9905c737-83ad-4801-a573-8267f3aea924

bsitf.sys :inline :inline

Description

bsitf.sys is the ASUS BIOS Flash Driver distributed with ASUS WinFlash BIOS update utility. The driver persists on disk after WinFlash completes and exposes physical memory read via MmMapIoSpace (IOCTL 0x222804), physically contiguous kernel memory allocation mapped to usermode via MDL (IOCTL 0x222808), arbitrary I/O port write (IOCTL 0x222810) and read (IOCTL 0x222818), PCI config space read with BAR mapping to usermode (IOCTL 0x222814), and BIOS flash write via MmMapIoSpace (IOCTL 0x22281c). WHQL attestation signed via Microsoft Windows Third Party Component CA 2014. Device SDDL grants full access to Administrators group.

  • UUID: 9905c737-83ad-4801-a573-8267f3aea924
  • Created: 2026-04-17
  • Author: Michael Haag
  • Acknowledgement: | [@rainbowdynamix, @DbgPrint, @AkaTorich](https://twitter.com/@rainbowdynamix, @DbgPrint, @AkaTorich)

Download

This download link contains the vulnerable driver!

Block bsitf.sys across your endpoints

Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.

Start Blocking for Free

Commands

sc.exe create bsitf binPath=C:\windows\temp\bsitf.sys type=kernel && sc.exe start bsitf
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://github.com/magicsword-io/LOLDrivers/issues/325
  • https://github.com/magicsword-io/LOLDrivers/pull/332
  • https://github.com/KeServiceDescriptorTable/vulnerable-drivers

    • Known Vulnerable Samples

    PropertyValue
    Filenamebsitf.sys
    Creation Timestamp2023-05-15 03:26:29
    MD54d59cc4dd2c94cdb78e561f3a422e899
    SHA1e77af2651fb4a4ff0fe80bf838ebe0b76aa8edd4
    SHA256602bef923ddbf2ea7967cedf56866b9db10fb43f0e90a9681cd021f1cddc05c9
    Authentihash MD5090861039dcbcfc0feecdbaf1aa577cc
    Authentihash SHA165d2ac2cabd251c0eab84cf4c0ab57ed15504f4f
    Authentihash SHA256678d7d011499c5793ca87b29c7179d0d959f8d6d5b3b966ee619c3d0cfcb6bc1
    RichPEHeaderHash MD5a17da6e24f9d7f5d4335a7c4f22cd502
    RichPEHeaderHash SHA15b43331ee12aad91ad19fcafe4106b122494c7cd
    RichPEHeaderHash SHA25664b94de97b482bdd0ff9f96d307093e6c2f631bcd1b1089ca53f5ae789628711
    CompanyASUSTek Computer Inc.
    DescriptionASUS BIOS Flash Driver
    ProductASUS BIOS Flash Driver
    OriginalFilenamebsitf.sys

