb595516f66f18e1341f22519cd75bdebec9fe22cf0da8b0b3d16c1da9a402d786bc566b40ee0bbcf93519de693d54a7d10a23c02dbc67986c390faf808cbc4adb87290c6336e5faf85d8f8c233ef9922fb1843a48a325954aeac902617af61fee0538540f210e1e96e2d2fbd710c3d9dcdee31f05054f429bacbd15eea95a19817a77c5be146a41a7307858ced3207157603c07b83c83ca0f35f77a632f148aa6dc8e0f947a8aaf6ad8c8d7c4490526c7f4f6ad021edb776725fe7dfb894a56d92fd032d2197c0e4edb995316a84d28109a61707230317c47c98b01093a263ebe5bcc278ffd669fd49fe1f51ac913b6c3cf714b5fc34381ee4996d59981421916414f0a902e76bd3b0399e4851a6084716df77ce405fe55a53be6f3c95f067a3f46ef77f7ad48d211cac1b08ab7964cfa9e8fdd336d2a84750021c76bffdc3de28b8d81b65134c9bdf6379fedf06b028f3ec0b6f5a6bb72c6745953ef43d67808d0bf11b7fa1d0a74b18f5e3b21f2e940ade8d052a9e19e9eb3bffbe9f5e8439a09ee26abf6d3e9528a1ef984617b5c33cf0d8d6e9daac74135d14fc21e82668e5b9075d3235eb988eec5fcac9753af2e343e2a1c88a19dc94ec1f11ae245eef3a76beccb5bb13fa9f39d9b04ffd6342cbc040e29a161d212d5b6a50c10be6f6b9e681d4747ac7bd030d75c18d61ec0ad03e3cecfc668c49424c26fd4de1072
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610435f1000000000041
    Version3
    Certificate 6116683400000000001c
    FieldValue
    ToBeSigned (TBS) MD5335713f62536c68d0acc82df3dceb932
    ToBeSigned (TBS) SHA1023cf1c5e99dc2f24133dae6937145bb481306e6
    ToBeSigned (TBS) SHA25665d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time,Stamp PCA
    ValidFrom2007-04-03 12:53:09
    ValidTo2021-04-03 13:03:09
    Signature10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber6116683400000000001c
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strncpy
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • PsGetVersion
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • RtlFreeUnicodeString
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2012-06-16 15:21:56
    MD58e78ab9b9709bafb11695a0a6eddeff9
    SHA12f9b0cd96d961e49d5d3b416028fd3a0e43d6a28
    SHA2563c7e5b25a33a7805c999d318a9523fcae46695a89f55bbdb8bb9087360323dfc
    Authentihash MD5acacde5c8a3a37b4fa43d9b651df85ea
    Authentihash SHA1f14e20cea5fac19bca02f5b067d12a459a393467
    Authentihash SHA256c286dfac5ca413efeb1936e876688b6bd46d25dc64206f86efb4f52ad83d1889
    RichPEHeaderHash MD578726760a9bf9be61589052b60d61ff2
    RichPEHeaderHash SHA16667039bfab04d76be83ed4e99d280965f2a88b2
    RichPEHeaderHash SHA2565ebe6e73c02e720960a435c91c80679ee272f215795d3321969b72820365418e
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 4112e632c7b18a029a3a1fac803ab89f
    FieldValue
    ToBeSigned (TBS) MD555a4c08c9404782113330a8cd169ed20
    ToBeSigned (TBS) SHA174807ba52ae6108b0fbac5031090b3295b2c3bba
    ToBeSigned (TBS) SHA2563fe3c656e859492b0d4bb2c4c2020ae816340f985e054239d3342ffb93269b16
    SubjectC=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
    ValidFrom2010-03-04 00:00:00
    ValidTo2013-04-18 23:59:59
    Signature699b1e86265a9879a822a8a6699a8c10445951bf2b4f573e73a1d61d4cb8279a8069fc69f009280908b49182f4701c7928c3c2b6d586365f50278ef35f08b6cdf8208a12e1ac531ef354a0ccd6e3e3f2f46cb624ad8e38a40143793950d6c4da6a9aeb3420d16f7edbf1e9394464e64dd68c3a227dc7e39217e3539b630ab82a9ffed252b8a89d32c2d373e53bbfc4d7110f58a7a8fb88fdb9d918251ad2a6e1315725007597a4492ee39b513e0dde05fe421fe4ef18cf7b86f5165ae71a6fe40948f0fa39e3a9d681be276f20295d2132e53043f5db8a1ed02ebbf7f32b574e95cb607aafac1ba41c77151ade1984532df7ac190fb57e17f730a197050c0e32
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber4112e632c7b18a029a3a1fac803ab89f
    Version3
    Certificate 655226e1b22e18e1590f2985ac22e75c
    FieldValue
    ToBeSigned (TBS) MD5650704c342850095f3288eaf791147d4
    ToBeSigned (TBS) SHA14cdc38c800761463749c3cbd94a12f32e49877bf
    ToBeSigned (TBS) SHA25607b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2 CA
    ValidFrom2009-05-21 00:00:00
    ValidTo2019-05-20 23:59:59
    Signature8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber655226e1b22e18e1590f2985ac22e75c
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • ObReferenceObjectByHandle
    • __C_specific_handler
    • RtlFreeAnsiString
    • RtlUnicodeStringToAnsiString
    • ObQueryNameString
    • ExFreePoolWithTag
    • strlen
    • strncpy
    • wcslen
    • ExAllocatePoolWithTag
    • ZwQueryObject
    • KeUnstackDetachProcess
    • KeStackAttachProcess
    • PsLookupProcessByProcessId
    • ZwClose
    • ZwDuplicateObject
    • ZwOpenProcess
    • ObCloseHandle
    • IoFileObjectType
    • ZwQuerySystemInformation
    • MmIsAddressValid
    • PsThreadType
    • ZwQueryInformationProcess
    • PsProcessType
    • KeWaitForSingleObject
    • ZwOpenProcessToken
    • IofCompleteRequest
    • SeReleaseSubjectContext
    • SePrivilegeCheck
    • ExGetPreviousMode
    • SeCaptureSubjectContext
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • RtlInitUnicodeString
    • ObOpenObjectByName
    • IoCreateSymbolicLink
    • MmGetSystemRoutineAddress
    • NtBuildNumber
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2010-03-30 18:27:21
    MD5a91a1bc393971a662a3210dac8c17dfd
    SHA1e4fcb363cfe9de0e32096fa5be94a41577a89bb0
    SHA2563ff39728f1c11d1108f65ec5eb3d722fd1a1279c530d79712e0d32b34880baaa
    Authentihash MD5455eb57840b64c8fe0d942ea5da23c6b
    Authentihash SHA1aa8756d00691d3d8959b68c3626ba896cc2709fb
    Authentihash SHA2561a902521c5f82ad9acac815229a00e6ed9137b8d49106b64147b088ff89d0f01
    RichPEHeaderHash MD50d2827279de53381241bc9e2f3cd3b37
    RichPEHeaderHash SHA1553d0e9497ca6fab0cfe6e576e55a0a8727856c3
    RichPEHeaderHash SHA2566b3aa920729075ad11455f6df6ce1cece1555725d1b570f61aef163ade76c2d3
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 4191a15a3978dfcf496566381d4c75c2
    FieldValue
    ToBeSigned (TBS) MD541011f8d0e7c7a6408334ca387914c61
    ToBeSigned (TBS) SHA1c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
    ToBeSigned (TBS) SHA25688dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
    ValidFrom2004-07-16 00:00:00
    ValidTo2014-07-15 23:59:59
    Signatureae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber4191a15a3978dfcf496566381d4c75c2
    Version3
    Certificate 7d2c89d309e57beef2d791bb8ed6a26f
    FieldValue
    ToBeSigned (TBS) MD5ae18dfd140f9414eadf1f611ec1b84b7
    ToBeSigned (TBS) SHA19aecb2568e995d5965e49acf3ff247bc3d1ab99c
    ToBeSigned (TBS) SHA256f14ce5fe5f508ced18d652e8211edb00c1c773899d03d18dec932df9c54f0a86
    SubjectC=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
    ValidFrom2007-03-05 00:00:00
    ValidTo2010-04-19 23:59:59
    Signaturea1ce9df2911dc8d72282d3c41cc94a5ec63e00dbdf60015908bc703678b1a68e25d1ec5780e425ffb68e3e1bb0ea62cc9ba43c0e262cfa5f6c552458696acb67422328df20215aa22e5e8d4417d8688fcb06c1de0fe431e6811596fb0dcbe8678fe69098653687b041ab4eefd3181964c0a5225fe0a1606ff4c12c3f57d7e620860dcd66a8b856438dfb87d10e50beea9e838964d2584811fa83287ef363e88e4fc5b8d09f2fb4feeb7fd7f2a77661cb75ed56a0d3b60fdeed43674757704753721df8c8801ee85e4818fafb012399b1d36a8e17b8e40cbaa0fd891b6d2e0515dbd4d743e42eea35a9b191bf26a850eff41a5aa6d95790329c8a21a88c11faba
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber7d2c89d309e57beef2d791bb8ed6a26f
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • ObQueryNameString
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • ZwQueryObject
    • KeDetachProcess
    • ObReferenceObjectByHandle
    • KeAttachProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • ZwClose
    • ZwDuplicateObject
    • ZwOpenProcess
    • ZwQuerySystemInformation
    • MmIsAddressValid
    • memset
    • ObOpenObjectByPointer
    • RtlUnicodeStringToAnsiString
    • NtClose
    • ZwOpenProcessToken
    • memcpy
    • IofCompleteRequest
    • SeReleaseSubjectContext
    • SePrivilegeCheck
    • ExGetPreviousMode
    • SeCaptureSubjectContext
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • RtlInitUnicodeString
    • IoCreateSymbolicLink
    • MmGetSystemRoutineAddress
    • NtBuildNumber
    • KeTickCount
    • KeBugCheckEx
    • strncpy
    • ZwQueryInformationProcess
    • RtlFreeAnsiString
    • RtlUnwind
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • IoCreateDevice
    • RtlGetDaclSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • SeExports
    • IoIsWdmVersionAvailable
    • _wcsnicmp
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • wcschr
    • RtlAbsoluteToSelfRelativeSD
    • RtlSetDaclSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • KfLowerIrql
    • KfRaiseIrql

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2011-12-30 16:49:03
    MD5e4a0bba88605d4c07b58a2cc3fac0fe9
    SHA1ac31d15851c0af14d60cfce23f00c4b7887d3cb7
    SHA25646621554728bc55438c7c241137af401250f062edef6e7efecf1a6f0f6d0c1f7
    Authentihash MD524263d0e152884eb7d180070164830c8
    Authentihash SHA1929c28f99d550278415c7087b71511e44439a41c
    Authentihash SHA256b4f9272894f926d4f3b957fca673140a3a24dc896f1a49badaa1e04687b223cd
    RichPEHeaderHash MD506af0fa035494c3b0a64ed4d30b92a1d
    RichPEHeaderHash SHA1a28ec273392c9087398ad288220d05f5a05bfd73
    RichPEHeaderHash SHA256dc52d97ba63a84b49265c1c6d9a802ee7e0d3151f917ed1a9840711caddb6fd5
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 4112e632c7b18a029a3a1fac803ab89f
    FieldValue
    ToBeSigned (TBS) MD555a4c08c9404782113330a8cd169ed20
    ToBeSigned (TBS) SHA174807ba52ae6108b0fbac5031090b3295b2c3bba
    ToBeSigned (TBS) SHA2563fe3c656e859492b0d4bb2c4c2020ae816340f985e054239d3342ffb93269b16
    SubjectC=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
    ValidFrom2010-03-04 00:00:00
    ValidTo2013-04-18 23:59:59
    Signature699b1e86265a9879a822a8a6699a8c10445951bf2b4f573e73a1d61d4cb8279a8069fc69f009280908b49182f4701c7928c3c2b6d586365f50278ef35f08b6cdf8208a12e1ac531ef354a0ccd6e3e3f2f46cb624ad8e38a40143793950d6c4da6a9aeb3420d16f7edbf1e9394464e64dd68c3a227dc7e39217e3539b630ab82a9ffed252b8a89d32c2d373e53bbfc4d7110f58a7a8fb88fdb9d918251ad2a6e1315725007597a4492ee39b513e0dde05fe421fe4ef18cf7b86f5165ae71a6fe40948f0fa39e3a9d681be276f20295d2132e53043f5db8a1ed02ebbf7f32b574e95cb607aafac1ba41c77151ade1984532df7ac190fb57e17f730a197050c0e32
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber4112e632c7b18a029a3a1fac803ab89f
    Version3
    Certificate 655226e1b22e18e1590f2985ac22e75c
    FieldValue
    ToBeSigned (TBS) MD5650704c342850095f3288eaf791147d4
    ToBeSigned (TBS) SHA14cdc38c800761463749c3cbd94a12f32e49877bf
    ToBeSigned (TBS) SHA25607b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2 CA
    ValidFrom2009-05-21 00:00:00
    ValidTo2019-05-20 23:59:59
    Signature8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber655226e1b22e18e1590f2985ac22e75c
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • ObReferenceObjectByHandle
    • __C_specific_handler
    • RtlFreeAnsiString
    • RtlUnicodeStringToAnsiString
    • ObQueryNameString
    • ExFreePoolWithTag
    • strlen
    • strncpy
    • wcslen
    • ExAllocatePoolWithTag
    • ZwQueryObject
    • KeDetachProcess
    • KeAttachProcess
    • PsLookupProcessByProcessId
