da7314dc-6cf1-4d74-a0d1-796fc08944f8

windbg.sys :inline :inline

Description

These samples are related to CopperStealth campaign found by TrendMicro. CopperStealth’s infection chain involves dropping and loading a rootkit, which later injects its payload into explorer.exe and another system process. These payloads are responsible for downloading and running additional tasks. The rootkit also blocks access to blocklisted registry keys and prevents certain executables and drivers from running.

  • UUID: da7314dc-6cf1-4d74-a0d1-796fc08944f8
  • Created: 2023-05-20
  • Author: Michael Haag
  • Acknowledgement: |

Download

This download link contains the malicious driver!

Commands

sc.exe create windbg.sys binPath=C:\windows\temp\windbg.sys type=kernel && sc.exe start windbg.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://www.trendmicro.com/en_us/research/23/e/water-orthrus-new-campaigns-deliver-rootkit-and-phishing-modules.html

  • Known Vulnerable Samples

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-07 08:50:35
    MD540f35792e7565aa047796758a3ce1b77
    SHA16df35a0c2f6d7d39d24277137ea840078dafb812
    SHA256139f8412a7c6fdc43dcfbbcdba256ee55654eb36a40f338249d5162a1f69b988
    Authentihash MD53a2404b8c4c87facf5316e4ff16bd603
    Authentihash SHA1ff3d240cf0faeafb37f176b71151dd83b2177a0e
    Authentihash SHA256e307ebe2d43cc8e290e5ade032a6e38bc6961439f92d6e99b954bf1368a975ef
    RichPEHeaderHash MD557462998048f7ee977ca73cacd0a8a2a
    RichPEHeaderHash SHA1f1a4626b2b16389bf879d451c63ff53bca825d23
    RichPEHeaderHash SHA2569e96e39a30076c985ce6aa3547b8279c8f471122a0b25bebde5a189d9795d427
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 5f9e06262d2eed425c886a4709350426
    FieldValue
    ToBeSigned (TBS) MD5e01323d4e9f20b9c042abdd9585d2d81
    ToBeSigned (TBS) SHA1d1fab71f563191354037fe0bb8bf73718c721e45
    ToBeSigned (TBS) SHA2569db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14
    SubjectC=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.
    ValidFrom2014-05-06 00:00:00
    ValidTo2015-05-06 23:59:59
    Signature14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber5f9e06262d2eed425c886a4709350426
    Version3
    Certificate 611993e400000000001c
    FieldValue
    ToBeSigned (TBS) MD578a717e082dcc1cda3458d917e677d14
    ToBeSigned (TBS) SHA14a872e0e51f9b304469cd1dedb496ee9b8b983a4
    ToBeSigned (TBS) SHA256317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2011-02-22 19:25:17
    ValidTo2021-02-22 19:35:17
    Signature812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611993e400000000001c
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3
    Certificate 300f6facdd6698747ca94636a7782db9
    FieldValue
    ToBeSigned (TBS) MD563499ed59a1293b786649470e4ce0bd7
    ToBeSigned (TBS) SHA17309d8eaa65da1f3da7030c08f00a3b0a20fa908
    ToBeSigned (TBS) SHA2568c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
    SubjectC=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA
    ValidFrom2019-05-02 00:00:00
    ValidTo2038-01-18 23:59:59
    Signature6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
    SignatureAlgorithmOID1.2.840.113549.1.1.12
    IsCertificateAuthorityTrue
    SerialNumber300f6facdd6698747ca94636a7782db9
    Version3
    Certificate 0090397f9ad24a3a13f2bd915f0838a943
    FieldValue
    ToBeSigned (TBS) MD526ec2c9bfcb06fdf8a6d95f2c616fd72
    ToBeSigned (TBS) SHA1635466f1432046f6fd338624c068872ab6488b12
    ToBeSigned (TBS) SHA2562219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839
    SubjectC=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3
    ValidFrom2022-05-11 00:00:00
    ValidTo2033-08-10 23:59:59
    Signature73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5
    SignatureAlgorithmOID1.2.840.113549.1.1.12
    IsCertificateAuthorityFalse
    SerialNumber0090397f9ad24a3a13f2bd915f0838a943
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • PsProcessType
    • IoGetLowerDeviceObject
    • ExFreePoolWithTag
    • IoRegisterShutdownNotification
    • IoAttachDeviceToDeviceStackSafe
    • PsLookupProcessByProcessId
    • RtlInitUnicodeString
    • IoDeleteDevice
    • MmGetSystemRoutineAddress
    • IoDetachDevice
    • KeDelayExecutionThread
    • IoUnregisterShutdownNotification
    • ZwClose
    • IoGetAttachedDeviceReference
    • PsGetCurrentProcessId
    • ObfDereferenceObject
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoUnregisterFsRegistrationChange
    • ObOpenObjectByPointer
    • IoRegisterFsRegistrationChange
    • IofCallDriver
    • MmUnmapLockedPages
    • _wcsicmp
    • PsGetProcessPeb
    • ZwCreateKey
    • RtlCreateUnicodeString
    • MmMapLockedPages
    • PsSetLoadImageNotifyRoutine
    • _wcsnicmp
    • ZwReadFile
    • IoCreateFile
    • ZwDeleteValueKey
    • ZwSetValueKey
    • RtlEqualUnicodeString
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • RtlFreeUnicodeString
    • ObQueryNameString
    • ZwQueryValueKey
    • _vsnwprintf
    • RtlRandom
    • PsRemoveLoadImageNotifyRoutine
    • ZwFlushKey
    • MmCreateMdl
    • ZwDeleteFile
    • PsGetVersion
    • CmRegisterCallback
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • CmUnRegisterCallback
    • ZwQueryInformationFile
    • ZwWriteFile
    • ZwDeleteKey
    • ZwEnumerateKey
    • ZwAllocateVirtualMemory
    • ZwOpenKey
    • KeUnstackDetachProcess
    • ZwWaitForSingleObject
    • ZwFreeVirtualMemory
    • PsGetProcessSessionId
    • ZwDuplicateObject
    • ObReferenceObjectByName
    • KeStackAttachProcess
    • RtlSubAuthoritySid
    • _strnicmp
    • KeSetEvent
    • KeInitializeEvent
    • ZwOpenProcessTokenEx
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsThreadType
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • KeBugCheckEx
    • strncmp
    • strstr
    • strchr
    • strncpy
    • _vsnprintf
    • rand
    • _stricmp
    • ExAllocatePool
    • IoBuildDeviceIoControlRequest
    • IoGetRelatedDeviceObject
    • ZwCreateFile
    • IoFreeIrp
    • MmProbeAndLockPages
    • IoAllocateMdl
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Signature": "14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.",
          "TBS": {
            "MD5": "e01323d4e9f20b9c042abdd9585d2d81",
            "SHA1": "d1fab71f563191354037fe0bb8bf73718c721e45",
            "SHA256": "9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14",
            "SHA384": "9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b"
          },
          "ValidFrom": "2014-05-06 00:00:00",
          "ValidTo": "2015-05-06 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611993e400000000001c",
          "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "78a717e082dcc1cda3458d917e677d14",
            "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
            "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
            "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
          },
          "ValidFrom": "2011-02-22 19:25:17",
          "ValidTo": "2021-02-22 19:35:17",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "300f6facdd6698747ca94636a7782db9",
          "Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
          "TBS": {
            "MD5": "63499ed59a1293b786649470e4ce0bd7",
            "SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
            "SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
            "SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
          },
          "ValidFrom": "2019-05-02 00:00:00",
          "ValidTo": "2038-01-18 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0090397f9ad24a3a13f2bd915f0838a943",
          "Signature": "73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3",
          "TBS": {
            "MD5": "26ec2c9bfcb06fdf8a6d95f2c616fd72",
            "SHA1": "635466f1432046f6fd338624c068872ab6488b12",
            "SHA256": "2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839",
            "SHA384": "62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660"
          },
          "ValidFrom": "2022-05-11 00:00:00",
          "ValidTo": "2033-08-10 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:24:09
    MD5093a2a635c3a27aac50efd6463f4efa1
    SHA1b34a012887ddab761b2298f882858fa1ff4d99f1
    SHA2565b932eab6c67f62f097a3249477ac46d80ddccdc52654f8674060b4ddf638e5d
    Authentihash MD5dab51577c44fda1574532847f4deb56c
    Authentihash SHA1c7cb92f60ffe07d1c9bfa43ea1213f8c8f766022
    Authentihash SHA2566ee267fc3d0ac2662a9cfdb0ed5a2354ee09ef4c218303f20350177cae125cf7
    RichPEHeaderHash MD5e1c6e942db6887e4c9e630b5bb75c313
    RichPEHeaderHash SHA1e703cd9718363d923287424967d01ca57fc8a842
    RichPEHeaderHash SHA2568afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • IoDetachDevice
    • memcpy
    • memset
    • ZwClose
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • ObOpenObjectByPointer
    • PsProcessType
    • PsLookupProcessByProcessId
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • IofCallDriver
    • PsGetCurrentProcessId
    • IoGetLowerDeviceObject
    • ObfDereferenceObject
    • IoGetAttachedDeviceReference
    • IoUnregisterShutdownNotification
    • KeDelayExecutionThread
    • IoAttachDeviceToDeviceStackSafe
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoRegisterShutdownNotification
    • IoUnregisterFsRegistrationChange
    • IoRegisterFsRegistrationChange
    • _vsnwprintf
    • PsGetVersion
    • ZwAllocateVirtualMemory
    • MmUnmapLockedPages
    • IoFreeMdl
    • MmMapLockedPages
    • MmBuildMdlForNonPagedPool
    • MmCreateMdl
    • ZwReadFile
    • ZwQueryInformationFile
    • IoCreateFile
    • _wcsicmp
    • _wcsnicmp
    • RtlEqualUnicodeString
    • ZwWriteFile
    • ZwFlushKey
    • ZwSetValueKey
    • ZwQueryValueKey
    • RtlRandom
    • KeQuerySystemTime
    • ZwDeleteKey
    • ZwOpenKey
    • ZwEnumerateKey
    • IoFreeIrp
    • KeSetEvent
    • KeWaitForSingleObject
    • KeGetCurrentThread
    • KeInitializeEvent
    • IoAllocateIrp
    • IoGetRelatedDeviceObject
    • ObReferenceObjectByHandle
    • IoFileObjectType
    • ObQueryNameString
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • PsGetProcessPeb
    • RtlCreateUnicodeString
    • ZwDeleteValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • ZwDeleteFile
    • PsRemoveLoadImageNotifyRoutine
    • CmUnRegisterCallback
    • PsSetLoadImageNotifyRoutine
    • CmRegisterCallback
    • ObReferenceObjectByName
    • ZwFreeVirtualMemory
    • ZwWaitForSingleObject
    • KeUnstackDetachProcess
    • KeStackAttachProcess
    • ZwDuplicateObject
    • PsGetProcessSessionId
    • _strnicmp
    • RtlSubAuthoritySid
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • ZwOpenProcessTokenEx
    • PsTerminateSystemThread
    • PsThreadType
    • PsCreateSystemThread
    • KeTickCount
    • KeBugCheckEx
    • _vsnprintf
    • strncmp
    • strchr
    • strncpy
    • strstr
    • ExAllocatePool
    • _stricmp
    • rand
    • ZwCreateFile
    • IoBuildDeviceIoControlRequest
    • MmProbeAndLockPages
    • IoAllocateMdl
    • _allshl
    • RtlUnwind