    Download

    Certificates

    Expand
    Certificate 3300000061c88b129c2a7f1d87000000000061
    FieldValue
    ToBeSigned (TBS) MD5686c5dd3e6c0c4d6888c652ee9a76e0b
    ToBeSigned (TBS) SHA148c84f19d968d167bb3dad0bfeffcc659269aa03
    ToBeSigned (TBS) SHA2561fe207964146bdf934dc0c17aefaa75e78aea3d6a3935cc96e64511d7d469b29
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2023-04-06 19:16:28
    ValidTo2024-04-03 19:16:28
    Signature0449290d26112d6053cc65c76ab953df62d870517fec16470e3bef28a20b21c099f4609adc713af367ac47fe49cb0f22c001e774ca0c9b13e86c59ec4b03ccdff30a8d38960e09584a895e6a87b0a481a57dc0ef10819ce8b226667f6a646adff7bfa61981a31ed6890e65afa47e7f27991e13fe39a54544aff9116bf5a737a4c33c92c1659a58b33cf3aa94b997e0c636f30e90776eb343874c6e0c7efa3a2d135ec3dd781b97e6ad41fc21adc7bd9b2d9b49e504a32846f541349c64f41396b43622015916fe46907431768a58c24e3f8d46c5cd8276fa1d92ba7aab4ccd77c5f7778b3fa0f5afa6fe6bfdba544b5af0a8597a073b0c7eed8caa5a11cb9dc4c415c8119bd2545f77b93886c40842a9b28b3128bcd257a4365c1e7afa22a5a2d46b936ed7ff7fa1db7801f26552c3ebd7832cc9475390ecbf3898855d16f270652b7fcc319d2415e2b10e8f61f0f4b6c7187739ed7752978fe4870650f3cd838f19b9c43804324f093eba2591c09cdcd46f1f0f8ad10779eed7467030721563f4e810982b42f8c6dfcfd0401d4569a74ccc13df5a9d2347883e776e98ed7fb32bb3f99c688e30b92c78c756b5242c632e5692a5bf564060961f5d55cfb82f150a50714885b378ce803b505b52c99ee339d84f6b9a5e6b86819c525088d9785771e3d1ed24746abd12bd6348a11e5a1cb545228aa270d3ac67b9dcd93d19fdf4
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber3300000061c88b129c2a7f1d87000000000061
    Version3
    Certificate 330000000d690d5d7893d076df00000000000d
    FieldValue
    ToBeSigned (TBS) MD583f69422963f11c3c340b81712eef319
    ToBeSigned (TBS) SHA10c5e5f24590b53bc291e28583acb78e5adc95601
    ToBeSigned (TBS) SHA256d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014
    ValidFrom2014-10-15 20:31:27
    ValidTo2029-10-15 20:41:27
    Signature96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber330000000d690d5d7893d076df00000000000d
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • RtlInitUnicodeString
    • MmGetSystemRoutineAddress
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • MmBuildMdlForNonPagedPool
    • MmMapLockedPages
    • MmUnmapLockedPages
    • MmMapIoSpace
    • MmUnmapIoSpace
    • MmAllocateContiguousMemory
    • MmFreeContiguousMemory
    • IoAllocateMdl
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • IoFreeMdl
    • IoWMIRegistrationControl
    • IoWMIOpenBlock
    • IoWMIQueryAllData
    • ObfDereferenceObject
    • MmGetPhysicalAddress
    • ZwCreateKey
    • ZwClose
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • IoCreateDevice
    • ObOpenObjectByPointer
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeExports
    • RtlCreateSecurityDescriptor
    • _wcsnicmp
    • wcschr
    • RtlAbsoluteToSelfRelativeSD
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • IoIsWdmVersionAvailable
    • RtlSetDaclSecurityDescriptor
    • ZwOpenKey
    • ZwSetValueKey
    • ZwQueryValueKey
    • RtlFreeUnicodeString

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
  "Certificates": [
    {
      "CertificateType": "Leaf (Code Signing)",
      "IsCA": false,
      "IsCertificateAuthority": false,
      "IsCodeSigning": true,
      "SerialNumber": "3300000061c88b129c2a7f1d87000000000061",
      "Signature": "0449290d26112d6053cc65c76ab953df62d870517fec16470e3bef28a20b21c099f4609adc713af367ac47fe49cb0f22c001e774ca0c9b13e86c59ec4b03ccdff30a8d38960e09584a895e6a87b0a481a57dc0ef10819ce8b226667f6a646adff7bfa61981a31ed6890e65afa47e7f27991e13fe39a54544aff9116bf5a737a4c33c92c1659a58b33cf3aa94b997e0c636f30e90776eb343874c6e0c7efa3a2d135ec3dd781b97e6ad41fc21adc7bd9b2d9b49e504a32846f541349c64f41396b43622015916fe46907431768a58c24e3f8d46c5cd8276fa1d92ba7aab4ccd77c5f7778b3fa0f5afa6fe6bfdba544b5af0a8597a073b0c7eed8caa5a11cb9dc4c415c8119bd2545f77b93886c40842a9b28b3128bcd257a4365c1e7afa22a5a2d46b936ed7ff7fa1db7801f26552c3ebd7832cc9475390ecbf3898855d16f270652b7fcc319d2415e2b10e8f61f0f4b6c7187739ed7752978fe4870650f3cd838f19b9c43804324f093eba2591c09cdcd46f1f0f8ad10779eed7467030721563f4e810982b42f8c6dfcfd0401d4569a74ccc13df5a9d2347883e776e98ed7fb32bb3f99c688e30b92c78c756b5242c632e5692a5bf564060961f5d55cfb82f150a50714885b378ce803b505b52c99ee339d84f6b9a5e6b86819c525088d9785771e3d1ed24746abd12bd6348a11e5a1cb545228aa270d3ac67b9dcd93d19fdf4",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "686c5dd3e6c0c4d6888c652ee9a76e0b",
        "SHA1": "48c84f19d968d167bb3dad0bfeffcc659269aa03",
        "SHA256": "1fe207964146bdf934dc0c17aefaa75e78aea3d6a3935cc96e64511d7d469b29",
        "SHA384": "6a4750403abdcdb9a23184d3d5ccdb537c32933818740e3531afbc162d90bdee62592e16e7b920dba759938d469cbe49"
      },
      "ValidFrom": "2023-04-06 19:16:28",
      "ValidTo": "2024-04-03 19:16:28",
      "Version": 3
    },
    {
      "CertificateType": "CA",
      "IsCA": true,
      "IsCertificateAuthority": true,
      "IsCodeSigning": false,
      "SerialNumber": "330000000d690d5d7893d076df00000000000d",
      "Signature": "96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
      "TBS": {
        "MD5": "83f69422963f11c3c340b81712eef319",
        "SHA1": "0c5e5f24590b53bc291e28583acb78e5adc95601",
        "SHA256": "d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae",
        "SHA384": "260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63"
      },
      "ValidFrom": "2014-10-15 20:31:27",
      "ValidTo": "2029-10-15 20:41:27",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
      "SerialNumber": "3300000061c88b129c2a7f1d87000000000061",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}
    PropertyValue
    Filenamebsitf.sys
    Creation Timestamp2025-07-09 23:10:34
    MD5835dd954d9f306f09050fd1751e9e1d2
    SHA1d80b8c9dfd317c57cbd9c3c6dfacc5b787bac06d
    SHA25641f604cfc56b101cafba8d12ee7f30409457deb13684091262571f1a6c1ddd07
    Authentihash MD5b9a4fb5c158dbc15ffbda5db91d0248a
    Authentihash SHA1fbb05ee844e53f280f97012f02ac3cc2778260b6
    Authentihash SHA256ae8d7bf855b35951bed2e5cd14daf569befe3284f0b90a8296cc89ace3845fbe
    RichPEHeaderHash MD5a17da6e24f9d7f5d4335a7c4f22cd502
    RichPEHeaderHash SHA15b43331ee12aad91ad19fcafe4106b122494c7cd
    RichPEHeaderHash SHA25664b94de97b482bdd0ff9f96d307093e6c2f631bcd1b1089ca53f5ae789628711
    CompanyASUSTek Computer Inc.
    DescriptionASUS BIOS Flash Driver
    ProductASUS BIOS Flash Driver
    OriginalFilenamebsitf.sys

