filenameProcmon.exe
size2046608 (0x1f3a90)
md5db6a5b5cc0f337f3323c88a115a38fac
typePE32 executable (GUI) Intel 80386, for MS Windows
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0x118

Rich Header

lib idversiontimes used
2232100526
22421005152
2252100559
225208065
131307294
1990492
132307291
10448
1473072929
224311011
2253110139
219210051
222311011

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x14c
NumberOfSections5
TimeDateStamp0x5563c057
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x102
Magic0x10b
LinkerVersion12.0
SizeOfCode0x8ac00
SizeOfInitializedData0x167000
SizeOfUninitializedData0
AddressOfEntryPoint0x71f24
BaseOfCode0x1000
BaseOfData0x8c000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion5.1
ImageVersion0.0
SubsystemVersion5.1
Reserved10
SizeOfImage0x1fc000
SizeOfHeaders0x400
CheckSum0x1fbd80
Subsystem2
DllCharacteristics0x8140
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

MS Visual C++ v6.0 DLL

Sections

namevavsizeraw sizeflags
.text0x10000x8aafd0x8ac00R-X CODE
.rdata0x8c0000x26b940x26c00R-- IDATA
.data0xb30000x96e40x1a00RW- IDATA
.rsrc0xbd0000x135a340x135c00R-- IDATA
.reloc0x1f30000x8d900x8e00R-- IDATA DISCARDABLE