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Signature": "14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.",
          "TBS": {
            "MD5": "e01323d4e9f20b9c042abdd9585d2d81",
            "SHA1": "d1fab71f563191354037fe0bb8bf73718c721e45",
            "SHA256": "9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14",
            "SHA384": "9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b"
          },
          "ValidFrom": "2014-05-06 00:00:00",
          "ValidTo": "2015-05-06 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611993e400000000001c",
          "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "78a717e082dcc1cda3458d917e677d14",
            "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
            "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
            "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
          },
          "ValidFrom": "2011-02-22 19:25:17",
          "ValidTo": "2021-02-22 19:35:17",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "300f6facdd6698747ca94636a7782db9",
          "Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
          "TBS": {
            "MD5": "63499ed59a1293b786649470e4ce0bd7",
            "SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
            "SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
            "SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
          },
          "ValidFrom": "2019-05-02 00:00:00",
          "ValidTo": "2038-01-18 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0090397f9ad24a3a13f2bd915f0838a943",
          "Signature": "73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3",
          "TBS": {
            "MD5": "26ec2c9bfcb06fdf8a6d95f2c616fd72",
            "SHA1": "635466f1432046f6fd338624c068872ab6488b12",
            "SHA256": "2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839",
            "SHA384": "62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660"
          },
          "ValidFrom": "2022-05-11 00:00:00",
          "ValidTo": "2033-08-10 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:23:58
    MD5844af8c877f5da723c1b82cf6e213fc1
    SHA14f2d9a70ea24121ae01df8a76ffba1f9cc0fde4a
    SHA2566994b32e3f3357f4a1d0abe81e8b62dd54e36b17816f2f1a80018584200a1b77
    Authentihash MD598a3ab2b723de48256701b417ff87a65
    Authentihash SHA1ff80d6663a92ff454526e88847cbb4d9bd00e21e
    Authentihash SHA25679278979d9300670d1084493bbc03ae374efc5ab02850941e85753885fa88e47
    RichPEHeaderHash MD50b8725117e665d5272218cb41038327d
    RichPEHeaderHash SHA1a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
    RichPEHeaderHash SHA256b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • PsProcessType
    • IoGetLowerDeviceObject
    • ExFreePoolWithTag
    • IoRegisterShutdownNotification
    • IoAttachDeviceToDeviceStackSafe
    • PsLookupProcessByProcessId
    • RtlInitUnicodeString
    • IoDeleteDevice
    • MmGetSystemRoutineAddress
    • IoDetachDevice
    • KeDelayExecutionThread
    • IoUnregisterShutdownNotification
    • ZwClose
    • IoGetAttachedDeviceReference
    • PsGetCurrentProcessId
    • ObfDereferenceObject
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoUnregisterFsRegistrationChange
    • ObOpenObjectByPointer
    • IoRegisterFsRegistrationChange
    • IofCallDriver
    • MmUnmapLockedPages
    • _wcsicmp
    • PsGetProcessPeb
    • ZwCreateKey
    • RtlCreateUnicodeString
    • MmMapLockedPages
    • PsSetLoadImageNotifyRoutine
    • _wcsnicmp
    • ZwReadFile
    • IoGetRelatedDeviceObject
    • KeSetEvent
    • IoCreateFile
    • KeInitializeEvent
    • ZwDeleteValueKey
    • ZwSetValueKey
    • RtlEqualUnicodeString
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • RtlFreeUnicodeString
    • ObQueryNameString
    • IoFileObjectType
    • ZwQueryValueKey
    • _vsnwprintf
    • RtlRandom
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • ZwFlushKey
    • MmCreateMdl
    • IoFreeIrp
    • ZwDeleteFile
    • PsGetVersion
    • IoAllocateIrp
    • CmRegisterCallback
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • CmUnRegisterCallback
    • ZwQueryInformationFile
    • ZwWriteFile
    • ZwDeleteKey
    • ZwEnumerateKey
    • ZwAllocateVirtualMemory
    • ZwOpenKey
    • KeUnstackDetachProcess
    • ZwWaitForSingleObject
    • ZwFreeVirtualMemory
    • PsGetProcessSessionId
    • ZwDuplicateObject
    • ObReferenceObjectByName
    • KeStackAttachProcess
    • RtlSubAuthoritySid
    • _strnicmp
    • ZwOpenProcessTokenEx
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • PsThreadType
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • KeBugCheckEx
    • strncmp
    • strstr
    • strchr
    • strncpy
    • _vsnprintf
    • rand
    • _stricmp
    • ExAllocatePool
    • IoBuildDeviceIoControlRequest
    • ZwCreateFile
    • MmProbeAndLockPages
    • IoAllocateMdl
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Signature": "14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.",
          "TBS": {
            "MD5": "e01323d4e9f20b9c042abdd9585d2d81",
            "SHA1": "d1fab71f563191354037fe0bb8bf73718c721e45",
            "SHA256": "9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14",
            "SHA384": "9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b"
          },
          "ValidFrom": "2014-05-06 00:00:00",
          "ValidTo": "2015-05-06 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611993e400000000001c",
          "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "78a717e082dcc1cda3458d917e677d14",
            "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
            "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
            "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
          },
          "ValidFrom": "2011-02-22 19:25:17",
          "ValidTo": "2021-02-22 19:35:17",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "300f6facdd6698747ca94636a7782db9",
          "Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
          "TBS": {
            "MD5": "63499ed59a1293b786649470e4ce0bd7",
            "SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
            "SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
            "SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
          },
          "ValidFrom": "2019-05-02 00:00:00",
          "ValidTo": "2038-01-18 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0090397f9ad24a3a13f2bd915f0838a943",
          "Signature": "73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3",
          "TBS": {
            "MD5": "26ec2c9bfcb06fdf8a6d95f2c616fd72",
            "SHA1": "635466f1432046f6fd338624c068872ab6488b12",
            "SHA256": "2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839",
            "SHA384": "62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660"
          },
          "ValidFrom": "2022-05-11 00:00:00",
          "ValidTo": "2033-08-10 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-08 03:14:00
    MD52ec877e425bd7eddb663627216e3491e
    SHA1d4f5323da704ff2f25d6b97f38763c147f2a0e6f
    SHA25632882949ea084434a376451ff8364243a50485a3b4af2f2240bb5f20c164543d
    Authentihash MD575c70824590d4db183418c7fd9e47d2d
    Authentihash SHA11ccd8bc3104fe1654806752e1e6730d3ee0b4ee4
    Authentihash SHA256e7e7824d611527b67fc36128da1b35d9b8ce3ffdab3fb96e3dbabd6e9c9570c0
    RichPEHeaderHash MD557462998048f7ee977ca73cacd0a8a2a
    RichPEHeaderHash SHA1f1a4626b2b16389bf879d451c63ff53bca825d23
    RichPEHeaderHash SHA2569e96e39a30076c985ce6aa3547b8279c8f471122a0b25bebde5a189d9795d427
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 5d11784fb81765023f89a4f4243fe1a9
    FieldValue
    ToBeSigned (TBS) MD5b5ff0da6f1d327dca52b08e9c7c8d439
    ToBeSigned (TBS) SHA1c7acfdfc234a3bb37535cbe2785d9202b4b0a10c
    ToBeSigned (TBS) SHA25680a8f0e8652dcea59596b4238f4c2d9f0212a25ea7434fde70a68a202b7ed0b1
    SubjectC=CN, ST=Shandong, L=Binzhou, O=Binzhoushi Yongyu Feed Co.,LTd., CN=Binzhoushi Yongyu Feed Co.,LTd.
    ValidFrom2014-01-17 00:00:00
    ValidTo2016-01-17 23:59:59
    Signature565de91bd9b0bbefe729b5e1a4070c18ee9855ad678967425dd8f4284cdd54fd20affa0449eb2061c26c0720e6b64ee7323461482ad375a2223074f1d41c96b48249ef810d1dc390b89890e703a407c05c7f5d8670573f22dcf7aa210b6d35793423e62a015309d1b37bc59664c32778d78bda41c215a9db9f13c95d922b5d2c0a798b3a642f50cc1aa12db6a398ab2741ce185e65d24ecbcad0d2309cf28530ae4c2ab4207dd35168d612ba3974230fd8d6121f4a9bd47b8ccb5e431f56e7b7f31e879a0f905dc16d1b73f0aa3ef9aeef75a471c09d484c1f474f97fcae827f29cedbd9f022d3e14a1d7ed7792a62b581f58e5e74c5eae41a32b9cc1da2f889
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber5d11784fb81765023f89a4f4243fe1a9
    Version3
    Certificate 47974d7873a5bcab0d2fb370192fce5e
    FieldValue
    ToBeSigned (TBS) MD5e3a93dc2a8a8a668fdbb286bfe9afab5
    ToBeSigned (TBS) SHA195795d2aa2a554a423bc8c6e5b0a016d14887d35
    ToBeSigned (TBS) SHA256d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
    SubjectC=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47974d7873a5bcab0d2fb370192fce5e
    Version3
    Certificate 611fb0a400000000001d
    FieldValue
    ToBeSigned (TBS) MD5a3f222107d4e1085e73b5b589c2f480b
    ToBeSigned (TBS) SHA1b94aa26cd77c48d91a53ac44506cbd255e1d362c
    ToBeSigned (TBS) SHA256a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
    SubjectC=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
    ValidFrom2011-02-22 19:31:57
    ValidTo2021-02-22 19:41:57
    Signature2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611fb0a400000000001d
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • PsProcessType
    • IoGetLowerDeviceObject
    • ExFreePoolWithTag
    • IoRegisterShutdownNotification
    • IoAttachDeviceToDeviceStackSafe
    • PsLookupProcessByProcessId
    • RtlInitUnicodeString
    • IoDeleteDevice
    • MmGetSystemRoutineAddress
    • IoDetachDevice
    • KeDelayExecutionThread
    • IoUnregisterShutdownNotification
    • ZwClose
    • IoGetAttachedDeviceReference
    • PsGetCurrentProcessId
    • ObfDereferenceObject
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoUnregisterFsRegistrationChange
    • ObOpenObjectByPointer
    • IoRegisterFsRegistrationChange
    • IofCallDriver
    • MmUnmapLockedPages
    • _wcsicmp
    • PsGetProcessPeb
    • ZwCreateKey
    • RtlCreateUnicodeString
    • MmMapLockedPages
    • PsSetLoadImageNotifyRoutine
    • _wcsnicmp
    • ZwReadFile
    • IoCreateFile
    • ZwDeleteValueKey
    • ZwSetValueKey
    • RtlEqualUnicodeString
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • RtlFreeUnicodeString
    • ObQueryNameString
    • ZwQueryValueKey
    • _vsnwprintf
    • RtlRandom
    • PsRemoveLoadImageNotifyRoutine
    • ZwFlushKey
    • MmCreateMdl
    • ZwDeleteFile
    • PsGetVersion
    • CmRegisterCallback
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • CmUnRegisterCallback
    • ZwQueryInformationFile
    • ZwWriteFile
    • ZwDeleteKey
    • ZwEnumerateKey
    • ZwAllocateVirtualMemory
    • ZwOpenKey
    • KeUnstackDetachProcess
    • ZwWaitForSingleObject
    • ZwFreeVirtualMemory
    • PsGetProcessSessionId
    • ZwDuplicateObject
    • ObReferenceObjectByName
    • KeStackAttachProcess
    • RtlSubAuthoritySid
    • _strnicmp
    • KeSetEvent
    • KeInitializeEvent
    • ZwOpenProcessTokenEx
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsThreadType
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • KeBugCheckEx
    • strncmp
    • strstr
    • strchr
    • strncpy
    • _vsnprintf
    • rand
    • _stricmp
    • ExAllocatePool
    • IoBuildDeviceIoControlRequest
    • IoGetRelatedDeviceObject
    • ZwCreateFile
    • IoFreeIrp
    • MmProbeAndLockPages
    • IoAllocateMdl
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Signature": "14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.",
          "TBS": {
            "MD5": "e01323d4e9f20b9c042abdd9585d2d81",
            "SHA1": "d1fab71f563191354037fe0bb8bf73718c721e45",
            "SHA256": "9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14",
            "SHA384": "9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b"
          },
          "ValidFrom": "2014-05-06 00:00:00",
          "ValidTo": "2015-05-06 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611993e400000000001c",
          "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "78a717e082dcc1cda3458d917e677d14",
            "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
            "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
            "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
          },
          "ValidFrom": "2011-02-22 19:25:17",
          "ValidTo": "2021-02-22 19:35:17",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "300f6facdd6698747ca94636a7782db9",
          "Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
          "TBS": {
            "MD5": "63499ed59a1293b786649470e4ce0bd7",
            "SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
            "SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
            "SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
          },
          "ValidFrom": "2019-05-02 00:00:00",
          "ValidTo": "2038-01-18 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0090397f9ad24a3a13f2bd915f0838a943",
          "Signature": "73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3",
          "TBS": {
            "MD5": "26ec2c9bfcb06fdf8a6d95f2c616fd72",
            "SHA1": "635466f1432046f6fd338624c068872ab6488b12",
            "SHA256": "2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839",
            "SHA384": "62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660"
          },
          "ValidFrom": "2022-05-11 00:00:00",
          "ValidTo": "2033-08-10 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-09 06:55:38
    MD50023ca0ca16a62d93ef51f3df98b2f94
    SHA197812f334a077c40e8e642bb9872ac2c49ddb9a2
    SHA25650819a1add4c81c0d53203592d6803f022443440935ff8260ff3b6d5253c0c76
    Authentihash MD5c12f9f4027088d2ca69b2d2fec33131b
    Authentihash SHA1f73aa876791246fb7486214e4d3f81a0d375e649
    Authentihash SHA25688b901ce8ee199bc371e9cf39ab5375d31c6881a25ba5827e9b32ba7946ecda1
    RichPEHeaderHash MD5ffdf660eb1ebf020a1d0a55a90712dfb
    RichPEHeaderHash SHA13e905e3d061d0d59de61fcf39c994fcb0ec1bab3
    RichPEHeaderHash SHA2562b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • ExAllocatePool
    • NtQuerySystemInformation
    • ExFreePoolWithTag
    • IoAllocateMdl
    • MmProbeAndLockPages
    • MmMapLockedPagesSpecifyCache
    • MmUnlockPages
    • IoFreeMdl
    • KeQueryActiveProcessors
    • KeSetSystemAffinityThread
    • KeRevertToUserAffinityThread
    • DbgPrint
    • KeQueryPerformanceCounter