    Download

    Certificates

    Expand
    Certificate 330000006e1229856f0ade6cfc00000000006e
    FieldValue
    ToBeSigned (TBS) MD53066a9830894e57ce6e47f7a6b58b84f
    ToBeSigned (TBS) SHA1ce441ecd2f11e400515a85d5a592da38f950f3dc
    ToBeSigned (TBS) SHA2563e30a731a3b620db0971ecd743ecd312bcdf14c82b9bdc9918102bacbf70520d
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2024-10-10 19:04:53
    ValidTo2025-10-08 19:04:53
    Signature3870e583035a72db64856d80e17833cd3badd24f19abf9a3d7c7485743dd875f69102820df4992d74f8fba0529be4e16f4234910064a3a1863299a29b82d3fac869915a368ec0e5d0127282221bce84db444d2e9974dc2761a2080a7bc7508d7064f32b2d97b0263d0d937527a8af95f18bcb54ec21a453ba35e55869791416a2a8813fcf95e889e65158dbb5b4cba653c989179947d286051ef6b0d56f41da479db08c6b93c44fa5c8399e126594cc53dfa756180607a1dd29559061d828b0ce2c5a462245ed0995a196ad96223b6eb1a787b4d10b5a7d4e3a130750103bc9c713fc8f32015273bb238b15aae25e4765d7ab81c5d3df82ef6a7d3c2e7a61dab024ff02df6876a86ec7198aa6e28c8e69a015129a717b1036113911f0aeefa8d05081974d026196f24bc1e4ef942599fafbd1b2c316bda73237f1822296888df2344c92b08c363976beb7020242b3069e6691f19e715e1d1a19ddc03235263c9bb7b8390145af57603105ced358f394547e3be96718835917234eb7fd7134d9fb605656717ed6b15f0583068c84c6c01abf31cc1df1fe7c4d2935590e6017cf8cc5635e1cd7054240fd0059f168e90ec1a49f24e0f050034d99e4aa6599a64d280d00ea8af57d3125caddb342a0b2c160a2f95d97e6045e69dc1c1b3fa56dfd40380ce60536a59750edf0069dc7c27f8ccc8f073b46d169b8fed1fd40ac6f00c
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber330000006e1229856f0ade6cfc00000000006e
    Version3
    Certificate 330000000d690d5d7893d076df00000000000d
    FieldValue
    ToBeSigned (TBS) MD583f69422963f11c3c340b81712eef319
    ToBeSigned (TBS) SHA10c5e5f24590b53bc291e28583acb78e5adc95601
    ToBeSigned (TBS) SHA256d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014
    ValidFrom2014-10-15 20:31:27
    ValidTo2029-10-15 20:41:27
    Signature96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber330000000d690d5d7893d076df00000000000d
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • RtlInitUnicodeString
    • MmGetSystemRoutineAddress
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • MmBuildMdlForNonPagedPool
    • MmMapLockedPages
    • MmUnmapLockedPages
    • MmMapIoSpace
    • MmUnmapIoSpace
    • MmAllocateContiguousMemory
    • MmFreeContiguousMemory
    • IoAllocateMdl
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • IoFreeMdl
    • IoWMIRegistrationControl
    • IoWMIOpenBlock
    • IoWMIQueryAllData
    • ObfDereferenceObject
    • MmGetPhysicalAddress
    • ZwCreateKey
    • ZwClose
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • IoCreateDevice
    • ObOpenObjectByPointer
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeExports
    • RtlCreateSecurityDescriptor
    • _wcsnicmp
    • wcschr
    • RtlAbsoluteToSelfRelativeSD
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • IoIsWdmVersionAvailable
    • RtlSetDaclSecurityDescriptor
    • ZwOpenKey
    • ZwSetValueKey
    • ZwQueryValueKey
    • RtlFreeUnicodeString