    • ZwClose
    • ZwDuplicateObject
    • ZwOpenProcess
    • ZwQuerySystemInformation
    • MmIsAddressValid
    • ZwQueryInformationProcess
    • KeWaitForSingleObject
    • NtClose
    • ZwOpenProcessToken
    • IofCompleteRequest
    • SeReleaseSubjectContext
    • SePrivilegeCheck
    • ExGetPreviousMode
    • SeCaptureSubjectContext
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • RtlInitUnicodeString
    • IoCreateSymbolicLink
    • MmGetSystemRoutineAddress
    • NtBuildNumber
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2011-04-25 12:19:41
    MD5880686bceaf66bfde3c80569eb1ebfa7
    SHA110b9ae9286837b3bf6a00771c7e81adbdea3cbfe
    SHA25651e91dd108d974ae809e5fc23f6fbd16e13f672f86aa594dae4a5c4bc629b0b5
    Authentihash MD55d265a745ca048fb2ee0a59cc7ffc8aa
    Authentihash SHA1e5d5076fca6ed125d14d9f70fff802a1fa992ac6
    Authentihash SHA25617bdeeb4447f0758c3720991d3ed43a405efb49fd2cdbb37f7b5feb349693acb
    RichPEHeaderHash MD564b3eb9ab6aa05642765b3ed3433f961
    RichPEHeaderHash SHA133d624aacacbef6591bd60b851034a7b14fac938
    RichPEHeaderHash SHA256ec592d4c182b05a26b286d78201e870e091c9d6d98f5eade5a48be6a060f5ba9
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 4112e632c7b18a029a3a1fac803ab89f
    FieldValue
    ToBeSigned (TBS) MD555a4c08c9404782113330a8cd169ed20
    ToBeSigned (TBS) SHA174807ba52ae6108b0fbac5031090b3295b2c3bba
    ToBeSigned (TBS) SHA2563fe3c656e859492b0d4bb2c4c2020ae816340f985e054239d3342ffb93269b16
    SubjectC=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
    ValidFrom2010-03-04 00:00:00
    ValidTo2013-04-18 23:59:59
    Signature699b1e86265a9879a822a8a6699a8c10445951bf2b4f573e73a1d61d4cb8279a8069fc69f009280908b49182f4701c7928c3c2b6d586365f50278ef35f08b6cdf8208a12e1ac531ef354a0ccd6e3e3f2f46cb624ad8e38a40143793950d6c4da6a9aeb3420d16f7edbf1e9394464e64dd68c3a227dc7e39217e3539b630ab82a9ffed252b8a89d32c2d373e53bbfc4d7110f58a7a8fb88fdb9d918251ad2a6e1315725007597a4492ee39b513e0dde05fe421fe4ef18cf7b86f5165ae71a6fe40948f0fa39e3a9d681be276f20295d2132e53043f5db8a1ed02ebbf7f32b574e95cb607aafac1ba41c77151ade1984532df7ac190fb57e17f730a197050c0e32
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber4112e632c7b18a029a3a1fac803ab89f
    Version3
    Certificate 655226e1b22e18e1590f2985ac22e75c
    FieldValue
    ToBeSigned (TBS) MD5650704c342850095f3288eaf791147d4
    ToBeSigned (TBS) SHA14cdc38c800761463749c3cbd94a12f32e49877bf
    ToBeSigned (TBS) SHA25607b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2 CA
    ValidFrom2009-05-21 00:00:00
    ValidTo2019-05-20 23:59:59
    Signature8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber655226e1b22e18e1590f2985ac22e75c
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • IoDeleteSymbolicLink
    • ExFreePoolWithTag
    • NtBuildNumber
    • PsLookupProcessByProcessId
    • RtlInitUnicodeString
    • IoDeleteDevice
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • ZwQueryObject
    • RtlUnicodeStringToAnsiString
    • ZwQuerySystemInformation
    • ZwOpenProcessToken
    • SeReleaseSubjectContext
    • KeDetachProcess
    • ObQueryNameString
    • strncpy
    • SeCaptureSubjectContext
    • NtClose
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • ZwDuplicateObject
    • RtlFreeAnsiString
    • KeAttachProcess
    • ZwOpenProcess
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • MmIsAddressValid
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • SePrivilegeCheck
    • KeBugCheckEx
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2015-05-10 22:52:10
    MD5ad03f225247b58a57584b40a4d1746d3
    SHA1e525f54b762c10703c975132e8fc21b6cd88d39b
    SHA25659b09bd69923c0b3de3239e73205b1846a5f69043546d471b259887bb141d879
    Authentihash MD59e4c2a2e8832f10ecdd2be70eb6bc300
    Authentihash SHA12b15e90dc654ce779bd460787352639768cd8baa
    Authentihash SHA25626536758c2247b6251a342d2e80de1753c006a0dce9b3b8a6a5b1d3110c8fc34
    RichPEHeaderHash MD5a052ed4e5d10c66e3e667a42fcdcc54a
    RichPEHeaderHash SHA104b9d41ef58b5aaaca72f0ce222a8adfbe8ad251
    RichPEHeaderHash SHA256c254feaf8c3e788a6ec9d41de0d7bad054f4347a8347d6806840cd1d9030ed4a
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 1efd983a49d3f152ac9cd2941b8a0edd
    FieldValue
    ToBeSigned (TBS) MD51b7ca026e68405de56477b5b7bb3a0a5
    ToBeSigned (TBS) SHA1b2a1bd13d8833154f02e51e25c9f023d54a27d21
    ToBeSigned (TBS) SHA2562018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
    SubjectC=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Sysinternals
    ValidFrom2013-04-06 00:00:00
    ValidTo2016-05-05 23:59:59
    Signaturedcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber1efd983a49d3f152ac9cd2941b8a0edd
    Version3
    Certificate 611993e400000000001c
    FieldValue
    ToBeSigned (TBS) MD578a717e082dcc1cda3458d917e677d14
    ToBeSigned (TBS) SHA14a872e0e51f9b304469cd1dedb496ee9b8b983a4
    ToBeSigned (TBS) SHA256317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2011-02-22 19:25:17
    ValidTo2021-02-22 19:35:17
    Signature812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611993e400000000001c
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strncpy
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • NtBuildNumber
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2013-10-20 18:16:05
    MD590f8c1b76f786814d03ef4c51d4abb6d
    SHA1d1c38145addfed1bcd1b400334ff5a5e2ef9a5c6
    SHA2566bfc0f425de9f4e7480aa2d1f2e08892d0553ed0df1c31e9bf3d8d702f38fa2e
    Authentihash MD5028b8d642c1c76b18b74f3e0f76b3522
    Authentihash SHA11aa871802d7278272172d9d7faabf8c8292996a3
    Authentihash SHA25676adb3fa346058e95ba3fd549fd48a15adaf4920a3109391f52053ebf39e62cc
    RichPEHeaderHash MD50d17e05fea90e97edacc66532133bb1a
    RichPEHeaderHash SHA1876c6595954f77341bcd153315bd7806af4a7230
    RichPEHeaderHash SHA256219a730631a67f4dcd6e2fc1f918f2532698dde1bb734391fe323b69b7349edd
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 1efd983a49d3f152ac9cd2941b8a0edd
    FieldValue
    ToBeSigned (TBS) MD51b7ca026e68405de56477b5b7bb3a0a5
    ToBeSigned (TBS) SHA1b2a1bd13d8833154f02e51e25c9f023d54a27d21
    ToBeSigned (TBS) SHA2562018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
    SubjectC=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Sysinternals
    ValidFrom2013-04-06 00:00:00
    ValidTo2016-05-05 23:59:59
    Signaturedcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber1efd983a49d3f152ac9cd2941b8a0edd
    Version3
    Certificate 611993e400000000001c
    FieldValue
    ToBeSigned (TBS) MD578a717e082dcc1cda3458d917e677d14
    ToBeSigned (TBS) SHA14a872e0e51f9b304469cd1dedb496ee9b8b983a4
    ToBeSigned (TBS) SHA256317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2011-02-22 19:25:17
    ValidTo2021-02-22 19:35:17
    Signature812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611993e400000000001c
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • ObReferenceObjectByHandle
    • __C_specific_handler
    • RtlFreeAnsiString
    • RtlUnicodeStringToAnsiString
    • ObQueryNameString
    • ExFreePoolWithTag
    • strlen
    • strncpy
    • wcslen
    • ExAllocatePoolWithTag
    • ZwQueryObject
    • KeUnstackDetachProcess
    • KeStackAttachProcess
    • PsLookupProcessByProcessId
    • ZwClose
    • ZwDuplicateObject
    • ZwOpenProcess
    • ObCloseHandle
    • IoFileObjectType
    • ZwQuerySystemInformation
    • MmIsAddressValid
    • PsThreadType
    • ZwQueryInformationProcess
    • PsProcessType
    • KeWaitForSingleObject
    • ZwOpenProcessToken
    • IofCompleteRequest
    • SeReleaseSubjectContext
    • SePrivilegeCheck
    • ExGetPreviousMode
    • SeCaptureSubjectContext
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • RtlInitUnicodeString
    • ObOpenObjectByName
    • IoCreateSymbolicLink
    • MmGetSystemRoutineAddress
    • NtBuildNumber
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2018-11-09 12:21:38
    MD5f9d04e99e4cab90973226a4555bc6d57
    SHA196ec8c16f6a54b48e9a7f0d0416a529f4bf9ac11
    SHA2566e944ae1bfe43a8a7cd2ea65e518a30172ce8f31223bdfd39701b2cb41d8a9e7
    Authentihash MD58e66ec7a60a2b67386516a2e9a236d6b
    Authentihash SHA107dfb6fe9b3876c0e1b1cda010cb3cc24ff2ce25
    Authentihash SHA2566b3316496ab1e2d1ef02be966d9caa171674856e8fb8ea78d6a3bcfe8e2013c1
    RichPEHeaderHash MD5b304340f5a584624dcd7df388088259e
    RichPEHeaderHash SHA160b9485e04a7fd71335816953eeb57cabab0866d
    RichPEHeaderHash SHA2567d5b2828aba79fcf1d98ba371f54c4ecb1fe7f56fdfad814e98a1074f3ec01bf
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 33000000f6380d9a86d05ca43b0000000000f6
    FieldValue
    ToBeSigned (TBS) MD53094214121c022fb9a5e410920d5eb96
    ToBeSigned (TBS) SHA1388c68e81cfc19e838d5070ac4e6793b32bfd293
    ToBeSigned (TBS) SHA2560fe53b3d3a84a2b9768554a34a64622ed13cd1b915bdacdc4955e12cc24b4da9
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Operations Puerto Rico, OU=Thales TSS ESN:BBEC,30CA,2DBE, CN=Microsoft Time,Stamp Service
    ValidFrom2018-08-23 20:20:02
    ValidTo2019-11-23 20:20:02
    Signature18296d831c69501fcc0fba56af62fea612d3e1df8e88026af0152c003451479cc1ed1574a00da10660272dc5dd446a18c647b100a47b4c65d0ab4004131aebb3c988b6937214ee9dc7c2e381988b8fe0582c47fa97c21c9b0f11e198b8449015b171f00cb487241b0e339902adfd55f0adbc38b374e77f6daa6e5868b6197ba2122f927de072de2aa467f3175f948d3c29dacac8c697f26e08d840876c6c919bc522b59cf1fb5ee1b23bd9047b02b3a9edd5b1ad4b3be3bf7dec5a093e5732f75c5389eb28c6f95f1bd1c81381e96725eaf4df641c32aed1e77a8fdcdaa360c4b39c6257c5c14c57dc1a380e165cc2f3bfffc9c9ce9d36907e2c74cafdd5f722
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber33000000f6380d9a86d05ca43b0000000000f6
    Version3
    Certificate 33000000317c61d46115ceba6a000100000031
    FieldValue
    ToBeSigned (TBS) MD59a2de17c0445f3e68c9315347b5805f8
    ToBeSigned (TBS) SHA1df228171e01e890d9b69a749887197af4a3f7602
    ToBeSigned (TBS) SHA2564a7311ef8dd289fa50df104e89c167449e87034901503c7e9423ee9e90d5c528
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2018-06-08 17:24:26
    ValidTo2019-05-29 17:24:26
    Signature507e1dabe5c8a200d7b848d718478b9b2278f88da52f23c4c297c0694d76611430bff53bbe64c2bf85fa5ed551cef1d014dcf7f38109ebb5d8474c628715d4c10dd49f303cbe25aaca38d589b581c1e9786abfb23e79aa332cca8ddeeae9958623887375b40836c23f972646b8b8eac96f0b3dcbc88d56062c54a14d1e7f52ed4eb9d6e0e876fab6029355c1c7f791c63ce9ecfe5d78ffb5ba3ffb21fa78edca381c8717d1c23d01c3f0aa36cb01434f68c981c5924f04089d731c26846e466255679fab67bdfc16ab0debbc2d17f9458dcf4176ac6d63e1bb673a2d7daec55618183ae25d420dc2f7874c295fd7a4afef5cf609247c7c50f75aba8f0195fe03
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber33000000317c61d46115ceba6a000100000031
    Version3
    Certificate 33000000382e50e86a989d957f000000000038
    FieldValue
    ToBeSigned (TBS) MD5cfa5fa49250320f7a3473a82877fabf3
    ToBeSigned (TBS) SHA16b3242a9a639b0da4d5882c7eeb402be6615ad0c
    ToBeSigned (TBS) SHA2568e7c756d4597e8cca0f627d75647e2f9d5a693f1f263b193347066d214c1d4db