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .%V,
    • .vK6
    • .ubd
    • .reloc
    • .rsrc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Signature": "14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.",
          "TBS": {
            "MD5": "e01323d4e9f20b9c042abdd9585d2d81",
            "SHA1": "d1fab71f563191354037fe0bb8bf73718c721e45",
            "SHA256": "9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14",
            "SHA384": "9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b"
          },
          "ValidFrom": "2014-05-06 00:00:00",
          "ValidTo": "2015-05-06 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611993e400000000001c",
          "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "78a717e082dcc1cda3458d917e677d14",
            "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
            "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
            "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
          },
          "ValidFrom": "2011-02-22 19:25:17",
          "ValidTo": "2021-02-22 19:35:17",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "300f6facdd6698747ca94636a7782db9",
          "Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
          "TBS": {
            "MD5": "63499ed59a1293b786649470e4ce0bd7",
            "SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
            "SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
            "SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
          },
          "ValidFrom": "2019-05-02 00:00:00",
          "ValidTo": "2038-01-18 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0090397f9ad24a3a13f2bd915f0838a943",
          "Signature": "73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3",
          "TBS": {
            "MD5": "26ec2c9bfcb06fdf8a6d95f2c616fd72",
            "SHA1": "635466f1432046f6fd338624c068872ab6488b12",
            "SHA256": "2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839",
            "SHA384": "62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660"
          },
          "ValidFrom": "2022-05-11 00:00:00",
          "ValidTo": "2033-08-10 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:23:58
    MD5f69b06ca7c34d16f26ea1c6861edf62a
    SHA1fdbcebb6cafda927d384d7be2e8063a4377d884f
    SHA256770f33259d6fb10f4a32d8a57d0d12953e8455c72bb7b60cb39ce505c507013a
    Authentihash MD55d9b4ff04047d06a76354c7f7caa1e9e
    Authentihash SHA16230645a707228e023d7fc9c5c86c340be05f9c3
    Authentihash SHA25628d3a5a85eef4561c4ad08fd83aca4f7a946f8dca8bfb7958a855a80197f68a6
    RichPEHeaderHash MD50b8725117e665d5272218cb41038327d
    RichPEHeaderHash SHA1a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
    RichPEHeaderHash SHA256b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • PsProcessType
    • IoGetLowerDeviceObject
    • ExFreePoolWithTag
    • IoRegisterShutdownNotification
    • IoAttachDeviceToDeviceStackSafe
    • PsLookupProcessByProcessId
    • RtlInitUnicodeString
    • IoDeleteDevice
    • MmGetSystemRoutineAddress
    • IoDetachDevice
    • KeDelayExecutionThread
    • IoUnregisterShutdownNotification
    • ZwClose
    • IoGetAttachedDeviceReference
    • PsGetCurrentProcessId
    • ObfDereferenceObject
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoUnregisterFsRegistrationChange
    • ObOpenObjectByPointer
    • IoRegisterFsRegistrationChange
    • IofCallDriver
    • MmUnmapLockedPages
    • _wcsicmp
    • PsGetProcessPeb
    • ZwCreateKey
    • RtlCreateUnicodeString
    • MmMapLockedPages
    • PsSetLoadImageNotifyRoutine
    • _wcsnicmp
    • ZwReadFile
    • IoGetRelatedDeviceObject
    • KeSetEvent
    • IoCreateFile
    • KeInitializeEvent
    • ZwDeleteValueKey
    • ZwSetValueKey
    • RtlEqualUnicodeString
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • RtlFreeUnicodeString
    • ObQueryNameString
    • IoFileObjectType
    • ZwQueryValueKey
    • _vsnwprintf
    • RtlRandom
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • ZwFlushKey
    • MmCreateMdl
    • IoFreeIrp
    • ZwDeleteFile
    • PsGetVersion
    • IoAllocateIrp
    • CmRegisterCallback
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • CmUnRegisterCallback
    • ZwQueryInformationFile
    • ZwWriteFile
    • ZwDeleteKey
    • ZwEnumerateKey
    • ZwAllocateVirtualMemory
    • ZwOpenKey
    • KeUnstackDetachProcess
    • ZwWaitForSingleObject
    • ZwFreeVirtualMemory
    • PsGetProcessSessionId
    • ZwDuplicateObject
    • ObReferenceObjectByName
    • KeStackAttachProcess
    • RtlSubAuthoritySid
    • _strnicmp
    • ZwOpenProcessTokenEx
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • PsThreadType
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • KeBugCheckEx
    • strncmp
    • strstr
    • strchr
    • strncpy
    • _vsnprintf
    • rand
    • _stricmp
    • ExAllocatePool
    • IoBuildDeviceIoControlRequest
    • ZwCreateFile
    • MmProbeAndLockPages
    • IoAllocateMdl
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Signature": "14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.",
          "TBS": {
            "MD5": "e01323d4e9f20b9c042abdd9585d2d81",
            "SHA1": "d1fab71f563191354037fe0bb8bf73718c721e45",
            "SHA256": "9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14",
            "SHA384": "9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b"
          },
          "ValidFrom": "2014-05-06 00:00:00",
          "ValidTo": "2015-05-06 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611993e400000000001c",
          "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "78a717e082dcc1cda3458d917e677d14",
            "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
            "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
            "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
          },
          "ValidFrom": "2011-02-22 19:25:17",
          "ValidTo": "2021-02-22 19:35:17",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "300f6facdd6698747ca94636a7782db9",
          "Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
          "TBS": {
            "MD5": "63499ed59a1293b786649470e4ce0bd7",
            "SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
            "SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
            "SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
          },
          "ValidFrom": "2019-05-02 00:00:00",
          "ValidTo": "2038-01-18 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0090397f9ad24a3a13f2bd915f0838a943",
          "Signature": "73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3",
          "TBS": {
            "MD5": "26ec2c9bfcb06fdf8a6d95f2c616fd72",
            "SHA1": "635466f1432046f6fd338624c068872ab6488b12",
            "SHA256": "2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839",
            "SHA384": "62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660"
          },
          "ValidFrom": "2022-05-11 00:00:00",
          "ValidTo": "2033-08-10 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-27 22:28:03
    MD5e8eac6642b882a6196555539149c73f2
    SHA13825ebb0b0664b5f0789371240f65231693be37d
    SHA25686047bb1969d1db455493955fd450d18c62a3f36294d0a6c3732c88dfbcc4f62
    Authentihash MD51584b06241f08d74434a452e798b2809
    Authentihash SHA18eca36d54d04736f61f54285bcee8c30ed892553
    Authentihash SHA256ff6108dd2017f9bc7ea93c43c1afbda0f1cc7b00f5afafb4ce3cf0a193e9598b
    RichPEHeaderHash MD50b8725117e665d5272218cb41038327d
    RichPEHeaderHash SHA1a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
    RichPEHeaderHash SHA256b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • PsProcessType
    • IoGetLowerDeviceObject
    • ExFreePoolWithTag
    • IoRegisterShutdownNotification
    • IoAttachDeviceToDeviceStackSafe
    • PsLookupProcessByProcessId
    • RtlInitUnicodeString
    • IoDeleteDevice
    • MmGetSystemRoutineAddress
    • IoDetachDevice
    • KeDelayExecutionThread
    • IoUnregisterShutdownNotification
    • ZwClose
    • IoGetAttachedDeviceReference
    • PsGetCurrentProcessId
    • ObfDereferenceObject
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoUnregisterFsRegistrationChange
    • ObOpenObjectByPointer
    • IoRegisterFsRegistrationChange
    • IofCallDriver
    • MmUnmapLockedPages
    • _wcsicmp
    • PsGetProcessPeb
    • ZwCreateKey
    • RtlCreateUnicodeString
    • MmMapLockedPages
    • PsSetLoadImageNotifyRoutine
    • _wcsnicmp
    • ZwReadFile
    • IoGetRelatedDeviceObject
    • KeSetEvent
    • IoCreateFile
    • KeInitializeEvent
    • ZwDeleteValueKey
    • ZwSetValueKey
    • RtlEqualUnicodeString
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • RtlFreeUnicodeString
    • ObQueryNameString
    • IoFileObjectType
    • ZwQueryValueKey
    • _vsnwprintf
    • RtlRandom
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • ZwFlushKey
    • MmCreateMdl
    • IoFreeIrp
    • ZwDeleteFile
    • PsGetVersion
    • IoAllocateIrp
    • CmRegisterCallback
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • CmUnRegisterCallback
    • ZwQueryInformationFile
    • ZwWriteFile
    • ZwDeleteKey
    • ZwEnumerateKey
    • ZwAllocateVirtualMemory
    • ZwOpenKey
    • KeUnstackDetachProcess
    • ZwWaitForSingleObject
    • ZwFreeVirtualMemory
    • PsGetProcessSessionId
    • ZwDuplicateObject
    • ObReferenceObjectByName
    • KeStackAttachProcess
    • RtlSubAuthoritySid
    • _strnicmp
    • ZwOpenProcessTokenEx
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • PsThreadType
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • KeBugCheckEx
    • strncmp
    • strstr
    • strchr
    • strncpy
    • _vsnprintf
    • rand
    • _stricmp
    • ExAllocatePool
    • IoBuildDeviceIoControlRequest
    • ZwCreateFile
    • MmProbeAndLockPages
    • IoAllocateMdl
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Signature": "14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.",
          "TBS": {
            "MD5": "e01323d4e9f20b9c042abdd9585d2d81",
            "SHA1": "d1fab71f563191354037fe0bb8bf73718c721e45",
            "SHA256": "9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14",
            "SHA384": "9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b"
          },
          "ValidFrom": "2014-05-06 00:00:00",
          "ValidTo": "2015-05-06 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611993e400000000001c",
          "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "78a717e082dcc1cda3458d917e677d14",
            "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
            "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
            "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
          },
          "ValidFrom": "2011-02-22 19:25:17",
          "ValidTo": "2021-02-22 19:35:17",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "300f6facdd6698747ca94636a7782db9",
          "Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
          "TBS": {
            "MD5": "63499ed59a1293b786649470e4ce0bd7",
            "SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
            "SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
            "SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
          },
          "ValidFrom": "2019-05-02 00:00:00",
          "ValidTo": "2038-01-18 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0090397f9ad24a3a13f2bd915f0838a943",
          "Signature": "73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3",
          "TBS": {
            "MD5": "26ec2c9bfcb06fdf8a6d95f2c616fd72",
            "SHA1": "635466f1432046f6fd338624c068872ab6488b12",
            "SHA256": "2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839",
            "SHA384": "62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660"
          },
          "ValidFrom": "2022-05-11 00:00:00",
          "ValidTo": "2033-08-10 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:23:58
    MD55ebfc0af031130ba9de1d5d3275734b3
    SHA148f03a13b0f6d3d929a86514ce48a9352ffef5ad
    SHA256bb2422e96ea993007f25c71d55b2eddfa1e940c89e895abb50dd07d7c17ca1df
    Authentihash MD51959eac3bb98c3032791b0dc6d662281
    Authentihash SHA1f8df5fd765770a56c227c66b47edcf38f868ef33
    Authentihash SHA256a0801ade5de44b65afb8c275e11e4d766ae64af1a5740ad4f1db1acc4e088774
    RichPEHeaderHash MD50b8725117e665d5272218cb41038327d
    RichPEHeaderHash SHA1a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
    RichPEHeaderHash SHA256b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • PsProcessType
    • IoGetLowerDeviceObject
    • ExFreePoolWithTag
    • IoRegisterShutdownNotification
    • IoAttachDeviceToDeviceStackSafe
    • PsLookupProcessByProcessId
    • RtlInitUnicodeString
    • IoDeleteDevice
    • MmGetSystemRoutineAddress
    • IoDetachDevice
    • KeDelayExecutionThread
    • IoUnregisterShutdownNotification
    • ZwClose
    • IoGetAttachedDeviceReference
    • PsGetCurrentProcessId
    • ObfDereferenceObject
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoUnregisterFsRegistrationChange
    • ObOpenObjectByPointer
    • IoRegisterFsRegistrationChange
    • IofCallDriver
    • MmUnmapLockedPages
    • _wcsicmp
    • PsGetProcessPeb
    • ZwCreateKey
    • RtlCreateUnicodeString
    • MmMapLockedPages
    • PsSetLoadImageNotifyRoutine
    • _wcsnicmp
    • ZwReadFile
    • IoGetRelatedDeviceObject
    • KeSetEvent
    • IoCreateFile
    • KeInitializeEvent
    • ZwDeleteValueKey
    • ZwSetValueKey
    • RtlEqualUnicodeString
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • RtlFreeUnicodeString
    • ObQueryNameString
    • IoFileObjectType
    • ZwQueryValueKey
    • _vsnwprintf
    • RtlRandom
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • ZwFlushKey
    • MmCreateMdl
    • IoFreeIrp
    • ZwDeleteFile
    • PsGetVersion
    • IoAllocateIrp
    • CmRegisterCallback
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • CmUnRegisterCallback
    • ZwQueryInformationFile
    • ZwWriteFile
    • ZwDeleteKey
    • ZwEnumerateKey
    • ZwAllocateVirtualMemory
    • ZwOpenKey
    • KeUnstackDetachProcess
    • ZwWaitForSingleObject
    • ZwFreeVirtualMemory
    • PsGetProcessSessionId
    • ZwDuplicateObject
    • ObReferenceObjectByName
    • KeStackAttachProcess
    • RtlSubAuthoritySid
    • _strnicmp
    • ZwOpenProcessTokenEx
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • PsThreadType
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • KeBugCheckEx
    • strncmp
    • strstr
    • strchr
    • strncpy
    • _vsnprintf
    • rand
    • _stricmp
    • ExAllocatePool
    • IoBuildDeviceIoControlRequest
    • ZwCreateFile
    • MmProbeAndLockPages
    • IoAllocateMdl
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Signature": "14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.",
          "TBS": {
            "MD5": "e01323d4e9f20b9c042abdd9585d2d81",
            "SHA1": "d1fab71f563191354037fe0bb8bf73718c721e45",
            "SHA256": "9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14",
            "SHA384": "9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b"
          },
          "ValidFrom": "2014-05-06 00:00:00",
          "ValidTo": "2015-05-06 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611993e400000000001c",
          "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "78a717e082dcc1cda3458d917e677d14",
            "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
            "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
            "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
          },
          "ValidFrom": "2011-02-22 19:25:17",
          "ValidTo": "2021-02-22 19:35:17",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "300f6facdd6698747ca94636a7782db9",
          "Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
          "TBS": {
            "MD5": "63499ed59a1293b786649470e4ce0bd7",
            "SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
            "SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
            "SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
          },
          "ValidFrom": "2019-05-02 00:00:00",
          "ValidTo": "2038-01-18 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0090397f9ad24a3a13f2bd915f0838a943",
          "Signature": "73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3",
          "TBS": {
            "MD5": "26ec2c9bfcb06fdf8a6d95f2c616fd72",
            "SHA1": "635466f1432046f6fd338624c068872ab6488b12",
            "SHA256": "2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839",
            "SHA384": "62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660"
          },
          "ValidFrom": "2022-05-11 00:00:00",
          "ValidTo": "2033-08-10 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:23:58
    MD540b968ecdbe9e967d92c5da51c390eee
    SHA1b8b123a413b7bccfa8433deba4f88669c969b543
    SHA25606c5ebd0371342d18bc81a96f5e5ce28de64101e3c2fd0161d0b54d8368d2f1f
    Authentihash MD598a3ab2b723de48256701b417ff87a65
    Authentihash SHA1ff80d6663a92ff454526e88847cbb4d9bd00e21e
    Authentihash SHA25679278979d9300670d1084493bbc03ae374efc5ab02850941e85753885fa88e47
    RichPEHeaderHash MD50b8725117e665d5272218cb41038327d
    RichPEHeaderHash SHA1a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
    RichPEHeaderHash SHA256b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 33000000f5e8773b206b1ccd610000000000f5
    FieldValue
    ToBeSigned (TBS) MD5bf6aed18e4c3fd6ac87330096df18117
    ToBeSigned (TBS) SHA1f96be504b875f1e63bf51eacc6768e4fdecddcc6
    ToBeSigned (TBS) SHA25676c137a4dd29ebb1cb6a5d319d17e7049ad6d524f9de5d47c24c14b16a4f0720
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2023-01-12 19:14:52
    ValidTo2023-12-15 19:14:52
    Signature5548d9042f4a8d4776b5fccbacda2e58d5161fb7932287aa5da1c9afaca15c230908ed96adeb0f6a86dc3972a85de00fb4d4db0a52394116887998fd673f57a0520fa1e39806b348e555cfe5a419c501a0fbfbdb79e88d37656735fa6cd56d5c465fe3871f5157e357d73956d4586bd50508522be7e24d2357d7ab53e3ae46d2d168e52d0d15761eaab962c36ee0791cabd33869f11f9512772261cda6249f16f85772116cc0585975600e5fe949e1a2bb85820ddf901b9e48ee805aacd1c826a1304916e2180de5d3ecc2fc0375d3a877ab8a058dda7e05aa91727523e579d17ce0dce414612d9b638b1ff5ad74d654c5b7e638a3cca372c5f51db638794ed6
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber33000000f5e8773b206b1ccd610000000000f5
    Version3
    Certificate 610baac1000000000009
    FieldValue
    ToBeSigned (TBS) MD5a569061297e8e824767dbc3184a69bea
    ToBeSigned (TBS) SHA1adbb26a587a8f44b4fccaecb306f980d1c55a150
    ToBeSigned (TBS) SHA256cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
    ValidFrom2012-04-18 23:48:38
    ValidTo2027-04-18 23:58:38
    Signature5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber610baac1000000000009
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • PsProcessType
    • IoGetLowerDeviceObject
    • ExFreePoolWithTag
    • IoRegisterShutdownNotification
    • IoAttachDeviceToDeviceStackSafe
    • PsLookupProcessByProcessId
    • RtlInitUnicodeString
    • IoDeleteDevice
    • MmGetSystemRoutineAddress
    • IoDetachDevice
    • KeDelayExecutionThread
    • IoUnregisterShutdownNotification
    • ZwClose
    • IoGetAttachedDeviceReference
    • PsGetCurrentProcessId
    • ObfDereferenceObject
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoUnregisterFsRegistrationChange
    • ObOpenObjectByPointer
    • IoRegisterFsRegistrationChange
    • IofCallDriver
    • MmUnmapLockedPages
    • _wcsicmp
    • PsGetProcessPeb
    • ZwCreateKey
    • RtlCreateUnicodeString
    • MmMapLockedPages
    • PsSetLoadImageNotifyRoutine
    • _wcsnicmp
    • ZwReadFile
    • IoGetRelatedDeviceObject
    • KeSetEvent
    • IoCreateFile
    • KeInitializeEvent
    • ZwDeleteValueKey
    • ZwSetValueKey
    • RtlEqualUnicodeString
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • RtlFreeUnicodeString
    • ObQueryNameString
    • IoFileObjectType
    • ZwQueryValueKey
    • _vsnwprintf
    • RtlRandom
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • ZwFlushKey
    • MmCreateMdl
    • IoFreeIrp
    • ZwDeleteFile
    • PsGetVersion
    • IoAllocateIrp
    • CmRegisterCallback
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • CmUnRegisterCallback
    • ZwQueryInformationFile
    • ZwWriteFile
    • ZwDeleteKey
    • ZwEnumerateKey
    • ZwAllocateVirtualMemory
    • ZwOpenKey
    • KeUnstackDetachProcess
    • ZwWaitForSingleObject
    • ZwFreeVirtualMemory
    • PsGetProcessSessionId
    • ZwDuplicateObject
    • ObReferenceObjectByName
    • KeStackAttachProcess
    • RtlSubAuthoritySid
    • _strnicmp
    • ZwOpenProcessTokenEx
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • PsThreadType
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • KeBugCheckEx
    • strncmp
    • strstr
    • strchr
    • strncpy
    • _vsnprintf
    • rand
    • _stricmp
    • ExAllocatePool
    • IoBuildDeviceIoControlRequest
    • ZwCreateFile
    • MmProbeAndLockPages
    • IoAllocateMdl
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Signature": "14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.",
          "TBS": {
            "MD5": "e01323d4e9f20b9c042abdd9585d2d81",
            "SHA1": "d1fab71f563191354037fe0bb8bf73718c721e45",
            "SHA256": "9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14",
            "SHA384": "9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b"
          },
          "ValidFrom": "2014-05-06 00:00:00",
          "ValidTo": "2015-05-06 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611993e400000000001c",
          "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "78a717e082dcc1cda3458d917e677d14",
            "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
            "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
            "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
          },
          "ValidFrom": "2011-02-22 19:25:17",
          "ValidTo": "2021-02-22 19:35:17",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "300f6facdd6698747ca94636a7782db9",
          "Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
          "TBS": {
            "MD5": "63499ed59a1293b786649470e4ce0bd7",
            "SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
            "SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
            "SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
          },
          "ValidFrom": "2019-05-02 00:00:00",
          "ValidTo": "2038-01-18 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0090397f9ad24a3a13f2bd915f0838a943",
          "Signature": "73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3",
          "TBS": {
            "MD5": "26ec2c9bfcb06fdf8a6d95f2c616fd72",
            "SHA1": "635466f1432046f6fd338624c068872ab6488b12",
            "SHA256": "2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839",
            "SHA384": "62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660"
          },
          "ValidFrom": "2022-05-11 00:00:00",
          "ValidTo": "2033-08-10 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-07 08:50:54
    MD5c71be7b112059d2dc84c0f952e04e6cc
    SHA19ee31f1f25f675a12b7bad386244a9fbfa786a87
    SHA2566661320f779337b95bbbe1943ee64afb2101c92f92f3d1571c1bf4201c38c724
    Authentihash MD501788e7162863cfe7aeba0f040a6cc08
    Authentihash SHA1ded2c02db6b5addf9d521361fd3657b2b6894a48
    Authentihash SHA256223b320fb86cd4a1019ce31ac6901ce6bc41792810bd995db232dad790398852
    RichPEHeaderHash MD5fcc2deab7e9faa5b1d77595feb500b14
    RichPEHeaderHash SHA1986d82b450e146954da1d2aa002df555a2458878
    RichPEHeaderHash SHA2568a1062d510272d9077cb3bc5a2afaeb4284c1d31bca2a87324830440d1165e6c
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 5f9e06262d2eed425c886a4709350426
    FieldValue
    ToBeSigned (TBS) MD5e01323d4e9f20b9c042abdd9585d2d81
    ToBeSigned (TBS) SHA1d1fab71f563191354037fe0bb8bf73718c721e45
    ToBeSigned (TBS) SHA2569db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14
    SubjectC=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.
    ValidFrom2014-05-06 00:00:00
    ValidTo2015-05-06 23:59:59
    Signature14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber5f9e06262d2eed425c886a4709350426
    Version3
    Certificate 611993e400000000001c
    FieldValue
    ToBeSigned (TBS) MD578a717e082dcc1cda3458d917e677d14
    ToBeSigned (TBS) SHA14a872e0e51f9b304469cd1dedb496ee9b8b983a4
    ToBeSigned (TBS) SHA256317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2011-02-22 19:25:17
    ValidTo2021-02-22 19:35:17
    Signature812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611993e400000000001c
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3
    Certificate 300f6facdd6698747ca94636a7782db9
    FieldValue
    ToBeSigned (TBS) MD563499ed59a1293b786649470e4ce0bd7
    ToBeSigned (TBS) SHA17309d8eaa65da1f3da7030c08f00a3b0a20fa908
    ToBeSigned (TBS) SHA2568c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
    SubjectC=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA
    ValidFrom2019-05-02 00:00:00
    ValidTo2038-01-18 23:59:59
    Signature6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
    SignatureAlgorithmOID1.2.840.113549.1.1.12
    IsCertificateAuthorityTrue
    SerialNumber300f6facdd6698747ca94636a7782db9
    Version3
    Certificate 0090397f9ad24a3a13f2bd915f0838a943
    FieldValue
    ToBeSigned (TBS) MD526ec2c9bfcb06fdf8a6d95f2c616fd72
    ToBeSigned (TBS) SHA1635466f1432046f6fd338624c068872ab6488b12
    ToBeSigned (TBS) SHA2562219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839
    SubjectC=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3
    ValidFrom2022-05-11 00:00:00
    ValidTo2033-08-10 23:59:59
    Signature73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5
    SignatureAlgorithmOID1.2.840.113549.1.1.12
    IsCertificateAuthorityFalse
    SerialNumber0090397f9ad24a3a13f2bd915f0838a943
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • IoDetachDevice
    • memcpy
    • memset
    • ZwClose
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • ObOpenObjectByPointer
    • PsProcessType
    • PsLookupProcessByProcessId
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • IofCallDriver
    • PsGetCurrentProcessId
    • IoGetLowerDeviceObject
    • ObfDereferenceObject
    • IoGetAttachedDeviceReference
    • IoUnregisterShutdownNotification
    • KeDelayExecutionThread
    • IoAttachDeviceToDeviceStackSafe
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoRegisterShutdownNotification
    • IoUnregisterFsRegistrationChange
    • IoRegisterFsRegistrationChange
    • _vsnwprintf
    • PsGetVersion
    • ZwAllocateVirtualMemory
    • MmUnmapLockedPages
    • IoFreeMdl
    • MmMapLockedPages
    • MmBuildMdlForNonPagedPool
    • MmCreateMdl
    • ZwReadFile
    • ZwQueryInformationFile
    • IoCreateFile
    • _wcsicmp
    • _wcsnicmp
    • RtlEqualUnicodeString
    • ZwWriteFile
    • ZwFlushKey
    • ZwSetValueKey
    • ZwQueryValueKey
    • RtlRandom
    • KeQuerySystemTime
    • ZwDeleteKey
    • ZwOpenKey
    • ZwEnumerateKey
    • ObQueryNameString
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • PsGetProcessPeb
    • RtlCreateUnicodeString
    • ZwDeleteValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • ZwDeleteFile
    • PsRemoveLoadImageNotifyRoutine
    • CmUnRegisterCallback
    • PsSetLoadImageNotifyRoutine
    • CmRegisterCallback
    • ObReferenceObjectByName
    • ZwFreeVirtualMemory
    • ZwWaitForSingleObject
    • KeUnstackDetachProcess
    • KeStackAttachProcess
    • ZwDuplicateObject
    • PsGetProcessSessionId
    • _strnicmp
    • RtlSubAuthoritySid
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • ZwOpenProcessTokenEx
    • PsTerminateSystemThread
    • KeWaitForSingleObject
    • ObReferenceObjectByHandle
    • PsThreadType
    • PsCreateSystemThread
    • KeInitializeEvent
    • KeSetEvent
    • KeTickCount
    • KeBugCheckEx
    • _vsnprintf
    • strncmp
    • strchr
    • strncpy
    • strstr
    • ExAllocatePool
    • _stricmp
    • rand
    • ZwCreateFile
    • IoBuildDeviceIoControlRequest
    • IoGetRelatedDeviceObject
    • MmProbeAndLockPages
    • IoFreeIrp
    • IoAllocateMdl
    • _allshl
    • RtlUnwind