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
  "Certificates": [
    {
      "CertificateType": "Leaf (Code Signing)",
      "IsCA": false,
      "IsCertificateAuthority": false,
      "IsCodeSigning": true,
      "SerialNumber": "3300000061c88b129c2a7f1d87000000000061",
      "Signature": "0449290d26112d6053cc65c76ab953df62d870517fec16470e3bef28a20b21c099f4609adc713af367ac47fe49cb0f22c001e774ca0c9b13e86c59ec4b03ccdff30a8d38960e09584a895e6a87b0a481a57dc0ef10819ce8b226667f6a646adff7bfa61981a31ed6890e65afa47e7f27991e13fe39a54544aff9116bf5a737a4c33c92c1659a58b33cf3aa94b997e0c636f30e90776eb343874c6e0c7efa3a2d135ec3dd781b97e6ad41fc21adc7bd9b2d9b49e504a32846f541349c64f41396b43622015916fe46907431768a58c24e3f8d46c5cd8276fa1d92ba7aab4ccd77c5f7778b3fa0f5afa6fe6bfdba544b5af0a8597a073b0c7eed8caa5a11cb9dc4c415c8119bd2545f77b93886c40842a9b28b3128bcd257a4365c1e7afa22a5a2d46b936ed7ff7fa1db7801f26552c3ebd7832cc9475390ecbf3898855d16f270652b7fcc319d2415e2b10e8f61f0f4b6c7187739ed7752978fe4870650f3cd838f19b9c43804324f093eba2591c09cdcd46f1f0f8ad10779eed7467030721563f4e810982b42f8c6dfcfd0401d4569a74ccc13df5a9d2347883e776e98ed7fb32bb3f99c688e30b92c78c756b5242c632e5692a5bf564060961f5d55cfb82f150a50714885b378ce803b505b52c99ee339d84f6b9a5e6b86819c525088d9785771e3d1ed24746abd12bd6348a11e5a1cb545228aa270d3ac67b9dcd93d19fdf4",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
      "TBS": {
        "MD5": "686c5dd3e6c0c4d6888c652ee9a76e0b",
        "SHA1": "48c84f19d968d167bb3dad0bfeffcc659269aa03",
        "SHA256": "1fe207964146bdf934dc0c17aefaa75e78aea3d6a3935cc96e64511d7d469b29",
        "SHA384": "6a4750403abdcdb9a23184d3d5ccdb537c32933818740e3531afbc162d90bdee62592e16e7b920dba759938d469cbe49"
      },
      "ValidFrom": "2023-04-06 19:16:28",
      "ValidTo": "2024-04-03 19:16:28",
      "Version": 3
    },
    {
      "CertificateType": "CA",
      "IsCA": true,
      "IsCertificateAuthority": true,
      "IsCodeSigning": false,
      "SerialNumber": "330000000d690d5d7893d076df00000000000d",
      "Signature": "96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
      "TBS": {
        "MD5": "83f69422963f11c3c340b81712eef319",
        "SHA1": "0c5e5f24590b53bc291e28583acb78e5adc95601",
        "SHA256": "d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae",
        "SHA384": "260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63"
      },
      "ValidFrom": "2014-10-15 20:31:27",
      "ValidTo": "2029-10-15 20:41:27",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
      "SerialNumber": "3300000061c88b129c2a7f1d87000000000061",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

    source

    last_updated: 2026-05-04