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility PCA
    ValidFrom2012-06-04 21:05:46
    ValidTo2020-06-04 21:15:46
    Signature0ddf98999318a11f177ab1350fbf36a767f19aae9d2b6878f00df46be551e1a2006c7df64f549376a929c92d15cb1e84bfdedb53638c99f519ebc1e0c1316929f808feeb4098a1742a085e1db5f064b29e45d51ec082db948d6627c5c13d8cec31a94e2682c2e3a11d1f795957b5959e2bf15735f165ee532336fd7250472f564b110c033165e9d151e84cbb18166c479bf193ccad7afb4e0a5a7df5554673eebd9cc7e95616c5bdc1f4323698f67e624e5de547179ee8a2ef1a036f6b536790d8b798deb565279a2ef7d60698683e5725829050744c79f570a60ad5a2a42dca8663b4aa403a43ce41ed76053d509dbefe0af8be00a703439e7e30f82c43d04cd5e4e5ccfea8bc7e0d827c931a327b5f60db68d61592a9644fb73be812ed2e8191add55e535695cdeb5791e290e1a2c8a926252280385d048812e033225d8490263e4fdc36ab70425923a78d6aa13ac6f71d126f1110faf5cf3c3f18802621c55edac43561d9002b0cb0287ee37f2ac7159f7f09fee67f8701ed0f39d50e1b9dfeaf16116af301d0c01bde1439992300df9e47077d6293691cbdc4aaa6fcbac071fea8b8f3aec9034128334ac15358409b8b8371503d9fba3f2c884fc648b05b3908ed710ae26c7509ef1253d60fc19641209f4f88d0695992bcf2555e799086f929121acd378057c6d3c68b9b2b63378701a9ccba6e50c0c80c77cd0a53799e
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber33000000382e50e86a989d957f000000000038
    Version3
    Certificate 6116683400000000001c
    FieldValue
    ToBeSigned (TBS) MD5335713f62536c68d0acc82df3dceb932
    ToBeSigned (TBS) SHA1023cf1c5e99dc2f24133dae6937145bb481306e6
    ToBeSigned (TBS) SHA25665d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time,Stamp PCA
    ValidFrom2007-04-03 12:53:09
    ValidTo2021-04-03 13:03:09
    Signature10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber6116683400000000001c
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strncpy
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • PsGetVersion
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2019-06-28 15:02:57
    MD5659a59d7e26b7730361244e12201378e
    SHA1c21510569fd84a5fe04508aa28e3cf9c8cc45b7a
    SHA25677950e2a40ac0447ae7ee1ee3ef1242ce22796a157074e6f04e345b1956e143c
    Authentihash MD53798eddcccab7da4682f64997533d27d
    Authentihash SHA10d753c1d21c4e6c6eb74d3436eb4c5f376cc7364
    Authentihash SHA256a4859c5456d03f799de89d2f8cbb36b4518259a6c7c0bc909b1fd16f48363d5a
    RichPEHeaderHash MD5dd10afd0600f2236361f48592587474c
    RichPEHeaderHash SHA10dbcc0d10e288b15aa0eda2aaffcd2a0edb7850b
    RichPEHeaderHash SHA256c834c4c8ac0c6f8457c4b833e5771b4f273ed815ab2d189a65c4afa9ca9e3975
    CompanySysinternals - www.sysinternals.com
    Description
    Product
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 3300000109e219d6f9b8a4bebf000000000109
    FieldValue
    ToBeSigned (TBS) MD510a173441d459944d30bbcfc69f7521b
    ToBeSigned (TBS) SHA1500cf2d67d9e3b7c31b2a65d4f121f7201cade0e
    ToBeSigned (TBS) SHA2561994223eadaccd1eaf27c1a3e90dd6142a4ceb8f8fafe5109e2accbccc60e4ed
    SubjectC=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Ireland Operations Limited, OU=Thales TSS ESN:86DF,4BBC,9335, CN=Microsoft Time,Stamp service
    ValidFrom2018-08-23 20:20:28
    ValidTo2019-11-23 20:20:28
    Signature9d7642feb515917887e958cc8890ccc717f8b1b164f2248f2657c2dd3bc82767e8a80b860b39f6469c373f7db0e6bf50975f396197e28b8b47b1c36014316a5fecd78d4528fe00e0c5a92321319a4be66b2359c99f01a27514f95879324fc6c121d6958cade3c4e366f75ebd979c4ee701a63655ae846982f63439c44099f0a18de3b3d9ae023e8c5c49406c94c556a7dee459a92b543f395dde5cfe106e0540f7710430d130862c6693445d18efaac409f2cd7d319e21a12c5184e767993562b324ff9db371cce7a932d3be5ee3396cf1864a609bbe6ebcf8834cbb11c44729119a6a5abc5e3ef8947dcb0bc6b554217a3e39a079e4bd733dc46b77b8f39a3c
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber3300000109e219d6f9b8a4bebf000000000109
    Version3
    Certificate 33000000387a14cce6619d8c51000200000038
    FieldValue
    ToBeSigned (TBS) MD5f9a6526d8f83e3d33d925ae95b752dca
    ToBeSigned (TBS) SHA1ad9f086d0642e3b5de60584c44123cf4603c4525
    ToBeSigned (TBS) SHA2567bdb7967d328a3a1cb2d2c4c7399633203668f9a86a271b277a218b639ad12ee
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2019-04-18 18:42:23
    ValidTo2020-03-27 18:42:23
    Signature5844e21f86b9788f56cd1d77f3f69287bb20fca894e9fedbba22b6bc952403a6b4c2cd38d003bfdd0ceb0ddcc583331efcad8b4be9516204983e26aaa15594ebc7b5784a3999aa9096a0d877371281c61840e4e57a2f4e33bcb554e3b1c25bcc71215544be72d254435aa7f462028722def36cb7819d9d746296b42f1e2dc0c6176f722fdc51d3913e1afdd3052cc50e1dc3f8dac1aaec4fc9b739973db14c1f1f68b5516a406994297ba034347c781323447d7e6c87dd73db025cea27bba00321aa12287daee740fd07040f293ead6d5f61bc0304daeebc847d5f4da6e712d2868d64a710212080c97dd804c265b6a60b368cceab6e1a4c81ba8361233a0ab2
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber33000000387a14cce6619d8c51000200000038
    Version3
    Certificate 610435f1000000000041
    FieldValue
    ToBeSigned (TBS) MD577dab20d8e23cd8e18633adca506cf6e
    ToBeSigned (TBS) SHA1c5506bee3c29254dc5b5a0e6e7a14046522708ef
    ToBeSigned (TBS) SHA256611f1d188d7c39a400a01ee32e2c257be5082445ace6f59acd103a250cc2ec0f
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility PCA
    ValidFrom2018-09-20 17:42:01
    ValidTo2021-05-09 23:28:13
    Signaturedb595516f66f18e1341f22519cd75bdebec9fe22cf0da8b0b3d16c1da9a402d786bc566b40ee0bbcf93519de693d54a7d10a23c02dbc67986c390faf808cbc4adb87290c6336e5faf85d8f8c233ef9922fb1843a48a325954aeac902617af61fee0538540f210e1e96e2d2fbd710c3d9dcdee31f05054f429bacbd15eea95a19817a77c5be146a41a7307858ced3207157603c07b83c83ca0f35f77a632f148aa6dc8e0f947a8aaf6ad8c8d7c4490526c7f4f6ad021edb776725fe7dfb894a56d92fd032d2197c0e4edb995316a84d28109a61707230317c47c98b01093a263ebe5bcc278ffd669fd49fe1f51ac913b6c3cf714b5fc34381ee4996d59981421916414f0a902e76bd3b0399e4851a6084716df77ce405fe55a53be6f3c95f067a3f46ef77f7ad48d211cac1b08ab7964cfa9e8fdd336d2a84750021c76bffdc3de28b8d81b65134c9bdf6379fedf06b028f3ec0b6f5a6bb72c6745953ef43d67808d0bf11b7fa1d0a74b18f5e3b21f2e940ade8d052a9e19e9eb3bffbe9f5e8439a09ee26abf6d3e9528a1ef984617b5c33cf0d8d6e9daac74135d14fc21e82668e5b9075d3235eb988eec5fcac9753af2e343e2a1c88a19dc94ec1f11ae245eef3a76beccb5bb13fa9f39d9b04ffd6342cbc040e29a161d212d5b6a50c10be6f6b9e681d4747ac7bd030d75c18d61ec0ad03e3cecfc668c49424c26fd4de1072
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610435f1000000000041
    Version3
    Certificate 6116683400000000001c
    FieldValue
    ToBeSigned (TBS) MD5335713f62536c68d0acc82df3dceb932
    ToBeSigned (TBS) SHA1023cf1c5e99dc2f24133dae6937145bb481306e6
    ToBeSigned (TBS) SHA25665d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time,Stamp PCA
    ValidFrom2007-04-03 12:53:09
    ValidTo2021-04-03 13:03:09
    Signature10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber6116683400000000001c
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strncpy
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • PsGetVersion
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • RtlFreeUnicodeString
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2021-05-26 08:02:20
    MD5da6f7407c4656a2dbaf16a407aff1a38
    SHA1ed40c1f7da98634869b415530e250f4a665a8c48
    SHA2567a48f92a9c2d95a72e18055cac28c1e7e6cad5f47aa735cbea5c3b82813ccfaf
    Authentihash MD54eae8421b149baa7d0ce15a86470cde2
    Authentihash SHA1af5ff77f2106b31a8e433c3689b6a65628c2dfce
    Authentihash SHA25619d579e5a08bcb524405bdcbd2ea7247548af9f23ce64582a5be5ae3f184ad23
    RichPEHeaderHash MD5bc95ff65f30c5f18added29541a58004
    RichPEHeaderHash SHA139d8ca8b59d6aabc2fd11a6fc0d2559dde8e6812
    RichPEHeaderHash SHA256067c4b33292a48a07d12538a048b2c4e9919fff8dc21aad0acdb7ad87549082d
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 33000000b20f9ad86794f322f60000000000b2
    FieldValue
    ToBeSigned (TBS) MD5b9dc0ff1a60c3aba24a78d505955bf39
    ToBeSigned (TBS) SHA115a5da2c8aa2955af75615009d249071f91fd252
    ToBeSigned (TBS) SHA256ba7853f855ba7bc325287c11f5f7b20e013716affad372440feb2c3cf02f0bc5
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2020-12-15 22:15:30
    ValidTo2021-12-02 22:15:30
    Signature199acc6a8717c0db5b4b2312dccd8bb1e33ef492731fb8e1d60bd6f690de074b6d92293c8260012dcacc668a68f10e726a37d2ff7ee66b1eea424f56f104249bd6d7e7eba8c1745f4f1143bac7e648e48c1b2a1adf6954b5de1669df19c4be5633b791b7a3cba23641006fd58ac2d494a1d00dadbc3b3fe50a7ad0163cb386693824106b5dd9f9b8a579e45f5c5f8804832b8a773701e0ca31dee9a012fce5911492de93beea44a3822f7a83c448a484eeb937a4fa7f4067879b910e534c966d2650bd5c93f066656aa0f4c7c318161d4a8b367056df42af60a0aad0eb2de3bb47b96b948f2c849f330cfef599f1775bb6d41cf150decb40a83d5800727d977e
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber33000000b20f9ad86794f322f60000000000b2
    Version3
    Certificate 610baac1000000000009
    FieldValue
    ToBeSigned (TBS) MD5a569061297e8e824767dbc3184a69bea
    ToBeSigned (TBS) SHA1adbb26a587a8f44b4fccaecb306f980d1c55a150
    ToBeSigned (TBS) SHA256cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
    ValidFrom2012-04-18 23:48:38
    ValidTo2027-04-18 23:58:38
    Signature5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber610baac1000000000009
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strncpy
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • PsGetVersion
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • RtlFreeUnicodeString
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2010-03-30 18:30:49
    MD56b3abe55c4d39e305a11b4d1091dfaac
    SHA11c537fd17836283364349475c6138e6667cf1164
    SHA25686721ee8161096348ed3dbe1ccbf933ae004c315b1691745a8af4a0df9fed675
    Authentihash MD54b64921bd05ed4a30830f23facb43bde
    Authentihash SHA13d9be989fbb447bbf7e4b081d9ee4d9b025476c3
    Authentihash SHA256e2e351efd57c89bc0c7b9d4d440113304d0b8a4c88cdf0126442171aa50634d4
    RichPEHeaderHash MD5d70cbc6a63dcac0a6b5a8131d93c00ad
    RichPEHeaderHash SHA1d3b960226f06fd1b9f08ce080b16d649416e75a3
    RichPEHeaderHash SHA25690085a27428def469bdd2805cc61cde09cc3e95404d6f69ed6c328f0d0e97d9c
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 4191a15a3978dfcf496566381d4c75c2
    FieldValue
    ToBeSigned (TBS) MD541011f8d0e7c7a6408334ca387914c61
    ToBeSigned (TBS) SHA1c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
    ToBeSigned (TBS) SHA25688dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
    ValidFrom2004-07-16 00:00:00
    ValidTo2014-07-15 23:59:59
    Signatureae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber4191a15a3978dfcf496566381d4c75c2
    Version3
    Certificate 7d2c89d309e57beef2d791bb8ed6a26f
    FieldValue
    ToBeSigned (TBS) MD5ae18dfd140f9414eadf1f611ec1b84b7
    ToBeSigned (TBS) SHA19aecb2568e995d5965e49acf3ff247bc3d1ab99c
    ToBeSigned (TBS) SHA256f14ce5fe5f508ced18d652e8211edb00c1c773899d03d18dec932df9c54f0a86
    SubjectC=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
    ValidFrom2007-03-05 00:00:00
    ValidTo2010-04-19 23:59:59