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Signature": "14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.",
          "TBS": {
            "MD5": "e01323d4e9f20b9c042abdd9585d2d81",
            "SHA1": "d1fab71f563191354037fe0bb8bf73718c721e45",
            "SHA256": "9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14",
            "SHA384": "9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b"
          },
          "ValidFrom": "2014-05-06 00:00:00",
          "ValidTo": "2015-05-06 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611993e400000000001c",
          "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "78a717e082dcc1cda3458d917e677d14",
            "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
            "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
            "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
          },
          "ValidFrom": "2011-02-22 19:25:17",
          "ValidTo": "2021-02-22 19:35:17",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "300f6facdd6698747ca94636a7782db9",
          "Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
          "TBS": {
            "MD5": "63499ed59a1293b786649470e4ce0bd7",
            "SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
            "SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
            "SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
          },
          "ValidFrom": "2019-05-02 00:00:00",
          "ValidTo": "2038-01-18 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0090397f9ad24a3a13f2bd915f0838a943",
          "Signature": "73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3",
          "TBS": {
            "MD5": "26ec2c9bfcb06fdf8a6d95f2c616fd72",
            "SHA1": "635466f1432046f6fd338624c068872ab6488b12",
            "SHA256": "2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839",
            "SHA384": "62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660"
          },
          "ValidFrom": "2022-05-11 00:00:00",
          "ValidTo": "2033-08-10 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-08 03:14:17
    MD50ea8389589c603a8b05146bd06020597
    SHA13c1c3f5f5081127229ba0019fbf0efc2a9c1d677
    SHA256f9f2091fccb289bcf6a945f6b38676ec71dedb32f3674262928ccaf840ca131a
    Authentihash MD50318de365e28ee38442c92b03747b088
    Authentihash SHA1ff0497dbd779bd65bbb7302b360dc0738a464e9b
    Authentihash SHA256dd759c6b9c4222c7b19e8b0ba7288d7395594d6884b9bcdf0ccfada3e6b7a8d5
    RichPEHeaderHash MD5fcc2deab7e9faa5b1d77595feb500b14
    RichPEHeaderHash SHA1986d82b450e146954da1d2aa002df555a2458878
    RichPEHeaderHash SHA2568a1062d510272d9077cb3bc5a2afaeb4284c1d31bca2a87324830440d1165e6c
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 5d11784fb81765023f89a4f4243fe1a9
    FieldValue
    ToBeSigned (TBS) MD5b5ff0da6f1d327dca52b08e9c7c8d439
    ToBeSigned (TBS) SHA1c7acfdfc234a3bb37535cbe2785d9202b4b0a10c
    ToBeSigned (TBS) SHA25680a8f0e8652dcea59596b4238f4c2d9f0212a25ea7434fde70a68a202b7ed0b1
    SubjectC=CN, ST=Shandong, L=Binzhou, O=Binzhoushi Yongyu Feed Co.,LTd., CN=Binzhoushi Yongyu Feed Co.,LTd.
    ValidFrom2014-01-17 00:00:00
    ValidTo2016-01-17 23:59:59
    Signature565de91bd9b0bbefe729b5e1a4070c18ee9855ad678967425dd8f4284cdd54fd20affa0449eb2061c26c0720e6b64ee7323461482ad375a2223074f1d41c96b48249ef810d1dc390b89890e703a407c05c7f5d8670573f22dcf7aa210b6d35793423e62a015309d1b37bc59664c32778d78bda41c215a9db9f13c95d922b5d2c0a798b3a642f50cc1aa12db6a398ab2741ce185e65d24ecbcad0d2309cf28530ae4c2ab4207dd35168d612ba3974230fd8d6121f4a9bd47b8ccb5e431f56e7b7f31e879a0f905dc16d1b73f0aa3ef9aeef75a471c09d484c1f474f97fcae827f29cedbd9f022d3e14a1d7ed7792a62b581f58e5e74c5eae41a32b9cc1da2f889
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber5d11784fb81765023f89a4f4243fe1a9
    Version3
    Certificate 47974d7873a5bcab0d2fb370192fce5e
    FieldValue
    ToBeSigned (TBS) MD5e3a93dc2a8a8a668fdbb286bfe9afab5
    ToBeSigned (TBS) SHA195795d2aa2a554a423bc8c6e5b0a016d14887d35
    ToBeSigned (TBS) SHA256d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
    SubjectC=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47974d7873a5bcab0d2fb370192fce5e
    Version3
    Certificate 611fb0a400000000001d
    FieldValue
    ToBeSigned (TBS) MD5a3f222107d4e1085e73b5b589c2f480b
    ToBeSigned (TBS) SHA1b94aa26cd77c48d91a53ac44506cbd255e1d362c
    ToBeSigned (TBS) SHA256a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
    SubjectC=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
    ValidFrom2011-02-22 19:31:57
    ValidTo2021-02-22 19:41:57
    Signature2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611fb0a400000000001d
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • IoDetachDevice
    • memcpy
    • memset
    • ZwClose
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • ObOpenObjectByPointer
    • PsProcessType
    • PsLookupProcessByProcessId
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • IofCallDriver
    • PsGetCurrentProcessId
    • IoGetLowerDeviceObject
    • ObfDereferenceObject
    • IoGetAttachedDeviceReference
    • IoUnregisterShutdownNotification
    • KeDelayExecutionThread
    • IoAttachDeviceToDeviceStackSafe
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoRegisterShutdownNotification
    • IoUnregisterFsRegistrationChange
    • IoRegisterFsRegistrationChange
    • _vsnwprintf
    • PsGetVersion
    • ZwAllocateVirtualMemory
    • MmUnmapLockedPages
    • IoFreeMdl
    • MmMapLockedPages
    • MmBuildMdlForNonPagedPool
    • MmCreateMdl
    • ZwReadFile
    • ZwQueryInformationFile
    • IoCreateFile
    • _wcsicmp
    • _wcsnicmp
    • RtlEqualUnicodeString
    • ZwWriteFile
    • ZwFlushKey
    • ZwSetValueKey
    • ZwQueryValueKey
    • RtlRandom
    • KeQuerySystemTime
    • ZwDeleteKey
    • ZwOpenKey
    • ZwEnumerateKey
    • ObQueryNameString
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • PsGetProcessPeb
    • RtlCreateUnicodeString
    • ZwDeleteValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • ZwDeleteFile
    • PsRemoveLoadImageNotifyRoutine
    • CmUnRegisterCallback
    • PsSetLoadImageNotifyRoutine
    • CmRegisterCallback
    • ObReferenceObjectByName
    • ZwFreeVirtualMemory
    • ZwWaitForSingleObject
    • KeUnstackDetachProcess
    • KeStackAttachProcess
    • ZwDuplicateObject
    • PsGetProcessSessionId
    • _strnicmp
    • RtlSubAuthoritySid
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • ZwOpenProcessTokenEx
    • PsTerminateSystemThread
    • KeWaitForSingleObject
    • ObReferenceObjectByHandle
    • PsThreadType
    • PsCreateSystemThread
    • KeInitializeEvent
    • KeSetEvent
    • KeTickCount
    • KeBugCheckEx
    • _vsnprintf
    • strncmp
    • strchr
    • strncpy
    • strstr
    • ExAllocatePool
    • _stricmp
    • rand
    • ZwCreateFile
    • IoBuildDeviceIoControlRequest
    • IoGetRelatedDeviceObject
    • MmProbeAndLockPages
    • IoFreeIrp
    • IoAllocateMdl
    • _allshl
    • RtlUnwind

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Signature": "14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.",
          "TBS": {
            "MD5": "e01323d4e9f20b9c042abdd9585d2d81",
            "SHA1": "d1fab71f563191354037fe0bb8bf73718c721e45",
            "SHA256": "9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14",
            "SHA384": "9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b"
          },
          "ValidFrom": "2014-05-06 00:00:00",
          "ValidTo": "2015-05-06 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611993e400000000001c",
          "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "78a717e082dcc1cda3458d917e677d14",
            "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
            "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
            "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
          },
          "ValidFrom": "2011-02-22 19:25:17",
          "ValidTo": "2021-02-22 19:35:17",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "300f6facdd6698747ca94636a7782db9",
          "Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
          "TBS": {
            "MD5": "63499ed59a1293b786649470e4ce0bd7",
            "SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
            "SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
            "SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
          },
          "ValidFrom": "2019-05-02 00:00:00",
          "ValidTo": "2038-01-18 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0090397f9ad24a3a13f2bd915f0838a943",
          "Signature": "73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3",
          "TBS": {
            "MD5": "26ec2c9bfcb06fdf8a6d95f2c616fd72",
            "SHA1": "635466f1432046f6fd338624c068872ab6488b12",
            "SHA256": "2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839",
            "SHA384": "62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660"
          },
          "ValidFrom": "2022-05-11 00:00:00",
          "ValidTo": "2033-08-10 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-09 06:55:46
    MD519bdd9b799e3c2c54c0d7fff68b31c20
    SHA1ea4a405445bb6e58c16b81f6d5d2c9a9edde419b
    SHA256e6f764c3b5580cd1675cbf184938ad5a201a8c096607857869bd7c3399df0d12
    Authentihash MD5619b74b682d2abd190cb3e0ac5ecd6f7
    Authentihash SHA1ed5e61e534550b1f286d0801d4464d45f38d2739
    Authentihash SHA25640e0be2ed5d07d5ecf14232fe64a95c7ad6fd942a60b4a6e21fda69c75bbb78d
    RichPEHeaderHash MD5ffdf660eb1ebf020a1d0a55a90712dfb
    RichPEHeaderHash SHA13e905e3d061d0d59de61fcf39c994fcb0ec1bab3
    RichPEHeaderHash SHA2562b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • IoDeleteDevice
    • ExAllocatePool
    • NtQuerySystemInformation
    • ExFreePoolWithTag
    • IoAllocateMdl
    • MmProbeAndLockPages
    • MmMapLockedPagesSpecifyCache
    • MmUnlockPages
    • IoFreeMdl
    • KeQueryActiveProcessors
    • KeSetSystemAffinityThread
    • KeRevertToUserAffinityThread
    • DbgPrint
    • _except_handler3
    • KeQueryPerformanceCounter