    Signaturea1ce9df2911dc8d72282d3c41cc94a5ec63e00dbdf60015908bc703678b1a68e25d1ec5780e425ffb68e3e1bb0ea62cc9ba43c0e262cfa5f6c552458696acb67422328df20215aa22e5e8d4417d8688fcb06c1de0fe431e6811596fb0dcbe8678fe69098653687b041ab4eefd3181964c0a5225fe0a1606ff4c12c3f57d7e620860dcd66a8b856438dfb87d10e50beea9e838964d2584811fa83287ef363e88e4fc5b8d09f2fb4feeb7fd7f2a77661cb75ed56a0d3b60fdeed43674757704753721df8c8801ee85e4818fafb012399b1d36a8e17b8e40cbaa0fd891b6d2e0515dbd4d743e42eea35a9b191bf26a850eff41a5aa6d95790329c8a21a88c11faba
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber7d2c89d309e57beef2d791bb8ed6a26f
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • IoDeleteSymbolicLink
    • ExFreePoolWithTag
    • NtBuildNumber
    • PsLookupProcessByProcessId
    • RtlInitUnicodeString
    • IoDeleteDevice
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • ZwQueryObject
    • RtlUnicodeStringToAnsiString
    • ZwQuerySystemInformation
    • ZwOpenProcessToken
    • SeReleaseSubjectContext
    • KeDetachProcess
    • ObQueryNameString
    • strncpy
    • SeCaptureSubjectContext
    • NtClose
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • ZwDuplicateObject
    • RtlFreeAnsiString
    • KeRaiseIrql
    • KeAttachProcess
    • KeLowerIrql
    • ZwOpenProcess
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • MmIsAddressValid
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • SePrivilegeCheck
    • KeTickCount
    • KeBugCheckEx
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .pdata
    • .srdata
    • .sdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2017-04-30 17:23:14
    MD5cec257dcac9e708cefb17f8984dd0a70
    SHA1da361c56c18ea98e1c442aac7c322ff20f64486b
    SHA25688e2e6a705d3fb71b966d9fb46dc5a4b015548daf585fb54dfcd81dc0bd3ebdc
    Authentihash MD5df8e20e6fb1d2a22135e155763bf9588
    Authentihash SHA11915e95974b6f75f4793e81b85e148ebdaa35515
    Authentihash SHA2560c2d8e8487de5e7749f9899f6fefa6e7d40b394479449b5027a895392af23349
    RichPEHeaderHash MD5a052ed4e5d10c66e3e667a42fcdcc54a
    RichPEHeaderHash SHA104b9d41ef58b5aaaca72f0ce222a8adfbe8ad251
    RichPEHeaderHash SHA256c254feaf8c3e788a6ec9d41de0d7bad054f4347a8347d6806840cd1d9030ed4a
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 33000000cccbb813eb5d722d450000000000cc
    FieldValue
    ToBeSigned (TBS) MD5b23d5388c0fa7b32ff0a91fccb5cce6d
    ToBeSigned (TBS) SHA1ab5d6cc2d03e34f4fe2e51fa524401d5806f9a9f
    ToBeSigned (TBS) SHA256a072644961dcfa16259c4aac9cb7faf1431c48b41f616551827dd3f41a849976
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, OU=nCipher DSE ESN:148C,C4B9,2066, CN=Microsoft Time,Stamp Service
    ValidFrom2016-09-07 17:58:56
    ValidTo2018-09-07 17:58:56
    Signature96812d8a1bf7a71c8efb5c46a525ff9d7e890e935f85a824261bfa37f7b0cb6040b77890b3e9081ff67fcbae65e3dff7049d8c2bb648f16dd4fc7abc9cac5e4d81eeb45e611dc0f06d12b2852ffe709d163a7776daf7966db190c536c2fe4ec7804ee097fed2f4fdfacdcf6cb9cf64afc68d427589d5921b4b0aa5782aee6a52c3d495ee32238dd3346eea41776c4b08a7e87318d88abe546095a20bc0b491bfffe85f3f24bfe7d46af54f2ee665d8858d6e050442314d4debd049c0aad3affced1c0292ee0bd015d69162c651a0411aa503fc5140b2daba2de3e6a18a7897a28d84b34498136392f6d486dbb95e9aac8ad98692642f4e7d42880a0458239a22
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber33000000cccbb813eb5d722d450000000000cc
    Version3
    Certificate 33000000244d59538809906ea7000100000024
    FieldValue
    ToBeSigned (TBS) MD516a85b0d3a49b45acb03c9165240f78a
    ToBeSigned (TBS) SHA1d21820acd2d9a023556d949773b2177b63552ea3
    ToBeSigned (TBS) SHA2560c0eaf6cf17b0b0a74d5a8f6286ec93e43001ee82f2481278e009c57366c63d5
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2016-10-12 20:32:53
    ValidTo2018-01-05 20:32:53
    Signature9fcff5d0683abc4c8daea4cc93841a3b037f2512114b780e6d1d0baf20ca63f15baf12e15392d0952d7ad3d6e270182085d8dd2a78af8a585f557506c975546138a087c58dcac5b9e5879a21dcaf4f026b9a97dc57c5b8a7e85f57861dedf618421b036a4b332cd12a4f6e2aba0aa1ff5249e9d93d7669d13eba761d5dddd495b86ac46eac38f724f525060c90079045e305a8ee0ccb626e4cd6722decd56f824d6e36eca2016fcbccf5479e9df7b3b123f6d1aa429d73808cf59f65b75e7f2da16f7d5c81b05430dc587c008f3fbf5afc42c99cf40b7f2ea7b27a314c22cb33eb2ebadfe904b7b6ea40f57eee80cc058229a617e31dead3909aad73885d21e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber33000000244d59538809906ea7000100000024
    Version3
    Certificate 33000000382e50e86a989d957f000000000038
    FieldValue
    ToBeSigned (TBS) MD5cfa5fa49250320f7a3473a82877fabf3
    ToBeSigned (TBS) SHA16b3242a9a639b0da4d5882c7eeb402be6615ad0c
    ToBeSigned (TBS) SHA2568e7c756d4597e8cca0f627d75647e2f9d5a693f1f263b193347066d214c1d4db
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility PCA
    ValidFrom2012-06-04 21:05:46
    ValidTo2020-06-04 21:15:46
    Signature0ddf98999318a11f177ab1350fbf36a767f19aae9d2b6878f00df46be551e1a2006c7df64f549376a929c92d15cb1e84bfdedb53638c99f519ebc1e0c1316929f808feeb4098a1742a085e1db5f064b29e45d51ec082db948d6627c5c13d8cec31a94e2682c2e3a11d1f795957b5959e2bf15735f165ee532336fd7250472f564b110c033165e9d151e84cbb18166c479bf193ccad7afb4e0a5a7df5554673eebd9cc7e95616c5bdc1f4323698f67e624e5de547179ee8a2ef1a036f6b536790d8b798deb565279a2ef7d60698683e5725829050744c79f570a60ad5a2a42dca8663b4aa403a43ce41ed76053d509dbefe0af8be00a703439e7e30f82c43d04cd5e4e5ccfea8bc7e0d827c931a327b5f60db68d61592a9644fb73be812ed2e8191add55e535695cdeb5791e290e1a2c8a926252280385d048812e033225d8490263e4fdc36ab70425923a78d6aa13ac6f71d126f1110faf5cf3c3f18802621c55edac43561d9002b0cb0287ee37f2ac7159f7f09fee67f8701ed0f39d50e1b9dfeaf16116af301d0c01bde1439992300df9e47077d6293691cbdc4aaa6fcbac071fea8b8f3aec9034128334ac15358409b8b8371503d9fba3f2c884fc648b05b3908ed710ae26c7509ef1253d60fc19641209f4f88d0695992bcf2555e799086f929121acd378057c6d3c68b9b2b63378701a9ccba6e50c0c80c77cd0a53799e
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber33000000382e50e86a989d957f000000000038
    Version3
    Certificate 6116683400000000001c
    FieldValue
    ToBeSigned (TBS) MD5335713f62536c68d0acc82df3dceb932
    ToBeSigned (TBS) SHA1023cf1c5e99dc2f24133dae6937145bb481306e6
    ToBeSigned (TBS) SHA25665d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time,Stamp PCA
    ValidFrom2007-04-03 12:53:09
    ValidTo2021-04-03 13:03:09
    Signature10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber6116683400000000001c
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strncpy
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • NtBuildNumber
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2014-07-08 00:28:27
    MD5bf74d0706f5ab9c34067192260f4efb0
    SHA16b090c558b877b6abb0d1051610cadbc6335ecbb
    SHA25689b9823ed974a5b71de8468324d45b7e9d6dc914f93615ba86c6209b25b3cbf7
    Authentihash MD5c292f0024a454f42fba117b3505b12e9
    Authentihash SHA1d9ebe7ff8318eeece457fc72bec2b582d3350b61
    Authentihash SHA256f0fb06748758082263e252050904f2fd8a29a77ae71dfdb390346bd2046ebfd4
    RichPEHeaderHash MD5aff0aa7b20b4b7a5a981901f3d77237c
    RichPEHeaderHash SHA1263eefe8940d88cce62ddce6fba55eacf2b36ab8
    RichPEHeaderHash SHA256205571b9130bfcc537bcf92e2898431e4afb0dfeabff2c2079146702745ea250
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 1efd983a49d3f152ac9cd2941b8a0edd
    FieldValue
    ToBeSigned (TBS) MD51b7ca026e68405de56477b5b7bb3a0a5
    ToBeSigned (TBS) SHA1b2a1bd13d8833154f02e51e25c9f023d54a27d21
    ToBeSigned (TBS) SHA2562018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
    SubjectC=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Sysinternals
    ValidFrom2013-04-06 00:00:00
    ValidTo2016-05-05 23:59:59
    Signaturedcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber1efd983a49d3f152ac9cd2941b8a0edd
    Version3
    Certificate 611993e400000000001c
    FieldValue
    ToBeSigned (TBS) MD578a717e082dcc1cda3458d917e677d14
    ToBeSigned (TBS) SHA14a872e0e51f9b304469cd1dedb496ee9b8b983a4
    ToBeSigned (TBS) SHA256317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2011-02-22 19:25:17
    ValidTo2021-02-22 19:35:17
    Signature812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611993e400000000001c
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strncpy
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • NtBuildNumber
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2021-06-01 08:24:37
    MD592927c47d6ff139c9b19674c9d0088f6
    SHA1a98734cd388f5b4b3caca5ce61cb03b05a8ad570
    SHA25698a123b314cba2de65f899cdbfa386532f178333389e0f0fbd544aff85be02eb
    Authentihash MD526f48296b5ef64120e55008690060a6e
    Authentihash SHA18d59ed924e8c76b0ab8b7ee653510f43062eaa3e
    Authentihash SHA256cd1beb64cd67169d57ca4dbc602a94f74891962221bb49c09abf3339ce35bc90
    RichPEHeaderHash MD5bc95ff65f30c5f18added29541a58004
    RichPEHeaderHash SHA139d8ca8b59d6aabc2fd11a6fc0d2559dde8e6812
    RichPEHeaderHash SHA256067c4b33292a48a07d12538a048b2c4e9919fff8dc21aad0acdb7ad87549082d
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 33000000b20f9ad86794f322f60000000000b2
    FieldValue
    ToBeSigned (TBS) MD5b9dc0ff1a60c3aba24a78d505955bf39
    ToBeSigned (TBS) SHA115a5da2c8aa2955af75615009d249071f91fd252
    ToBeSigned (TBS) SHA256ba7853f855ba7bc325287c11f5f7b20e013716affad372440feb2c3cf02f0bc5
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2020-12-15 22:15:30
    ValidTo2021-12-02 22:15:30
    Signature199acc6a8717c0db5b4b2312dccd8bb1e33ef492731fb8e1d60bd6f690de074b6d92293c8260012dcacc668a68f10e726a37d2ff7ee66b1eea424f56f104249bd6d7e7eba8c1745f4f1143bac7e648e48c1b2a1adf6954b5de1669df19c4be5633b791b7a3cba23641006fd58ac2d494a1d00dadbc3b3fe50a7ad0163cb386693824106b5dd9f9b8a579e45f5c5f8804832b8a773701e0ca31dee9a012fce5911492de93beea44a3822f7a83c448a484eeb937a4fa7f4067879b910e534c966d2650bd5c93f066656aa0f4c7c318161d4a8b367056df42af60a0aad0eb2de3bb47b96b948f2c849f330cfef599f1775bb6d41cf150decb40a83d5800727d977e
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber33000000b20f9ad86794f322f60000000000b2
    Version3
    Certificate 610baac1000000000009
    FieldValue
    ToBeSigned (TBS) MD5a569061297e8e824767dbc3184a69bea
    ToBeSigned (TBS) SHA1adbb26a587a8f44b4fccaecb306f980d1c55a150
    ToBeSigned (TBS) SHA256cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
    ValidFrom2012-04-18 23:48:38
    ValidTo2027-04-18 23:58:38
    Signature5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber610baac1000000000009
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strncpy
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • PsGetVersion
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • RtlFreeUnicodeString
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2015-12-05 14:43:50
    MD52e219df70fccb79351f0452cba86623e
    SHA12740cd167a9ccb81c8e8719ce0d2ae31babc631c
    SHA2569d5ebd0f4585ec20a5fe3c5276df13ece5a2645d3d6f70cedcda979bd1248fc2
    Authentihash MD50f461053add90ebe0bac9e8be9d9a8e5
    Authentihash SHA15b27248685b909d5ae4c8ec77e2d3dcb02d6cc4b
    Authentihash SHA256cddd341f267a6094f7bd7d1b56427ebc029ccb348e7f0714d9301c2c67fdd5df
    RichPEHeaderHash MD52730904f5b7710d90214612e812b40e7