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .!ah
    • .ayl
    • .a"#
    • .reloc
    • .rsrc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Signature": "14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.",
          "TBS": {
            "MD5": "e01323d4e9f20b9c042abdd9585d2d81",
            "SHA1": "d1fab71f563191354037fe0bb8bf73718c721e45",
            "SHA256": "9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14",
            "SHA384": "9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b"
          },
          "ValidFrom": "2014-05-06 00:00:00",
          "ValidTo": "2015-05-06 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611993e400000000001c",
          "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "78a717e082dcc1cda3458d917e677d14",
            "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
            "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
            "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
          },
          "ValidFrom": "2011-02-22 19:25:17",
          "ValidTo": "2021-02-22 19:35:17",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "300f6facdd6698747ca94636a7782db9",
          "Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
          "TBS": {
            "MD5": "63499ed59a1293b786649470e4ce0bd7",
            "SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
            "SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
            "SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
          },
          "ValidFrom": "2019-05-02 00:00:00",
          "ValidTo": "2038-01-18 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0090397f9ad24a3a13f2bd915f0838a943",
          "Signature": "73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3",
          "TBS": {
            "MD5": "26ec2c9bfcb06fdf8a6d95f2c616fd72",
            "SHA1": "635466f1432046f6fd338624c068872ab6488b12",
            "SHA256": "2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839",
            "SHA384": "62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660"
          },
          "ValidFrom": "2022-05-11 00:00:00",
          "ValidTo": "2033-08-10 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:24:09
    MD588bea56ae9257b40063785cf47546024
    SHA1b5a8e2104d76dbb04cd9ffe86784113585822375
    SHA256e1cb86386757b947b39086cc8639da988f6e8018ca9995dd669bdc03c8d39d7d
    Authentihash MD5265462dbda175886e0c02257f2385753
    Authentihash SHA10e45b675fec76249e64f8a2d4bd5483886b91169
    Authentihash SHA25637a1a3fa4dc148924c1bfb60c88ffef082ee58cd0ee804d2de0f1d22c1e7802c
    RichPEHeaderHash MD5e1c6e942db6887e4c9e630b5bb75c313
    RichPEHeaderHash SHA1e703cd9718363d923287424967d01ca57fc8a842
    RichPEHeaderHash SHA2568afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • IoDetachDevice
    • memcpy
    • memset
    • ZwClose
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • ObOpenObjectByPointer
    • PsProcessType
    • PsLookupProcessByProcessId
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • IofCallDriver
    • PsGetCurrentProcessId
    • IoGetLowerDeviceObject
    • ObfDereferenceObject
    • IoGetAttachedDeviceReference
    • IoUnregisterShutdownNotification
    • KeDelayExecutionThread
    • IoAttachDeviceToDeviceStackSafe
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoRegisterShutdownNotification
    • IoUnregisterFsRegistrationChange
    • IoRegisterFsRegistrationChange
    • _vsnwprintf
    • PsGetVersion
    • ZwAllocateVirtualMemory
    • MmUnmapLockedPages
    • IoFreeMdl
    • MmMapLockedPages
    • MmBuildMdlForNonPagedPool
    • MmCreateMdl
    • ZwReadFile
    • ZwQueryInformationFile
    • IoCreateFile
    • _wcsicmp
    • _wcsnicmp
    • RtlEqualUnicodeString
    • ZwWriteFile
    • ZwFlushKey
    • ZwSetValueKey
    • ZwQueryValueKey
    • RtlRandom
    • KeQuerySystemTime
    • ZwDeleteKey
    • ZwOpenKey
    • ZwEnumerateKey
    • IoFreeIrp
    • KeSetEvent
    • KeWaitForSingleObject
    • KeGetCurrentThread
    • KeInitializeEvent
    • IoAllocateIrp
    • IoGetRelatedDeviceObject
    • ObReferenceObjectByHandle
    • IoFileObjectType
    • ObQueryNameString
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • PsGetProcessPeb
    • RtlCreateUnicodeString
    • ZwDeleteValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • ZwDeleteFile
    • PsRemoveLoadImageNotifyRoutine
    • CmUnRegisterCallback
    • PsSetLoadImageNotifyRoutine
    • CmRegisterCallback
    • ObReferenceObjectByName
    • ZwFreeVirtualMemory
    • ZwWaitForSingleObject
    • KeUnstackDetachProcess
    • KeStackAttachProcess
    • ZwDuplicateObject
    • PsGetProcessSessionId
    • _strnicmp
    • RtlSubAuthoritySid
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • ZwOpenProcessTokenEx
    • PsTerminateSystemThread
    • PsThreadType
    • PsCreateSystemThread
    • KeTickCount
    • KeBugCheckEx
    • _vsnprintf
    • strncmp
    • strchr
    • strncpy
    • strstr
    • ExAllocatePool
    • _stricmp
    • rand
    • ZwCreateFile
    • IoBuildDeviceIoControlRequest
    • MmProbeAndLockPages
    • IoAllocateMdl
    • _allshl
    • RtlUnwind

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Signature": "14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.",
          "TBS": {
            "MD5": "e01323d4e9f20b9c042abdd9585d2d81",
            "SHA1": "d1fab71f563191354037fe0bb8bf73718c721e45",
            "SHA256": "9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14",
            "SHA384": "9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b"
          },
          "ValidFrom": "2014-05-06 00:00:00",
          "ValidTo": "2015-05-06 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611993e400000000001c",
          "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "78a717e082dcc1cda3458d917e677d14",
            "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
            "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
            "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
          },
          "ValidFrom": "2011-02-22 19:25:17",
          "ValidTo": "2021-02-22 19:35:17",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "300f6facdd6698747ca94636a7782db9",
          "Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
          "TBS": {
            "MD5": "63499ed59a1293b786649470e4ce0bd7",
            "SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
            "SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
            "SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
          },
          "ValidFrom": "2019-05-02 00:00:00",
          "ValidTo": "2038-01-18 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0090397f9ad24a3a13f2bd915f0838a943",
          "Signature": "73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3",
          "TBS": {
            "MD5": "26ec2c9bfcb06fdf8a6d95f2c616fd72",
            "SHA1": "635466f1432046f6fd338624c068872ab6488b12",
            "SHA256": "2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839",
            "SHA384": "62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660"
          },
          "ValidFrom": "2022-05-11 00:00:00",
          "ValidTo": "2033-08-10 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-27 22:28:14
    MD53f11a94f1ac5efdd19767c6976da9ba4
    SHA1f92faed3ef92fa5bc88ebc1725221be5d7425528
    SHA2564734a0a5d88f44a4939b8d812364cab6ca5f611b9b8ceebe27df6c1ed3a6d8a4
    Authentihash MD5096f2e1d163a780fa3cb7f0870fe2b34
    Authentihash SHA10e4f45b762d5c548322cde3d0e2d5ff2d81c87f1
    Authentihash SHA256948735962436df24baa69e58421345d4a295e0821f4f93fd9f64e11f51a9666f
    RichPEHeaderHash MD5e1c6e942db6887e4c9e630b5bb75c313
    RichPEHeaderHash SHA1e703cd9718363d923287424967d01ca57fc8a842
    RichPEHeaderHash SHA2568afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • IoDetachDevice
    • memcpy
    • memset
    • ZwClose
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • ObOpenObjectByPointer
    • PsProcessType
    • PsLookupProcessByProcessId
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • IofCallDriver
    • PsGetCurrentProcessId
    • IoGetLowerDeviceObject
    • ObfDereferenceObject
    • IoGetAttachedDeviceReference
    • IoUnregisterShutdownNotification
    • KeDelayExecutionThread
    • IoAttachDeviceToDeviceStackSafe
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoRegisterShutdownNotification
    • IoUnregisterFsRegistrationChange
    • IoRegisterFsRegistrationChange
    • _vsnwprintf
    • PsGetVersion
    • ZwAllocateVirtualMemory
    • MmUnmapLockedPages
    • IoFreeMdl
    • MmMapLockedPages
    • MmBuildMdlForNonPagedPool
    • MmCreateMdl
    • ZwReadFile
    • ZwQueryInformationFile
    • IoCreateFile
    • _wcsicmp
    • _wcsnicmp
    • RtlEqualUnicodeString
    • ZwWriteFile
    • ZwFlushKey
    • ZwSetValueKey
    • ZwQueryValueKey
    • RtlRandom
    • KeQuerySystemTime
    • ZwDeleteKey
    • ZwOpenKey
    • ZwEnumerateKey
    • IoFreeIrp
    • KeSetEvent
    • KeWaitForSingleObject
    • KeGetCurrentThread
    • KeInitializeEvent
    • IoAllocateIrp
    • IoGetRelatedDeviceObject
    • ObReferenceObjectByHandle
    • IoFileObjectType
    • ObQueryNameString
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • PsGetProcessPeb
    • RtlCreateUnicodeString
    • ZwDeleteValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • ZwDeleteFile
    • PsRemoveLoadImageNotifyRoutine
    • CmUnRegisterCallback
    • PsSetLoadImageNotifyRoutine
    • CmRegisterCallback
    • ObReferenceObjectByName
    • ZwFreeVirtualMemory
    • ZwWaitForSingleObject
    • KeUnstackDetachProcess
    • KeStackAttachProcess
    • ZwDuplicateObject
    • PsGetProcessSessionId
    • _strnicmp
    • RtlSubAuthoritySid
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • ZwOpenProcessTokenEx
    • PsTerminateSystemThread
    • PsThreadType
    • PsCreateSystemThread
    • KeTickCount
    • KeBugCheckEx
    • _vsnprintf
    • strncmp
    • strchr
    • strncpy
    • strstr
    • ExAllocatePool
    • _stricmp
    • rand
    • ZwCreateFile
    • IoBuildDeviceIoControlRequest
    • MmProbeAndLockPages
    • IoAllocateMdl
    • _allshl
    • RtlUnwind

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Signature": "14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.",
          "TBS": {
            "MD5": "e01323d4e9f20b9c042abdd9585d2d81",
            "SHA1": "d1fab71f563191354037fe0bb8bf73718c721e45",
            "SHA256": "9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14",
            "SHA384": "9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b"
          },
          "ValidFrom": "2014-05-06 00:00:00",
          "ValidTo": "2015-05-06 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611993e400000000001c",
          "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "78a717e082dcc1cda3458d917e677d14",
            "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
            "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
            "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
          },
          "ValidFrom": "2011-02-22 19:25:17",
          "ValidTo": "2021-02-22 19:35:17",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "300f6facdd6698747ca94636a7782db9",
          "Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
          "TBS": {
            "MD5": "63499ed59a1293b786649470e4ce0bd7",
            "SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
            "SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
            "SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
          },
          "ValidFrom": "2019-05-02 00:00:00",
          "ValidTo": "2038-01-18 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0090397f9ad24a3a13f2bd915f0838a943",
          "Signature": "73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3",
          "TBS": {
            "MD5": "26ec2c9bfcb06fdf8a6d95f2c616fd72",
            "SHA1": "635466f1432046f6fd338624c068872ab6488b12",
            "SHA256": "2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839",
            "SHA384": "62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660"
          },
          "ValidFrom": "2022-05-11 00:00:00",
          "ValidTo": "2033-08-10 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:24:09
    MD50bdd51cc33e88b5265dfb7d88c5dc8d6
    SHA16a6fe0d69e0ea34d695c3b525e6db639f9ad6ac5
    SHA256ea50f22daade04d3ca06dedb497b905215cba31aae7b4cab4b533fda0c5be620
    Authentihash MD5207e5de5c589271ee469dd33442a0bb0
    Authentihash SHA134e83718226e039ebf28c4ea2284b011701710d0
    Authentihash SHA256aa833c9e3bcdc33eaf64fd913e80f5b9ce60618f6e3ff4c386420fea4a494380
    RichPEHeaderHash MD5e1c6e942db6887e4c9e630b5bb75c313
    RichPEHeaderHash SHA1e703cd9718363d923287424967d01ca57fc8a842
    RichPEHeaderHash SHA2568afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • IoDetachDevice
    • memcpy
    • memset
    • ZwClose
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • ObOpenObjectByPointer
    • PsProcessType
    • PsLookupProcessByProcessId
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • IofCallDriver
    • PsGetCurrentProcessId
    • IoGetLowerDeviceObject
    • ObfDereferenceObject
    • IoGetAttachedDeviceReference
    • IoUnregisterShutdownNotification
    • KeDelayExecutionThread
    • IoAttachDeviceToDeviceStackSafe
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoRegisterShutdownNotification
    • IoUnregisterFsRegistrationChange
    • IoRegisterFsRegistrationChange
    • _vsnwprintf
    • PsGetVersion
    • ZwAllocateVirtualMemory
    • MmUnmapLockedPages
    • IoFreeMdl
    • MmMapLockedPages
    • MmBuildMdlForNonPagedPool
    • MmCreateMdl
    • ZwReadFile
    • ZwQueryInformationFile
    • IoCreateFile
    • _wcsicmp
    • _wcsnicmp
    • RtlEqualUnicodeString
    • ZwWriteFile
    • ZwFlushKey
    • ZwSetValueKey
    • ZwQueryValueKey
    • RtlRandom
    • KeQuerySystemTime
    • ZwDeleteKey
    • ZwOpenKey
    • ZwEnumerateKey
    • IoFreeIrp
    • KeSetEvent
    • KeWaitForSingleObject
    • KeGetCurrentThread
    • KeInitializeEvent
    • IoAllocateIrp
    • IoGetRelatedDeviceObject
    • ObReferenceObjectByHandle
    • IoFileObjectType
    • ObQueryNameString
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • PsGetProcessPeb
    • RtlCreateUnicodeString
    • ZwDeleteValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • ZwDeleteFile
    • PsRemoveLoadImageNotifyRoutine
    • CmUnRegisterCallback
    • PsSetLoadImageNotifyRoutine
    • CmRegisterCallback
    • ObReferenceObjectByName
    • ZwFreeVirtualMemory
    • ZwWaitForSingleObject
    • KeUnstackDetachProcess
    • KeStackAttachProcess
    • ZwDuplicateObject
    • PsGetProcessSessionId
    • _strnicmp
    • RtlSubAuthoritySid
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • ZwOpenProcessTokenEx
    • PsTerminateSystemThread
    • PsThreadType
    • PsCreateSystemThread
    • KeTickCount
    • KeBugCheckEx
    • _vsnprintf
    • strncmp
    • strchr
    • strncpy
    • strstr
    • ExAllocatePool
    • _stricmp
    • rand
    • ZwCreateFile
    • IoBuildDeviceIoControlRequest
    • MmProbeAndLockPages
    • IoAllocateMdl
    • _allshl
    • RtlUnwind