    RichPEHeaderHash SHA1816b6dc12f26d2e229f388b1b6332983f6f84435
    RichPEHeaderHash SHA256a9105aa56ee389cdb89ef2b3cf9ddbf176c8d60493879497875b6db003a3ebbc
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 6a0b994fc0004aab11df8adce1e027aa
    FieldValue
    ToBeSigned (TBS) MD58ee8b5683b30c385e8f50ba39c817ecf
    ToBeSigned (TBS) SHA10bead658f967af350cfce561ac851470f0bea7a7
    ToBeSigned (TBS) SHA25609763f5805c8295309022c7ef0dab73421a992d49902824b93a2a39f639c1ae7
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Test PCA
    ValidFrom2010-05-10 07:00:00
    ValidTo2020-12-29 07:00:00
    Signaturea5e89be29a34018c5eb99e6500101e7bde49d04c42f76ece04cacdaaac0de80f586b1ba7bbc841d892fe7477ab3c28f2a507ca45c4e65cfe487d0add256644c366d8f417666a7f11e622a8c31b09663524d9da9f092f3576291e00a4186ae9c857d0af477baa74d02fa3bbbb1f13e37dcd2855295be421278d806e2d597c72ff42aab3fef101b0bfd34d94e14a54f1394a541d08ee74119115dc5079db43cd1cad7ca84c57f843f68ef6f75e1d917e0ddbb1b6724be9a53df535c8cb77f59eb4
    SignatureAlgorithmOID1.3.14.3.2.29
    IsCertificateAuthorityTrue
    SerialNumber6a0b994fc0004aab11df8adce1e027aa
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 3300000021dd626c1271c15d6f000100000021
    FieldValue
    ToBeSigned (TBS) MD5af75bafa171badc569c547f8cb748b04
    ToBeSigned (TBS) SHA1ca9e1727c61692a1894e9f78f646a34f1a4046c1
    ToBeSigned (TBS) SHA2566f3fc63b80ab900fb038ca2bff158a031615bf33c8e4a069e309e7985b30f9ca
    SubjectDC=com, DC=microsoft, DC=corp, DC=redmond, CN=MSIT Test CodeSign CA 2
    ValidFrom2014-01-03 23:17:17
    ValidTo2018-01-03 23:17:17
    Signature600ff8df535a796bbfced445b646d9269fe514eabe10b53277af5085fa3e5e54e21e649f474d88898b7a3dc3256b7397224f7055466bc237465c153b87ee9529e08a3f0d2076719b25f9b3bb421b3ba628448696e986ee3a204078c0c2652735080ef7577a6b3e47a09174e5e863929dac616d67a63f6741a99f7ad7647a3ce18fb9541cb3b79b96ac18e68af065442cad6915e597b2758f33957345c682658eefc1da2f56580b15630e4e0dbeeadbe57bffb975fdbedcde81ed18bc34562ab05d52f9005126dd43a5a5ea46b0a6ec62d3a040c0f804650cabb2f8fd55e7cb7108172f71fee99a648a869fb1d73e9fc2700a6efad07bad0aa21be22e8ea8914e
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber3300000021dd626c1271c15d6f000100000021
    Version3
    Certificate 77005ec5ff32646dcbf76aac900003005ec5ff
    FieldValue
    ToBeSigned (TBS) MD5d47b1f71468f38d938a59072612c5a81
    ToBeSigned (TBS) SHA1f029c7017324e858115d76088dd21ab0106145d2
    ToBeSigned (TBS) SHA256400790acf2a3847c7021865e7213b25eec9b9354cf5ec47ec1d3cadf2e8be539
    SubjectCN=Mark Russinovich
    ValidFrom2015-06-30 15:50:49
    ValidTo2016-06-29 15:50:49
    Signaturea5e48ed2bb14b9940826f88cb72b09bf1cd99dcf8f9816164bb14db8dc7805b2b1aa0e197e3dbc2ca73d591759a93077ea140b9d62d80e29b1d3bfdd9cbe8055064139c70256c5d4ca4f7a23671a00a94963ed2fccf1a618391343b96cabe8c075be2b6ffa0dc0f1ffc2d832185f3010fd555d1d8a7ec669dd872eb8856624f480a3ed5ad27ddcf485fe761ecea5f90754d956f07132ac9e68e78c84f875fe72790c6581a6e22d1d0ab22f637b87668d930f664299dbf1ca09d65647521fff791d3ca79fe2dc01c8d97d41a8332bc383eac81578243ebde8c9ff1f6a87bea0b1eeda190920d020e775b6216d04cb9dcbdcd299745e5fbcb91d919a7d41d61125
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber77005ec5ff32646dcbf76aac900003005ec5ff
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • ZwOpenProcess
    • RtlInitUnicodeString
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • memcpy
    • memset
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • NtBuildNumber
    • strncpy
    • KeStackAttachProcess
    • memmove
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • IoCreateDevice
    • RtlUnwind
    • RtlGetDaclSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • SeExports
    • IoIsWdmVersionAvailable
    • _wcsnicmp
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • wcschr
    • RtlAbsoluteToSelfRelativeSD
    • RtlSetDaclSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • KeTickCount
    • KeBugCheckEx
    • KfLowerIrql
    • KfRaiseIrql

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2006-01-06 15:04:34
    MD50ef05030abd55ba6b02faa2c0970f67f
    SHA1f6d826d73bf819dbc9a058f2b55c88d6d4b634e3
    SHA256bced04bdefad6a08c763265d6993f07aa2feb57d33ed057f162a947cf0e6668f
    Authentihash MD582ece436a712985b767d42a178872ab3
    Authentihash SHA1e7bedb9528d3da5e7e161a14db260140a02facca
    Authentihash SHA256d28acafeb6a85294d2672fa894a2934599713aa9ce1b21184dc1ec34131af7bb
    RichPEHeaderHash MD57ed4474ed84b1f8f736a1628b81bd13c
    RichPEHeaderHash SHA14456cd303246bff5ac1095977b7c56a1c4ba02fa
    RichPEHeaderHash SHA2561379bea6cc6236eca70f97ba7fc73338ade1f24a85c4bf1c08992e573a48fad2
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 4191a15a3978dfcf496566381d4c75c2
    FieldValue
    ToBeSigned (TBS) MD541011f8d0e7c7a6408334ca387914c61
    ToBeSigned (TBS) SHA1c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
    ToBeSigned (TBS) SHA25688dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
    ValidFrom2004-07-16 00:00:00
    ValidTo2014-07-15 23:59:59
    Signatureae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber4191a15a3978dfcf496566381d4c75c2
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3
    Certificate 75c1a798b875894335c78cddbf05cbff
    FieldValue
    ToBeSigned (TBS) MD5a41a1fbfc85b812b2a1570204015b8b4
    ToBeSigned (TBS) SHA1a7e0f6ba7402a18a3a4e861e57a3ffacb582e8c0
    ToBeSigned (TBS) SHA256c770e31a5ae65a0ae2b2b2c550ebaa2aa3594d872c08b31dde6d8105fc8b6687
    SubjectC=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
    ValidFrom2006-02-02 00:00:00
    ValidTo2007-04-04 23:59:59
    Signature5af17754974b15636dc46a7e5295ee11668ae831cec469f15925a66f796b3aa4f912b02278957d3faf1a4df6a88b6e4720c082286400fcf2ca9b56c64197ff5c13a01dd81af41255c57cd1acf1cd790b613446332e716235469f0b2fd62d02d3ebea5965dcb2c6bc7e389e09308a895ef339ff981c4f3c8f5c8d907df45d44eb385e787cfded041491e9d72532a9ef8c8ee1d3931583c078656d1ce3d0316d8806faa8921b4837f0b5f0af1a50b2a798904ebde9bb438b06e2558c97a56145614d7e32193dcc85482bbaf4cc632094946b45ff6c1fde47cc0808344ec175d3555b66ebedd451d88e6bbf3463faf9bf65a0595d37d9e2033ae65ab7e08e081078
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber75c1a798b875894335c78cddbf05cbff
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • ObQueryNameString
    • ZwClose
    • ZwDuplicateObject
    • ZwOpenProcess
    • KeDetachProcess
    • ObfDereferenceObject
    • ObReferenceObjectByHandle
    • KeAttachProcess
    • PsLookupProcessByProcessId
    • MmIsAddressValid
    • ObOpenObjectByPointer
    • ZwQueryInformationProcess
    • NtBuildNumber
    • RtlUnicodeStringToAnsiString
    • IofCompleteRequest
    • SeReleaseSubjectContext
    • SePrivilegeCheck
    • ExGetPreviousMode
    • SeCaptureSubjectContext
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • RtlInitUnicodeString
    • IoCreateSymbolicLink
    • IoCreateDevice
    • ExAllocatePoolWithTag
    • RtlUnwind
    • strncpy
    • ZwOpenProcessToken
    • RtlFreeAnsiString
    • KfLowerIrql
    • KfRaiseIrql

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2008-07-21 14:42:49
    MD5b7ca4c32c844df9b61634052ae276387
    SHA16df6d5b30d04b9adb9d2c99de18ed108b011d52b
    SHA256bdbceca41e576841cad2f2b38ee6dbf92fd77fbbfdfe6ecf99f0623d44ef182c
    Authentihash MD51694c87131cee15e63d71936859506b8
    Authentihash SHA15eb106f413ad1d8de4c04661a1c5162410164d50
    Authentihash SHA256120f7983011211e6740d7a3a4cd2354507866ef7d36a48e2e3a9bd5b52c21c8a
    RichPEHeaderHash MD53ea5cd355cba9d9928873cdba35d4bcc
    RichPEHeaderHash SHA1b7e9df380d50227614a9745068a6b50c798b66f9
    RichPEHeaderHash SHA256b3da31bed27ae39b6fd4b9152315a2a81e444cdb54edb34eb6a583538717a4a1
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 4191a15a3978dfcf496566381d4c75c2
    FieldValue
    ToBeSigned (TBS) MD541011f8d0e7c7a6408334ca387914c61
    ToBeSigned (TBS) SHA1c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
    ToBeSigned (TBS) SHA25688dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
    ValidFrom2004-07-16 00:00:00
    ValidTo2014-07-15 23:59:59
    Signatureae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber4191a15a3978dfcf496566381d4c75c2
    Version3
    Certificate 7d2c89d309e57beef2d791bb8ed6a26f
    FieldValue
    ToBeSigned (TBS) MD5ae18dfd140f9414eadf1f611ec1b84b7
    ToBeSigned (TBS) SHA19aecb2568e995d5965e49acf3ff247bc3d1ab99c
    ToBeSigned (TBS) SHA256f14ce5fe5f508ced18d652e8211edb00c1c773899d03d18dec932df9c54f0a86
    SubjectC=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
    ValidFrom2007-03-05 00:00:00
    ValidTo2010-04-19 23:59:59
    Signaturea1ce9df2911dc8d72282d3c41cc94a5ec63e00dbdf60015908bc703678b1a68e25d1ec5780e425ffb68e3e1bb0ea62cc9ba43c0e262cfa5f6c552458696acb67422328df20215aa22e5e8d4417d8688fcb06c1de0fe431e6811596fb0dcbe8678fe69098653687b041ab4eefd3181964c0a5225fe0a1606ff4c12c3f57d7e620860dcd66a8b856438dfb87d10e50beea9e838964d2584811fa83287ef363e88e4fc5b8d09f2fb4feeb7fd7f2a77661cb75ed56a0d3b60fdeed43674757704753721df8c8801ee85e4818fafb012399b1d36a8e17b8e40cbaa0fd891b6d2e0515dbd4d743e42eea35a9b191bf26a850eff41a5aa6d95790329c8a21a88c11faba
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber7d2c89d309e57beef2d791bb8ed6a26f
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • NtBuildNumber
    • ZwOpenProcess
    • PsLookupProcessByProcessId
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • RtlInitUnicodeString
    • MmIsAddressValid
    • IoDeleteDevice
    • ObfDereferenceObject
    • ExGetPreviousMode
    • IoCreateDevice
    • MmGetSystemRoutineAddress
    • ObOpenObjectByPointer
    • ZwQueryObject
    • RtlUnicodeStringToAnsiString
    • SePrivilegeCheck
    • ZwQuerySystemInformation
    • ZwOpenProcessToken
    • SeReleaseSubjectContext
    • KeDetachProcess
    • ObQueryNameString
    • strncpy
    • ExAllocatePool
    • SeCaptureSubjectContext
    • NtClose
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • IoDeleteSymbolicLink
    • ZwDuplicateObject
    • ExFreePoolWithTag
    • RtlFreeAnsiString
    • KeAttachProcess
    • KeBugCheckEx
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2014-07-08 00:28:27
    MD59beecfb3146f19400880da61476ef940
    SHA1d5beca70469e0dcb099ba35979155e7c91876fd2
    SHA256c089a31ac95d41ed02d1e4574962f53376b36a9e60ff87769d221dc7d1a3ecfa
    Authentihash MD5c292f0024a454f42fba117b3505b12e9
    Authentihash SHA1d9ebe7ff8318eeece457fc72bec2b582d3350b61
    Authentihash SHA256f0fb06748758082263e252050904f2fd8a29a77ae71dfdb390346bd2046ebfd4
    RichPEHeaderHash MD5aff0aa7b20b4b7a5a981901f3d77237c
    RichPEHeaderHash SHA1263eefe8940d88cce62ddce6fba55eacf2b36ab8
    RichPEHeaderHash SHA256205571b9130bfcc537bcf92e2898431e4afb0dfeabff2c2079146702745ea250
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 1efd983a49d3f152ac9cd2941b8a0edd
    FieldValue
    ToBeSigned (TBS) MD51b7ca026e68405de56477b5b7bb3a0a5
    ToBeSigned (TBS) SHA1b2a1bd13d8833154f02e51e25c9f023d54a27d21
    ToBeSigned (TBS) SHA2562018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
    SubjectC=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Sysinternals
    ValidFrom2013-04-06 00:00:00
    ValidTo2016-05-05 23:59:59
    Signaturedcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber1efd983a49d3f152ac9cd2941b8a0edd
    Version3
    Certificate 611993e400000000001c
    FieldValue
    ToBeSigned (TBS) MD578a717e082dcc1cda3458d917e677d14
    ToBeSigned (TBS) SHA14a872e0e51f9b304469cd1dedb496ee9b8b983a4
    ToBeSigned (TBS) SHA256317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2011-02-22 19:25:17
    ValidTo2021-02-22 19:35:17
    Signature812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611993e400000000001c
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strncpy
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • NtBuildNumber
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2020-09-11 15:57:25
    MD5b79475c4783efdd8122694c6b5669a79
    SHA1d612165251d5f1dcfb1f1a762c88d956f49ce344
    SHA256cdfbe62ef515546f1728189260d0bdf77167063b6dbb77f1db6ed8b61145a2bc
    Authentihash MD5bee5a87f72b42f3bb5958ba541f4caff
    Authentihash SHA19e0516a6ce73163e2ff5bf0740b57da46846228b
    Authentihash SHA25674716032cc2f63c67b9df0882c6794b4bf66147d943329db5f233a04c2fd9b12
    RichPEHeaderHash MD543d9cd97a9af9d2018a2e3b912ceee7b
    RichPEHeaderHash SHA18376f05ff6ebd3001f063c022d6878ae5f3b0adc
    RichPEHeaderHash SHA2568affa451179e3e28a8f4f5e5ce035ec16f661d943ec0acc9ac6e987e7640dfc9
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 330000009484c47568579aafe9000000000094
    FieldValue
    ToBeSigned (TBS) MD5b46a69db7e461e55282dc24dc594e5d6
    ToBeSigned (TBS) SHA13b19241d555a74781e2b63a7c14ad12b1ec68205
    ToBeSigned (TBS) SHA2562a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2020-03-04 19:12:18
    ValidTo2021-03-03 19:12:18
    Signature36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber330000009484c47568579aafe9000000000094
    Version3
    Certificate 610baac1000000000009
    FieldValue
    ToBeSigned (TBS) MD5a569061297e8e824767dbc3184a69bea
    ToBeSigned (TBS) SHA1adbb26a587a8f44b4fccaecb306f980d1c55a150
    ToBeSigned (TBS) SHA256cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
    ValidFrom2012-04-18 23:48:38
    ValidTo2027-04-18 23:58:38
    Signature5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber610baac1000000000009
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strncpy
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • PsGetVersion
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • RtlFreeUnicodeString
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2018-11-16 16:15:17
    MD5318e309e11199ec69d8928c46a4d901b
    SHA163bb17160115f16b3fca1f028b13033af4e468c6
    SHA256d6827cd3a8f273a66ecc33bb915df6c7dea5cc1b8134b0c348303ef50db33476
    Authentihash MD5decbda17e27f012c72e5ff39c8c19089
    Authentihash SHA1ecdaa78f29e1f1a27d28b45a9de5f93af9f18f15
    Authentihash SHA256ee24071d9a0ef38dc98929cfb4d316f9fb010de107c110fad2403022cf1eebfc
    RichPEHeaderHash MD5b304340f5a584624dcd7df388088259e
    RichPEHeaderHash SHA160b9485e04a7fd71335816953eeb57cabab0866d
    RichPEHeaderHash SHA2567d5b2828aba79fcf1d98ba371f54c4ecb1fe7f56fdfad814e98a1074f3ec01bf
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 33000000f6380d9a86d05ca43b0000000000f6
    FieldValue
    ToBeSigned (TBS) MD53094214121c022fb9a5e410920d5eb96
    ToBeSigned (TBS) SHA1388c68e81cfc19e838d5070ac4e6793b32bfd293
    ToBeSigned (TBS) SHA2560fe53b3d3a84a2b9768554a34a64622ed13cd1b915bdacdc4955e12cc24b4da9
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Operations Puerto Rico, OU=Thales TSS ESN:BBEC,30CA,2DBE, CN=Microsoft Time,Stamp Service
    ValidFrom2018-08-23 20:20:02
    ValidTo2019-11-23 20:20:02
    Signature18296d831c69501fcc0fba56af62fea612d3e1df8e88026af0152c003451479cc1ed1574a00da10660272dc5dd446a18c647b100a47b4c65d0ab4004131aebb3c988b6937214ee9dc7c2e381988b8fe0582c47fa97c21c9b0f11e198b8449015b171f00cb487241b0e339902adfd55f0adbc38b374e77f6daa6e5868b6197ba2122f927de072de2aa467f3175f948d3c29dacac8c697f26e08d840876c6c919bc522b59cf1fb5ee1b23bd9047b02b3a9edd5b1ad4b3be3bf7dec5a093e5732f75c5389eb28c6f95f1bd1c81381e96725eaf4df641c32aed1e77a8fdcdaa360c4b39c6257c5c14c57dc1a380e165cc2f3bfffc9c9ce9d36907e2c74cafdd5f722
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber33000000f6380d9a86d05ca43b0000000000f6
    Version3
    Certificate 33000000317c61d46115ceba6a000100000031
    FieldValue
    ToBeSigned (TBS) MD59a2de17c0445f3e68c9315347b5805f8
    ToBeSigned (TBS) SHA1df228171e01e890d9b69a749887197af4a3f7602
    ToBeSigned (TBS) SHA2564a7311ef8dd289fa50df104e89c167449e87034901503c7e9423ee9e90d5c528
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2018-06-08 17:24:26
    ValidTo2019-05-29 17:24:26
    Signature507e1dabe5c8a200d7b848d718478b9b2278f88da52f23c4c297c0694d76611430bff53bbe64c2bf85fa5ed551cef1d014dcf7f38109ebb5d8474c628715d4c10dd49f303cbe25aaca38d589b581c1e9786abfb23e79aa332cca8ddeeae9958623887375b40836c23f972646b8b8eac96f0b3dcbc88d56062c54a14d1e7f52ed4eb9d6e0e876fab6029355c1c7f791c63ce9ecfe5d78ffb5ba3ffb21fa78edca381c8717d1c23d01c3f0aa36cb01434f68c981c5924f04089d731c26846e466255679fab67bdfc16ab0debbc2d17f9458dcf4176ac6d63e1bb673a2d7daec55618183ae25d420dc2f7874c295fd7a4afef5cf609247c7c50f75aba8f0195fe03
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber33000000317c61d46115ceba6a000100000031
    Version3
    Certificate 33000000382e50e86a989d957f000000000038
    FieldValue
    ToBeSigned (TBS) MD5cfa5fa49250320f7a3473a82877fabf3
    ToBeSigned (TBS) SHA16b3242a9a639b0da4d5882c7eeb402be6615ad0c
    ToBeSigned (TBS) SHA2568e7c756d4597e8cca0f627d75647e2f9d5a693f1f263b193347066d214c1d4db
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility PCA
    ValidFrom2012-06-04 21:05:46
    ValidTo2020-06-04 21:15:46
    Signature0ddf98999318a11f177ab1350fbf36a767f19aae9d2b6878f00df46be551e1a2006c7df64f549376a929c92d15cb1e84bfdedb53638c99f519ebc1e0c1316929f808feeb4098a1742a085e1db5f064b29e45d51ec082db948d6627c5c13d8cec31a94e2682c2e3a11d1f795957b5959e2bf15735f165ee532336fd7250472f564b110c033165e9d151e84cbb18166c479bf193ccad7afb4e0a5a7df5554673eebd9cc7e95616c5bdc1f4323698f67e624e5de547179ee8a2ef1a036f6b536790d8b798deb565279a2ef7d60698683e5725829050744c79f570a60ad5a2a42dca8663b4aa403a43ce41ed76053d509dbefe0af8be00a703439e7e30f82c43d04cd5e4e5ccfea8bc7e0d827c931a327b5f60db68d61592a9644fb73be812ed2e8191add55e535695cdeb5791e290e1a2c8a926252280385d048812e033225d8490263e4fdc36ab70425923a78d6aa13ac6f71d126f1110faf5cf3c3f18802621c55edac43561d9002b0cb0287ee37f2ac7159f7f09fee67f8701ed0f39d50e1b9dfeaf16116af301d0c01bde1439992300df9e47077d6293691cbdc4aaa6fcbac071fea8b8f3aec9034128334ac15358409b8b8371503d9fba3f2c884fc648b05b3908ed710ae26c7509ef1253d60fc19641209f4f88d0695992bcf2555e799086f929121acd378057c6d3c68b9b2b63378701a9ccba6e50c0c80c77cd0a53799e
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber33000000382e50e86a989d957f000000000038
    Version3
    Certificate 6116683400000000001c
    FieldValue
    ToBeSigned (TBS) MD5335713f62536c68d0acc82df3dceb932
    ToBeSigned (TBS) SHA1023cf1c5e99dc2f24133dae6937145bb481306e6
    ToBeSigned (TBS) SHA25665d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time,Stamp PCA
    ValidFrom2007-04-03 12:53:09
    ValidTo2021-04-03 13:03:09
    Signature10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber6116683400000000001c
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strncpy
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • PsGetVersion
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2016-02-04 15:04:43
    MD5c69c292e0b76b25a5fa0e16136770e11
    SHA105eff2001f595f9e2894c6b5eee756ae72379a6d
    SHA256e07211224b02aaf68a5e4b73fc1049376623793509d9581cdaee9e601020af06
    Authentihash MD592c56a03fbcd375d9569e1cf60bf78cd
    Authentihash SHA1be428ed7b322ad13b2207294b934b0a67aa8345d
    Authentihash SHA256fa959c48c055ec149d434a5adeb9f9938d1c260a65ee8a4ea1d67bfbdceab83f
    RichPEHeaderHash MD5a052ed4e5d10c66e3e667a42fcdcc54a
    RichPEHeaderHash SHA104b9d41ef58b5aaaca72f0ce222a8adfbe8ad251
    RichPEHeaderHash SHA256c254feaf8c3e788a6ec9d41de0d7bad054f4347a8347d6806840cd1d9030ed4a
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 330000008a57ea89a349eb8be800000000008a
    FieldValue
    ToBeSigned (TBS) MD5fc736157189c18985ff54e87edc06166
    ToBeSigned (TBS) SHA19c4ab0e49bf223f88f1a9cd4be69e53db6f59ef2
    ToBeSigned (TBS) SHA2568daf9edee56dd74ee0c24f9f618f2fac6eb78e8cd688c733bc8ba9c3a9d6303e
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, OU=nCipher DSE ESN:B1B7,F67F,FEC2, CN=Microsoft Time,Stamp Service
    ValidFrom2015-10-07 18:14:02
    ValidTo2017-01-07 18:14:02
    Signature01d47ac81233981cb030b0fbeeabdd39641bb136ee8863bea04f5ea087ad995f71743f3525cc1e89f20ba37b31e60e2b8e6838f8820ed9ba2201fef412b9831a62d323f9e0a752bc92dd2da8a110e7eb47ce16bd0b933a624a7554d44eaf30e718572ab6968e3234701ded6156b8ecdd53c36cac5ca802437198616ce6b84e707c80548ca7e638ea7acdc0ef56430f030e89c83a701d9ac7541d637b31f2e616a122db3a08ab044a93cc61e2fc4a31a61df406ad6f634bc04d9c1244e0a986c60bebf7f82b44cb769bc5f016f01cf32877adc0cd23e78494c23597207de815f1abe1217416477b62b0dacb176b10a8a9e0663e1f5ad41fec1fb51d2ddc6c8491
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber330000008a57ea89a349eb8be800000000008a
    Version3
    Certificate 330000010a2c79aed7797ba6ac00010000010a
    FieldValue
    ToBeSigned (TBS) MD514e79171202b9f17d8770ee3e9e1a04c
    ToBeSigned (TBS) SHA1ce13da3e20f06d1c9ebef5646f4b763f423fbffa
    ToBeSigned (TBS) SHA25637823fe17d235fa83b5231f159e969bcf0d0c6c134d4a89a5f91a92143c7472f
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Corporation
    ValidFrom2015-06-04 17:42:45
    ValidTo2016-09-04 17:42:45
    Signaturea6a85391df3b01fe615d065aeb66f00cd8f7d984d300510e10d1a4d11728e78c33382bd843c6038b75eb3392f4a9e267fd02dba51d4e43455d1b49e3e04f16f07e8ff08811ca82ada4fba6a95ff59760c87bc4bf7c9b69ed1f82c1f1cd8e784b62f5d70d1cd75312d69652ef35bd198ea04093a10aa52d169cc2467408ebdbf4d8a549365412115503b37b16fb47fefb68fcc0455ce23f127933a2ef82c5de401907ee15c50a9b590541a9d0979e819e035bfc4ae31a2e05ac50472f8cfa79d81e20f805fb296b1814fa7204b70ba79a64ec115d4f45498d291a2dfbd0b609535f3494e016c4b9ea7335e857efe1eb16c318c706b33bcf6184e2b6448994a386
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber330000010a2c79aed7797ba6ac00010000010a
    Version3
    Certificate 6133261a000000000031
    FieldValue
    ToBeSigned (TBS) MD5482f91c72e48878971dcf15579a96bd8
    ToBeSigned (TBS) SHA127543a3f7612de2261c7228321722402f63a07de
    ToBeSigned (TBS) SHA256d372e474aa3b4ca8c060f6adbab1dd488b720b0314aeaf05d49448180ff8afc6
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA
    ValidFrom2010-08-31 22:19:32
    ValidTo2020-08-31 22:29:32