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Signature": "14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.",
          "TBS": {
            "MD5": "e01323d4e9f20b9c042abdd9585d2d81",
            "SHA1": "d1fab71f563191354037fe0bb8bf73718c721e45",
            "SHA256": "9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14",
            "SHA384": "9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b"
          },
          "ValidFrom": "2014-05-06 00:00:00",
          "ValidTo": "2015-05-06 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611993e400000000001c",
          "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "78a717e082dcc1cda3458d917e677d14",
            "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
            "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
            "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
          },
          "ValidFrom": "2011-02-22 19:25:17",
          "ValidTo": "2021-02-22 19:35:17",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "300f6facdd6698747ca94636a7782db9",
          "Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
          "TBS": {
            "MD5": "63499ed59a1293b786649470e4ce0bd7",
            "SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
            "SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
            "SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
          },
          "ValidFrom": "2019-05-02 00:00:00",
          "ValidTo": "2038-01-18 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0090397f9ad24a3a13f2bd915f0838a943",
          "Signature": "73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3",
          "TBS": {
            "MD5": "26ec2c9bfcb06fdf8a6d95f2c616fd72",
            "SHA1": "635466f1432046f6fd338624c068872ab6488b12",
            "SHA256": "2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839",
            "SHA384": "62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660"
          },
          "ValidFrom": "2022-05-11 00:00:00",
          "ValidTo": "2033-08-10 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:24:09
    MD5b6b530dd25c5eb66499968ec82e8791e
    SHA19c1c9032aa1e33461f35dbf79b6f2d061bfc6774
    SHA256fa9abb3e7e06f857be191a1e049dd37642ec41fb2520c105df2227fcac3de5d5
    Authentihash MD5dbc72430b48b0ca636a84b9e5ed0d534
    Authentihash SHA158ca196bfd54c6166aae0f8000fa8a1a66a0073e
    Authentihash SHA25645b969ae1b381716a29cd509622470b5b20b70c7efe4c9b7c0568faa298605ff
    RichPEHeaderHash MD5e1c6e942db6887e4c9e630b5bb75c313
    RichPEHeaderHash SHA1e703cd9718363d923287424967d01ca57fc8a842
    RichPEHeaderHash SHA2568afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 33000000f3158ea57d1c559f290000000000f3
    FieldValue
    ToBeSigned (TBS) MD58d4476692bcda36ed89244b94bd705f0
    ToBeSigned (TBS) SHA1ce72176d5cad611366e13a9a997ad7ecc7eb815f
    ToBeSigned (TBS) SHA256dd1db9c0e7e50040ac6c586c1b6fd479cef240c064473373f75fbeb3e04ff972
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2023-01-12 19:14:51
    ValidTo2023-12-15 19:14:51
    Signature04d1261b735b38b551b427cf9a295d4eb18edd92de14079aa33a10511ee6d262938b29ae208f96be64a80e2967fb8d7aa5750613901a9da6a82935398175482096430c9acecb55ee2c5468d119f467378c18251a8fe01e9d7b79bce903ccb7afb227e2d0abee00bd9fd6bbbbd67c014888dc46f3efa912d4576f7ca9980957609cd21fbd51815cb11bee95fa780498d905e866bc1a604e407ee0d97a105bcc8e600200b19b9c3a56cb3918047f21ba9ee2228b46b8e5c8b456ba65e6f0c40d28294b654761660e9d14948866c3f0f65f028e47641059d3f195812e871362128bcefb901d5aeace862e3d683b291d65c138138ea1335fe3552f4c46a7f7b0c6e5
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber33000000f3158ea57d1c559f290000000000f3
    Version3
    Certificate 610baac1000000000009
    FieldValue
    ToBeSigned (TBS) MD5a569061297e8e824767dbc3184a69bea
    ToBeSigned (TBS) SHA1adbb26a587a8f44b4fccaecb306f980d1c55a150
    ToBeSigned (TBS) SHA256cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
    ValidFrom2012-04-18 23:48:38
    ValidTo2027-04-18 23:58:38
    Signature5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber610baac1000000000009
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • IoDetachDevice
    • memcpy
    • memset
    • ZwClose
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • ObOpenObjectByPointer
    • PsProcessType
    • PsLookupProcessByProcessId
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • IofCallDriver
    • PsGetCurrentProcessId
    • IoGetLowerDeviceObject
    • ObfDereferenceObject
    • IoGetAttachedDeviceReference
    • IoUnregisterShutdownNotification
    • KeDelayExecutionThread
    • IoAttachDeviceToDeviceStackSafe
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoRegisterShutdownNotification
    • IoUnregisterFsRegistrationChange
    • IoRegisterFsRegistrationChange
    • _vsnwprintf
    • PsGetVersion
    • ZwAllocateVirtualMemory
    • MmUnmapLockedPages
    • IoFreeMdl
    • MmMapLockedPages
    • MmBuildMdlForNonPagedPool
    • MmCreateMdl
    • ZwReadFile
    • ZwQueryInformationFile
    • IoCreateFile
    • _wcsicmp
    • _wcsnicmp
    • RtlEqualUnicodeString
    • ZwWriteFile
    • ZwFlushKey
    • ZwSetValueKey
    • ZwQueryValueKey
    • RtlRandom
    • KeQuerySystemTime
    • ZwDeleteKey
    • ZwOpenKey
    • ZwEnumerateKey
    • IoFreeIrp
    • KeSetEvent
    • KeWaitForSingleObject
    • KeGetCurrentThread
    • KeInitializeEvent
    • IoAllocateIrp
    • IoGetRelatedDeviceObject
    • ObReferenceObjectByHandle
    • IoFileObjectType
    • ObQueryNameString
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • PsGetProcessPeb
    • RtlCreateUnicodeString
    • ZwDeleteValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • ZwDeleteFile
    • PsRemoveLoadImageNotifyRoutine
    • CmUnRegisterCallback
    • PsSetLoadImageNotifyRoutine
    • CmRegisterCallback
    • ObReferenceObjectByName
    • ZwFreeVirtualMemory
    • ZwWaitForSingleObject
    • KeUnstackDetachProcess
    • KeStackAttachProcess
    • ZwDuplicateObject
    • PsGetProcessSessionId
    • _strnicmp
    • RtlSubAuthoritySid
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • ZwOpenProcessTokenEx
    • PsTerminateSystemThread
    • PsThreadType
    • PsCreateSystemThread
    • KeTickCount
    • KeBugCheckEx
    • _vsnprintf
    • strncmp
    • strchr
    • strncpy
    • strstr
    • ExAllocatePool
    • _stricmp
    • rand
    • ZwCreateFile
    • IoBuildDeviceIoControlRequest
    • MmProbeAndLockPages
    • IoAllocateMdl
    • _allshl
    • RtlUnwind

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Signature": "14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.",
          "TBS": {
            "MD5": "e01323d4e9f20b9c042abdd9585d2d81",
            "SHA1": "d1fab71f563191354037fe0bb8bf73718c721e45",
            "SHA256": "9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14",
            "SHA384": "9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b"
          },
          "ValidFrom": "2014-05-06 00:00:00",
          "ValidTo": "2015-05-06 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611993e400000000001c",
          "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "78a717e082dcc1cda3458d917e677d14",
            "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
            "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
            "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
          },
          "ValidFrom": "2011-02-22 19:25:17",
          "ValidTo": "2021-02-22 19:35:17",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "300f6facdd6698747ca94636a7782db9",
          "Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
          "TBS": {
            "MD5": "63499ed59a1293b786649470e4ce0bd7",
            "SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
            "SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
            "SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
          },
          "ValidFrom": "2019-05-02 00:00:00",
          "ValidTo": "2038-01-18 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0090397f9ad24a3a13f2bd915f0838a943",
          "Signature": "73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3",
          "TBS": {
            "MD5": "26ec2c9bfcb06fdf8a6d95f2c616fd72",
            "SHA1": "635466f1432046f6fd338624c068872ab6488b12",
            "SHA256": "2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839",
            "SHA384": "62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660"
          },
          "ValidFrom": "2022-05-11 00:00:00",
          "ValidTo": "2033-08-10 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:23:58
    MD577a7ed4798d02ef6636cd0fd07fc382a
    SHA176789196eebfd4203f477a5a6c75eefc12d9a837
    SHA256f936ec4c8164cbd31add659b61c16cb3a717eac90e74d89c47afb96b60120280
    Authentihash MD5ff65997d5644ff042a7e3a5cb9030af2
    Authentihash SHA1a1c5483d4d29d0cd9edc6e42a21d70f56de12aaf
    Authentihash SHA2569be868eb7e177ee6d762f2a022acf18b6b190fecbe445b3c09fc0494e8244ee8
    RichPEHeaderHash MD50b8725117e665d5272218cb41038327d
    RichPEHeaderHash SHA1a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
    RichPEHeaderHash SHA256b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • PsProcessType
    • IoGetLowerDeviceObject
    • ExFreePoolWithTag
    • IoRegisterShutdownNotification
    • IoAttachDeviceToDeviceStackSafe
    • PsLookupProcessByProcessId
    • RtlInitUnicodeString
    • IoDeleteDevice
    • MmGetSystemRoutineAddress
    • IoDetachDevice
    • KeDelayExecutionThread
    • IoUnregisterShutdownNotification
    • ZwClose
    • IoGetAttachedDeviceReference
    • PsGetCurrentProcessId
    • ObfDereferenceObject
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoUnregisterFsRegistrationChange
    • ObOpenObjectByPointer
    • IoRegisterFsRegistrationChange
    • IofCallDriver
    • MmUnmapLockedPages
    • _wcsicmp
    • PsGetProcessPeb
    • ZwCreateKey
    • RtlCreateUnicodeString
    • MmMapLockedPages
    • PsSetLoadImageNotifyRoutine
    • _wcsnicmp
    • ZwReadFile
    • IoGetRelatedDeviceObject
    • KeSetEvent
    • IoCreateFile
    • KeInitializeEvent
    • ZwDeleteValueKey
    • ZwSetValueKey
    • RtlEqualUnicodeString
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • RtlFreeUnicodeString
    • ObQueryNameString
    • IoFileObjectType
    • ZwQueryValueKey
    • _vsnwprintf
    • RtlRandom
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • ZwFlushKey
    • MmCreateMdl
    • IoFreeIrp
    • ZwDeleteFile
    • PsGetVersion
    • IoAllocateIrp
    • CmRegisterCallback
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • CmUnRegisterCallback
    • ZwQueryInformationFile
    • ZwWriteFile
    • ZwDeleteKey
    • ZwEnumerateKey
    • ZwAllocateVirtualMemory
    • ZwOpenKey
    • KeUnstackDetachProcess
    • ZwWaitForSingleObject
    • ZwFreeVirtualMemory
    • PsGetProcessSessionId
    • ZwDuplicateObject
    • ObReferenceObjectByName
    • KeStackAttachProcess
    • RtlSubAuthoritySid
    • _strnicmp
    • ZwOpenProcessTokenEx
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • PsThreadType
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • KeBugCheckEx
    • strncmp
    • strstr
    • strchr
    • strncpy
    • _vsnprintf
    • rand
    • _stricmp
    • ExAllocatePool
    • IoBuildDeviceIoControlRequest
    • ZwCreateFile
    • MmProbeAndLockPages
    • IoAllocateMdl
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Signature": "14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.",
          "TBS": {
            "MD5": "e01323d4e9f20b9c042abdd9585d2d81",
            "SHA1": "d1fab71f563191354037fe0bb8bf73718c721e45",
            "SHA256": "9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14",
            "SHA384": "9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b"
          },
          "ValidFrom": "2014-05-06 00:00:00",
          "ValidTo": "2015-05-06 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611993e400000000001c",
          "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "78a717e082dcc1cda3458d917e677d14",
            "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
            "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
            "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
          },
          "ValidFrom": "2011-02-22 19:25:17",
          "ValidTo": "2021-02-22 19:35:17",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "300f6facdd6698747ca94636a7782db9",
          "Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
          "TBS": {
            "MD5": "63499ed59a1293b786649470e4ce0bd7",
            "SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
            "SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
            "SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
          },
          "ValidFrom": "2019-05-02 00:00:00",
          "ValidTo": "2038-01-18 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0090397f9ad24a3a13f2bd915f0838a943",
          "Signature": "73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
          "Subject": "C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3",
          "TBS": {
            "MD5": "26ec2c9bfcb06fdf8a6d95f2c616fd72",
            "SHA1": "635466f1432046f6fd338624c068872ab6488b12",
            "SHA256": "2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839",
            "SHA384": "62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660"
          },
          "ValidFrom": "2022-05-11 00:00:00",
          "ValidTo": "2033-08-10 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "5f9e06262d2eed425c886a4709350426",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    source

    last_updated: 2024-03-28