    Signature59393e7f2646afeb6f40b132b56aeb0e2f6ea849f7eb5f75ed4c3b2dd743ad0bfecbe92d31a323cc7c509880215dac3d2f4cbaa2a8569ce370bbb8b4f879b54972f73eea417fcae10c1769cba59c202dfa0b50c456cd2de34ad2bc70e7a80da203a556e0b88a4b57f295429cf1f3efeee3861f343cb8569af05323852aa4821c93e294071df2e24ef88ca1cae813a5914ec81bd28f72952a716d9b1af81cf053d667cc22ff5c1dcda28cbd27b279635644a251cdf9e9a35856dd9b0245442f5ff4daaed482326efca49513e4eb69e7a9a22cbec82b100e658e99dbf5a2fa122609653894f17a1f4abbd1e156e8d07896185cc935165fdd931d498e2dbead34441cee10151a005ddd355b21ce98c709ee850e8c4f6d0e134e3d7c29489c72d1f36ccac1ec70a35792577d948da01b48035af7cfa3670a74a536ed2d2f17c8e6723712f46fb13c6782f952b28d3316651e0e8add10de64f46fce46d4d317e979c404b4d3fb2cdf1f8a9eac0afb132740ade4f9e1a97f46bb0760476560404eb042ec4eedb37679d80a34096d1c80311fe20e54dde5a1fbe54710ad6498ff50162e7cbf05217ae295412769c3938f95c98dd89b21ae0d5c9cf0a2ae8668830c6a2dbb766b001d96adf2167bf6168324b988cf6aa847312f9adce3713dd7007e6247d1ce88c9b818fa0e728dc1a33daf02406aff699b96e210a810b4375008d6c33d
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber6133261a000000000031
    Version3
    Certificate 6116683400000000001c
    FieldValue
    ToBeSigned (TBS) MD5335713f62536c68d0acc82df3dceb932
    ToBeSigned (TBS) SHA1023cf1c5e99dc2f24133dae6937145bb481306e6
    ToBeSigned (TBS) SHA25665d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time,Stamp PCA
    ValidFrom2007-04-03 12:53:09
    ValidTo2021-04-03 13:03:09
    Signature10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber6116683400000000001c
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strncpy
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • NtBuildNumber
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2019-06-28 15:02:57
    MD59982da703f13140997e137b1e745a2e3
    SHA1511b06898770337609ee065547dbf14ce3de5a95
    SHA256e3f2ee22dec15061919583e4beb8abb3b29b283e2bcb46badf2bfde65f5ea8dd
    Authentihash MD5db32843b80c6e8c9173847c3faab2200
    Authentihash SHA1fffeec16afdeedd2bee22860f0942c846ba9ee1a
    Authentihash SHA256cee01c69cb0c06dd0d98ff05aeb2b0a34a4aa1a71d35a3033bf9c1a35b637c55
    RichPEHeaderHash MD5dd10afd0600f2236361f48592587474c
    RichPEHeaderHash SHA10dbcc0d10e288b15aa0eda2aaffcd2a0edb7850b
    RichPEHeaderHash SHA256c834c4c8ac0c6f8457c4b833e5771b4f273ed815ab2d189a65c4afa9ca9e3975
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 3300000109e219d6f9b8a4bebf000000000109
    FieldValue
    ToBeSigned (TBS) MD510a173441d459944d30bbcfc69f7521b
    ToBeSigned (TBS) SHA1500cf2d67d9e3b7c31b2a65d4f121f7201cade0e
    ToBeSigned (TBS) SHA2561994223eadaccd1eaf27c1a3e90dd6142a4ceb8f8fafe5109e2accbccc60e4ed
    SubjectC=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Ireland Operations Limited, OU=Thales TSS ESN:86DF,4BBC,9335, CN=Microsoft Time,Stamp service
    ValidFrom2018-08-23 20:20:28
    ValidTo2019-11-23 20:20:28
    Signature9d7642feb515917887e958cc8890ccc717f8b1b164f2248f2657c2dd3bc82767e8a80b860b39f6469c373f7db0e6bf50975f396197e28b8b47b1c36014316a5fecd78d4528fe00e0c5a92321319a4be66b2359c99f01a27514f95879324fc6c121d6958cade3c4e366f75ebd979c4ee701a63655ae846982f63439c44099f0a18de3b3d9ae023e8c5c49406c94c556a7dee459a92b543f395dde5cfe106e0540f7710430d130862c6693445d18efaac409f2cd7d319e21a12c5184e767993562b324ff9db371cce7a932d3be5ee3396cf1864a609bbe6ebcf8834cbb11c44729119a6a5abc5e3ef8947dcb0bc6b554217a3e39a079e4bd733dc46b77b8f39a3c
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber3300000109e219d6f9b8a4bebf000000000109
    Version3
    Certificate 33000000387a14cce6619d8c51000200000038
    FieldValue
    ToBeSigned (TBS) MD5f9a6526d8f83e3d33d925ae95b752dca
    ToBeSigned (TBS) SHA1ad9f086d0642e3b5de60584c44123cf4603c4525
    ToBeSigned (TBS) SHA2567bdb7967d328a3a1cb2d2c4c7399633203668f9a86a271b277a218b639ad12ee
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2019-04-18 18:42:23
    ValidTo2020-03-27 18:42:23
    Signature5844e21f86b9788f56cd1d77f3f69287bb20fca894e9fedbba22b6bc952403a6b4c2cd38d003bfdd0ceb0ddcc583331efcad8b4be9516204983e26aaa15594ebc7b5784a3999aa9096a0d877371281c61840e4e57a2f4e33bcb554e3b1c25bcc71215544be72d254435aa7f462028722def36cb7819d9d746296b42f1e2dc0c6176f722fdc51d3913e1afdd3052cc50e1dc3f8dac1aaec4fc9b739973db14c1f1f68b5516a406994297ba034347c781323447d7e6c87dd73db025cea27bba00321aa12287daee740fd07040f293ead6d5f61bc0304daeebc847d5f4da6e712d2868d64a710212080c97dd804c265b6a60b368cceab6e1a4c81ba8361233a0ab2
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber33000000387a14cce6619d8c51000200000038
    Version3
    Certificate 610435f1000000000041
    FieldValue
    ToBeSigned (TBS) MD577dab20d8e23cd8e18633adca506cf6e
    ToBeSigned (TBS) SHA1c5506bee3c29254dc5b5a0e6e7a14046522708ef
    ToBeSigned (TBS) SHA256611f1d188d7c39a400a01ee32e2c257be5082445ace6f59acd103a250cc2ec0f
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility PCA
    ValidFrom2018-09-20 17:42:01
    ValidTo2021-05-09 23:28:13
    Signaturedb595516f66f18e1341f22519cd75bdebec9fe22cf0da8b0b3d16c1da9a402d786bc566b40ee0bbcf93519de693d54a7d10a23c02dbc67986c390faf808cbc4adb87290c6336e5faf85d8f8c233ef9922fb1843a48a325954aeac902617af61fee0538540f210e1e96e2d2fbd710c3d9dcdee31f05054f429bacbd15eea95a19817a77c5be146a41a7307858ced3207157603c07b83c83ca0f35f77a632f148aa6dc8e0f947a8aaf6ad8c8d7c4490526c7f4f6ad021edb776725fe7dfb894a56d92fd032d2197c0e4edb995316a84d28109a61707230317c47c98b01093a263ebe5bcc278ffd669fd49fe1f51ac913b6c3cf714b5fc34381ee4996d59981421916414f0a902e76bd3b0399e4851a6084716df77ce405fe55a53be6f3c95f067a3f46ef77f7ad48d211cac1b08ab7964cfa9e8fdd336d2a84750021c76bffdc3de28b8d81b65134c9bdf6379fedf06b028f3ec0b6f5a6bb72c6745953ef43d67808d0bf11b7fa1d0a74b18f5e3b21f2e940ade8d052a9e19e9eb3bffbe9f5e8439a09ee26abf6d3e9528a1ef984617b5c33cf0d8d6e9daac74135d14fc21e82668e5b9075d3235eb988eec5fcac9753af2e343e2a1c88a19dc94ec1f11ae245eef3a76beccb5bb13fa9f39d9b04ffd6342cbc040e29a161d212d5b6a50c10be6f6b9e681d4747ac7bd030d75c18d61ec0ad03e3cecfc668c49424c26fd4de1072
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610435f1000000000041
    Version3
    Certificate 6116683400000000001c
    FieldValue
    ToBeSigned (TBS) MD5335713f62536c68d0acc82df3dceb932
    ToBeSigned (TBS) SHA1023cf1c5e99dc2f24133dae6937145bb481306e6
    ToBeSigned (TBS) SHA25665d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time,Stamp PCA
    ValidFrom2007-04-03 12:53:09
    ValidTo2021-04-03 13:03:09
    Signature10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber6116683400000000001c
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strncpy
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • PsGetVersion
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • RtlFreeUnicodeString
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2019-06-13 08:03:46
    MD59b9d367cb53df0a2e0850760c840d016
    SHA1631fdd1ef2d6f2d98e36f8fc7adbf90fbfb0a1e8
    SHA256f29073dc99cb52fa890aae80037b48a172138f112474a1aecddae21179c93478
    Authentihash MD5dafa4bdbdbbd96532d03022cd6900fed
    Authentihash SHA1f2ff9b749f7c5f21043b42d97b8a386c702d4435
    Authentihash SHA256ab5324c992c7547020f85de3456516e0dba2c3c5aab10371723a96188354abaf
    RichPEHeaderHash MD5dd10afd0600f2236361f48592587474c
    RichPEHeaderHash SHA10dbcc0d10e288b15aa0eda2aaffcd2a0edb7850b
    RichPEHeaderHash SHA256c834c4c8ac0c6f8457c4b833e5771b4f273ed815ab2d189a65c4afa9ca9e3975
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 33000000eb69aacc3e299f2d390000000000eb
    FieldValue
    ToBeSigned (TBS) MD5474aa22f78903fa7bca0bf6ff4dabe03
    ToBeSigned (TBS) SHA11745a1caaa7a8dd0da3ae4b2c3037b327e66ca86
    ToBeSigned (TBS) SHA256a8662656da96725e4dedea5cd1234e9d64281228f08f87462cdcf378d7ff4a03
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Operations Puerto Rico, OU=Thales TSS ESN:B8EC,30A4,7144, CN=Microsoft Time,Stamp Service
    ValidFrom2018-08-23 20:19:30
    ValidTo2019-11-23 20:19:30
    Signature7be0d660424af8eac275a9459174b3ce3f76e30006b180babd8949b702315798d46cfdc5fb6e6f0b489316944aab7252418e255760c2550c6404f8feea766d14fcf7ab9529c10737079214ba8fc5f789160b14cd0fb3f5fb47e12f7e217f95ee8d0707856807dd90f5075de7a1ea44915a2f36eca695c9a525db6ddb6b0638dfa21612ae4ce571e75643ab00363b309586d9e1c5b1183101dda77c613ccb9cf66d7306384789f8f543a751abc6fcd074b494546cc38ee1fc9400c06be11db4b58b9d82fa1744af0155511f60fea641ad501ba321de896e25bde327ba58a437cc3115e1dd2f58ea9a1fbbaeeda1dc5b2fb69f9f5562d7577afdb8cde903074a76
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber33000000eb69aacc3e299f2d390000000000eb
    Version3
    Certificate 33000000387a14cce6619d8c51000200000038
    FieldValue
    ToBeSigned (TBS) MD5f9a6526d8f83e3d33d925ae95b752dca
    ToBeSigned (TBS) SHA1ad9f086d0642e3b5de60584c44123cf4603c4525
    ToBeSigned (TBS) SHA2567bdb7967d328a3a1cb2d2c4c7399633203668f9a86a271b277a218b639ad12ee
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2019-04-18 18:42:23
    ValidTo2020-03-27 18:42:23
    Signature5844e21f86b9788f56cd1d77f3f69287bb20fca894e9fedbba22b6bc952403a6b4c2cd38d003bfdd0ceb0ddcc583331efcad8b4be9516204983e26aaa15594ebc7b5784a3999aa9096a0d877371281c61840e4e57a2f4e33bcb554e3b1c25bcc71215544be72d254435aa7f462028722def36cb7819d9d746296b42f1e2dc0c6176f722fdc51d3913e1afdd3052cc50e1dc3f8dac1aaec4fc9b739973db14c1f1f68b5516a406994297ba034347c781323447d7e6c87dd73db025cea27bba00321aa12287daee740fd07040f293ead6d5f61bc0304daeebc847d5f4da6e712d2868d64a710212080c97dd804c265b6a60b368cceab6e1a4c81ba8361233a0ab2
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber33000000387a14cce6619d8c51000200000038
    Version3
    Certificate 610435f1000000000041
    FieldValue
    ToBeSigned (TBS) MD577dab20d8e23cd8e18633adca506cf6e
    ToBeSigned (TBS) SHA1c5506bee3c29254dc5b5a0e6e7a14046522708ef
    ToBeSigned (TBS) SHA256611f1d188d7c39a400a01ee32e2c257be5082445ace6f59acd103a250cc2ec0f
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility PCA
    ValidFrom2018-09-20 17:42:01
    ValidTo2021-05-09 23:28:13
    Signaturedb595516f66f18e1341f22519cd75bdebec9fe22cf0da8b0b3d16c1da9a402d786bc566b40ee0bbcf93519de693d54a7d10a23c02dbc67986c390faf808cbc4adb87290c6336e5faf85d8f8c233ef9922fb1843a48a325954aeac902617af61fee0538540f210e1e96e2d2fbd710c3d9dcdee31f05054f429bacbd15eea95a19817a77c5be146a41a7307858ced3207157603c07b83c83ca0f35f77a632f148aa6dc8e0f947a8aaf6ad8c8d7c4490526c7f4f6ad021edb776725fe7dfb894a56d92fd032d2197c0e4edb995316a84d28109a61707230317c47c98b01093a263ebe5bcc278ffd669fd49fe1f51ac913b6c3cf714b5fc34381ee4996d59981421916414f0a902e76bd3b0399e4851a6084716df77ce405fe55a53be6f3c95f067a3f46ef77f7ad48d211cac1b08ab7964cfa9e8fdd336d2a84750021c76bffdc3de28b8d81b65134c9bdf6379fedf06b028f3ec0b6f5a6bb72c6745953ef43d67808d0bf11b7fa1d0a74b18f5e3b21f2e940ade8d052a9e19e9eb3bffbe9f5e8439a09ee26abf6d3e9528a1ef984617b5c33cf0d8d6e9daac74135d14fc21e82668e5b9075d3235eb988eec5fcac9753af2e343e2a1c88a19dc94ec1f11ae245eef3a76beccb5bb13fa9f39d9b04ffd6342cbc040e29a161d212d5b6a50c10be6f6b9e681d4747ac7bd030d75c18d61ec0ad03e3cecfc668c49424c26fd4de1072
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610435f1000000000041
    Version3
    Certificate 6116683400000000001c
    FieldValue
    ToBeSigned (TBS) MD5335713f62536c68d0acc82df3dceb932
    ToBeSigned (TBS) SHA1023cf1c5e99dc2f24133dae6937145bb481306e6
    ToBeSigned (TBS) SHA25665d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time,Stamp PCA
    ValidFrom2007-04-03 12:53:09
    ValidTo2021-04-03 13:03:09
    Signature10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber6116683400000000001c
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strncpy
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • PsGetVersion
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • RtlFreeUnicodeString
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp152.sys
    Creation Timestamp2015-05-10 22:52:10
    MD5ad03f225247b58a57584b40a4d1746d3
    SHA1e525f54b762c10703c975132e8fc21b6cd88d39b
    SHA25659b09bd69923c0b3de3239e73205b1846a5f69043546d471b259887bb141d879
    Authentihash MD59e4c2a2e8832f10ecdd2be70eb6bc300
    Authentihash SHA12b15e90dc654ce779bd460787352639768cd8baa
    Authentihash SHA25626536758c2247b6251a342d2e80de1753c006a0dce9b3b8a6a5b1d3110c8fc34
    RichPEHeaderHash MD5a052ed4e5d10c66e3e667a42fcdcc54a
    RichPEHeaderHash SHA104b9d41ef58b5aaaca72f0ce222a8adfbe8ad251
    RichPEHeaderHash SHA256c254feaf8c3e788a6ec9d41de0d7bad054f4347a8347d6806840cd1d9030ed4a
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 1efd983a49d3f152ac9cd2941b8a0edd
    FieldValue
    ToBeSigned (TBS) MD51b7ca026e68405de56477b5b7bb3a0a5
    ToBeSigned (TBS) SHA1b2a1bd13d8833154f02e51e25c9f023d54a27d21
    ToBeSigned (TBS) SHA2562018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
    SubjectC=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Sysinternals
    ValidFrom2013-04-06 00:00:00
    ValidTo2016-05-05 23:59:59
    Signaturedcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber1efd983a49d3f152ac9cd2941b8a0edd
    Version3
    Certificate 611993e400000000001c
    FieldValue
    ToBeSigned (TBS) MD578a717e082dcc1cda3458d917e677d14
    ToBeSigned (TBS) SHA14a872e0e51f9b304469cd1dedb496ee9b8b983a4
    ToBeSigned (TBS) SHA256317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2011-02-22 19:25:17
    ValidTo2021-02-22 19:35:17
    Signature812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611993e400000000001c
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strncpy
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • NtBuildNumber
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.Sys
    Creation Timestamp2021-08-16 20:01:16
    MD597e3a44ec4ae58c8cc38eefc613e950e
    SHA1bc47e15537fa7c32dfefd23168d7e1741f8477ed
    SHA256440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c
    Authentihash MD50a7106a04e6e3b13eb105b013f76e031
    Authentihash SHA10c74316dfb9c21b7ff2dc288c005f9474dc26589
    Authentihash SHA256c7fef94e329bd9b66b281539265f989313356cbd9c345df9e670e9c4b6e0edce
    RichPEHeaderHash MD510ece32f0d8e8124966ad20948a21790
    RichPEHeaderHash SHA1e70413e4c5de0ddabaeb3b871f170e42cc2c98d3
    RichPEHeaderHash SHA25670581f2de67d48a583a4ee59062315c053f9419dc879e246c6a4efc9f1ec6506
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 33000000b20f9ad86794f322f60000000000b2
    FieldValue
    ToBeSigned (TBS) MD5b9dc0ff1a60c3aba24a78d505955bf39
    ToBeSigned (TBS) SHA115a5da2c8aa2955af75615009d249071f91fd252
    ToBeSigned (TBS) SHA256ba7853f855ba7bc325287c11f5f7b20e013716affad372440feb2c3cf02f0bc5
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2020-12-15 22:15:30
    ValidTo2021-12-02 22:15:30
    Signature199acc6a8717c0db5b4b2312dccd8bb1e33ef492731fb8e1d60bd6f690de074b6d92293c8260012dcacc668a68f10e726a37d2ff7ee66b1eea424f56f104249bd6d7e7eba8c1745f4f1143bac7e648e48c1b2a1adf6954b5de1669df19c4be5633b791b7a3cba23641006fd58ac2d494a1d00dadbc3b3fe50a7ad0163cb386693824106b5dd9f9b8a579e45f5c5f8804832b8a773701e0ca31dee9a012fce5911492de93beea44a3822f7a83c448a484eeb937a4fa7f4067879b910e534c966d2650bd5c93f066656aa0f4c7c318161d4a8b367056df42af60a0aad0eb2de3bb47b96b948f2c849f330cfef599f1775bb6d41cf150decb40a83d5800727d977e
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber33000000b20f9ad86794f322f60000000000b2
    Version3
    Certificate 610baac1000000000009
    FieldValue
    ToBeSigned (TBS) MD5a569061297e8e824767dbc3184a69bea
    ToBeSigned (TBS) SHA1adbb26a587a8f44b4fccaecb306f980d1c55a150
    ToBeSigned (TBS) SHA256cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
    ValidFrom2012-04-18 23:48:38
    ValidTo2027-04-18 23:58:38
    Signature5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber610baac1000000000009
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strncpy
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • PsGetVersion
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • RtlFreeUnicodeString
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp.sys
    Creation Timestamp2020-09-11 15:57:25
    MD5b79475c4783efdd8122694c6b5669a79
    SHA1d612165251d5f1dcfb1f1a762c88d956f49ce344
    SHA256cdfbe62ef515546f1728189260d0bdf77167063b6dbb77f1db6ed8b61145a2bc
    Authentihash MD5bee5a87f72b42f3bb5958ba541f4caff
    Authentihash SHA19e0516a6ce73163e2ff5bf0740b57da46846228b
    Authentihash SHA25674716032cc2f63c67b9df0882c6794b4bf66147d943329db5f233a04c2fd9b12
    RichPEHeaderHash MD543d9cd97a9af9d2018a2e3b912ceee7b
    RichPEHeaderHash SHA18376f05ff6ebd3001f063c022d6878ae5f3b0adc
    RichPEHeaderHash SHA2568affa451179e3e28a8f4f5e5ce035ec16f661d943ec0acc9ac6e987e7640dfc9
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 330000009484c47568579aafe9000000000094
    FieldValue
    ToBeSigned (TBS) MD5b46a69db7e461e55282dc24dc594e5d6
    ToBeSigned (TBS) SHA13b19241d555a74781e2b63a7c14ad12b1ec68205
    ToBeSigned (TBS) SHA2562a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2020-03-04 19:12:18
    ValidTo2021-03-03 19:12:18
    Signature36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber330000009484c47568579aafe9000000000094
    Version3
    Certificate 610baac1000000000009
    FieldValue
    ToBeSigned (TBS) MD5a569061297e8e824767dbc3184a69bea
    ToBeSigned (TBS) SHA1adbb26a587a8f44b4fccaecb306f980d1c55a150
    ToBeSigned (TBS) SHA256cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
    ValidFrom2012-04-18 23:48:38
    ValidTo2027-04-18 23:58:38
    Signature5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber610baac1000000000009
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strncpy
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • PsGetVersion
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • RtlFreeUnicodeString
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenameprocexp1627.sys
    Creation Timestamp2019-12-13 09:37:59
    MD5c06dda757b92e79540551efd00b99d4b
    SHA13296844d22c87dd5eba3aa378a8242b41d59db7a
    SHA2569b6a84f7c40ea51c38cc4d2e93efb3375e9d98d4894a85941190d94fbe73a4e4
    Authentihash MD5f57e986673aee44bf51e7e6bb3ed0113
    Authentihash SHA1edc10781eb6d1e3bdf9d15cfebddbe1a1fb804d9
    Authentihash SHA256decba65bbf2232ac55a698539304cab211b45eef0ed17c05dd7995bef2b98fc6
    RichPEHeaderHash MD5fb1a18f749889fe0e199b0f3663bd343
    RichPEHeaderHash SHA19a992dfb873710e2066c04fcfd782ba5b28b26a0
    RichPEHeaderHash SHA2565926062150b4490d7e6f74618065b30be72dce302a8ae31b808bc8ba87e22694
    CompanySysinternals - www.sysinternals.com
    DescriptionProcess Explorer
    ProductProcess Explorer
    OriginalFilenameprocexp.Sys

    Download

    Certificates

    Expand
    Certificate 3300000082c88ba15b1c3ef710000000000082
    FieldValue
    ToBeSigned (TBS) MD5d47b44dce52973327e0283b8aaa49df4
    ToBeSigned (TBS) SHA1d8c5ee55191da114e9e73f01e6222025ede696ac
    ToBeSigned (TBS) SHA2562d7cd230c57a7af8093369126606854002ea799a5d9b72fdb636988bdec5b451
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2019-05-02 20:49:42
    ValidTo2020-05-02 20:49:42
    Signature9c38927cf34cadf6121bbacca605cb2423a311565e3a71c4449c2cb81936d3ed3aa79d7a0914e19ab121d788f1803cdf9f023a352823ad4175f5389c193fb1efba47e33ab8ff227e68742a875f3932dfa7bc39950353653e664de0049ba8f09914e5dd7d78dff13d50096d20de210e49c3ea01713741c88ed65805d4eb08ded809a5c70a116c7648c0c55951004b1d249575bed351fbee3361cf822e02b437c702c7948496eb784dbf6102839ceb3e1e26f344a6aa2a9b1b0b7c6f56f3c145cbecd9a9661adc7446b5c368f782f5fd50a5a244618ae30b3dc4616c59992a28192174906653bc878dec57075ce37a4e8ceeabd2b8eeff742443fee80af5ee6482
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber3300000082c88ba15b1c3ef710000000000082
    Version3
    Certificate 610baac1000000000009
    FieldValue
    ToBeSigned (TBS) MD5a569061297e8e824767dbc3184a69bea
    ToBeSigned (TBS) SHA1adbb26a587a8f44b4fccaecb306f980d1c55a150
    ToBeSigned (TBS) SHA256cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
    ValidFrom2012-04-18 23:48:38
    ValidTo2027-04-18 23:58:38
    Signature5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber610baac1000000000009
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strncpy
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • KeWaitForSingleObject
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • SeCaptureSubjectContext
    • SeReleaseSubjectContext
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwClose
    • MmIsAddressValid
    • PsGetVersion
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • SePrivilegeCheck
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ObQueryNameString
    • ZwQueryObject
    • ZwDuplicateObject
    • ZwOpenProcessToken
    • ZwQueryInformationProcess
    • ZwQuerySystemInformation
    • ObCloseHandle
    • ObOpenObjectByName
    • __C_specific_handler
    • IoFileObjectType
    • PsProcessType
    • PsThreadType
    • RtlFreeUnicodeString
    • IoCreateDevice
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Signature": "36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
          "TBS": {
            "MD5": "b46a69db7e461e55282dc24dc594e5d6",
            "SHA1": "3b19241d555a74781e2b63a7c14ad12b1ec68205",
            "SHA256": "2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975",
            "SHA384": "5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79"
          },
          "ValidFrom": "2020-03-04 19:12:18",
          "ValidTo": "2021-03-03 19:12:18",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610baac1000000000009",
          "Signature": "5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "TBS": {
            "MD5": "a569061297e8e824767dbc3184a69bea",
            "SHA1": "adbb26a587a8f44b4fccaecb306f980d1c55a150",
            "SHA256": "cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46",
            "SHA384": "e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba"
          },
          "ValidFrom": "2012-04-18 23:48:38",
          "ValidTo": "2027-04-18 23:58:38",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012",
          "SerialNumber": "330000009484c47568579aafe9000000000094",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    source

    last_updated: 2023-12-22