Data Directory

typevasize
EXPORT00
IMPORT0xb07940x12c
RESOURCE0xbd0000x135a34
EXCEPTION00
SECURITY0x1f20000x1a90
BASERELOC0x1f30000x8d90
DEBUG0x8c8000x38
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG0xa76800x40
Bound_IAT00
IAT0x8c0000x6f8
Delay_IAT00
CLR_Header00
typenamesizecp
BINRESRCDRIVERNT652161252
BINRES#130811270561252
CURSOR#233081252
CURSOR#243081252
BITMAP#40027441252
ICON#137521252
ICON#222161252
ICON#313841252
ICON#496401252
ICON#542641252
ICON#611281252
ICON#72961252
ICON#82961252
ICON#92961252
ICON#102961252
ICON#112961252
ICON#122961252
ICON#132961252
ICON#1413841252
ICON#152961252
ICON#162961252
ICON#1713841252
ICON#182961252
ICON#198721252
ICON#202961252
ICON#212961252
ICON#222961252
MENUCONTEXT_HEADER741252
MENUCONTEXT_PROCESSTREE2201252
MENUMAIN_MENU24641252
MENU#400751221252
DIALOGABOUTBOX5041252
DIALOGBACKINGFILE10921252
DIALOGBOOTLOG_OPTIONS6961252
DIALOGCOLUMNCHOOSER19981252
DIALOGCROSS_REFERENCE_SUMMARY5161252
DIALOGDEVICE_PATH8161252
DIALOGDISCONNECTING2901252
DIALOGFILE_SUMMARY4181252
DIALOGFILE_VIEWER1201252
DIALOGFILTER3881252
DIALOGFILTER_CONTROL4301252
DIALOGFILTER_INIT5481252
DIALOGHIGHLIGHT4601252
DIALOGHISTORY_DEPTH5241252
DIALOGMODULE_PROPERTIES6321252
DIALOGNETWORK_SUMMARY4421252
DIALOGOCCURRENCES6041252
DIALOGORGANIZE_FILTERS3661252
DIALOGPROCESS_SUMMARY9161252
DIALOGPROCESS_TIMELINE15161252
DIALOGPROCESS_TREE13201252
DIALOGPROFILING_OPTIONS7001252
DIALOGPROGRESS2461252
DIALOGPROPERTIES3801252
DIALOGPROP_EVENT6841252
DIALOGPROP_PROCESS14661252
DIALOGPROP_STACKTRACE3941252
DIALOGREGISTRY_SUMMARY4461252
DIALOGSAVE12341252
DIALOGSAVE_FILTER2921252
DIALOGSELECTHIGHLIGHTCOLORS13041252
DIALOGSTACK_SUMMARY4781252
DIALOGSYMBOLCONFIG15181252
DIALOGSYMBOLCONFIGWARNING7121252
DIALOGSYMBOLDBGHELPGWARNING9121252
DIALOGSYSTEM_DETAILS8041252
DIALOGUNIQUE5241252
DIALOGUSAGE34101252
STRING#25011121252
STRING#25022201252
STRING#25033721252
STRING#25042201252
STRING#25052961252
STRING#25062181252
STRING#2511621252
ACCELERATORSACCELERATORS2241252
GROUP_CURSORSPLITTER_CURSOR201252
GROUP_CURSOR#121201252
GROUP_ICON#101901252
GROUP_ICON#106201252
GROUP_ICON#107201252
GROUP_ICON#110201252
GROUP_ICON#113201252
GROUP_ICON#119201252
GROUP_ICON#120341252
GROUP_ICON#127201252
GROUP_ICON#128201252
GROUP_ICON#129201252
GROUP_ICON#130201252
GROUP_ICON#131201252
GROUP_ICON#203201252
GROUP_ICON#204201252
GROUP_ICON#205341252
VERSION#17921252
MANIFEST#16521252
idlangstring
400051033Save (Ctrl+S)
400061033High Resolution Date & Time
400181033Capture (Ctrl+E)
400191033Autoscroll (Ctrl+A)
400201033Clear (Ctrl+X)
400211033Show Process Tree
400231033Filter (Ctrl+L)
400241033Find (Ctrl+F)
400361033Open
400411033Show File System Activity
400421033Show Registry Activity
400431033Show Network Activity
400441033Show Process and Thread Activity
400451033Highlight (Ctrl+H)
400461033Show Profiling Events
400471033Include Process From Window
400511033Jump to Object (Ctrl+J)
400521033Date & Time
400531033Process Name
400541033PID
400551033Operation
400561033Result
400571033Detail
400581033Sequence
400591033Object Reference
400641033Company
400651033Description
400661033Command Line
400671033User
400681033Image Path
400691033Session
400701033Event Complete
400711033Path
400721033TID
400731033Image Load
400741033Frame
400751033Address
400761033Relative Time
400771033Duration
400781033Time of Day
400791033Module
400801033Location
400811033Version
400821033Event Class
400831033Authentication ID
400841033Virtualized
400851033Integrity
400861033Category
400871033Parent PID
400881033Architecture
401641033Completion Time
module_namehintordfunction_name
WS2_32.dll3
WS2_32.dll13
WS2_32.dll16
WS2_32.dll2
WS2_32.dll1
WS2_32.dll6
WS2_32.dll4
WS2_32.dll12
WS2_32.dll112
WS2_32.dll55
WS2_32.dll56
WS2_32.dll51
WS2_32.dll9
WS2_32.dll11
WS2_32.dll8
WS2_32.dll115
WS2_32.dll15
WS2_32.dll111
WS2_32.dll52
WS2_32.dll23
WS2_32.dll19
VERSION.dll5GetFileVersionInfoSizeW
VERSION.dll14VerQueryValueW
VERSION.dll6GetFileVersionInfoW
NETAPI32.dll101NetApiBufferFree
NETAPI32.dll264NetWkstaGetInfo
COMCTL32.dll123InitCommonControlsEx
COMCTL32.dll84ImageList_Destroy
COMCTL32.dll91ImageList_DrawEx
COMCTL32.dll17
COMCTL32.dll83ImageList_Create
COMCTL32.dll111ImageList_ReplaceIcon
COMCTL32.dll113ImageList_SetBkColor
COMCTL32.dll77ImageList_Add
COMCTL32.dll119ImageList_SetOverlayImage
COMCTL32.dll98ImageList_GetIcon
COMCTL32.dll99ImageList_GetIconSize
COMCTL32.dll14CreateToolbarEx
COMCTL32.dll12CreateStatusWindowW
FLTLIB.DLL19FilterReplyMessage
FLTLIB.DLL11FilterGetMessage
FLTLIB.DLL3FilterConnectCommunicationPort
FLTLIB.DLL20FilterSendMessage
KERNEL32.dll709GlobalUnlock
KERNEL32.dll100CompareStringW
KERNEL32.dll518GetLocaleInfoW
KERNEL32.dll1230TryEnterCriticalSection
KERNEL32.dll496GetFileSize
KERNEL32.dll1107SetEndOfFile
KERNEL32.dll1126SetFilePointer
KERNEL32.dll855MapViewOfFile
KERNEL32.dll1238UnmapViewOfFile
KERNEL32.dll140CreateFileMappingW
KERNEL32.dll143CreateFileW
KERNEL32.dll674GetVersion
KERNEL32.dll1317WriteFile
KERNEL32.dll960ReadFile
KERNEL32.dll1213SystemTimeToFileTime
KERNEL32.dll292FileTimeToLocalFileTime
KERNEL32.dll838LocalFileTimeToFileTime
KERNEL32.dll293FileTimeToSystemTime
KERNEL32.dll350FormatMessageW
KERNEL32.dll663GetTimeFormatW
KERNEL32.dll456GetDateFormatW
KERNEL32.dll563GetNumberFormatW
KERNEL32.dll717HeapCreate
KERNEL32.dll718HeapDestroy
KERNEL32.dll715HeapAlloc
KERNEL32.dll719HeapFree
KERNEL32.dll724HeapSize
KERNEL32.dll702GlobalLock
KERNEL32.dll452GetCurrentThread
KERNEL32.dll1177SetThreadPriority
KERNEL32.dll1113SetEvent
KERNEL32.dll1039ResetEvent
KERNEL32.dll1022ReleaseSemaphore
KERNEL32.dll1271WaitForMultipleObjects
KERNEL32.dll133CreateEventW
KERNEL32.dll174CreateSemaphoreW
KERNEL32.dll396GetComputerNameA
KERNEL32.dll935QueryPerformanceCounter
KERNEL32.dll936QueryPerformanceFrequency
KERNEL32.dll1155SetProcessShutdownParameters
KERNEL32.dll487GetFileAttributesExW
KERNEL32.dll399GetComputerNameW
KERNEL32.dll1069SetConsoleCtrlHandler
KERNEL32.dll449GetCurrentProcessId
KERNEL32.dll901OpenThread
KERNEL32.dll646GetThreadContext
KERNEL32.dll828LoadLibraryA
KERNEL32.dll623GetSystemDirectoryA
KERNEL32.dll302FindClose
KERNEL32.dll313FindFirstFileW
KERNEL32.dll325FindNextFileW
KERNEL32.dll476GetEnvironmentVariableW
KERNEL32.dll1111SetEnvironmentVariableW
KERNEL32.dll284ExpandEnvironmentStringsA
KERNEL32.dll778IsValidCodePage
KERNEL32.dll390GetCommandLineA
KERNEL32.dll453GetCurrentThreadId
KERNEL32.dll282ExitThread
KERNEL32.dll772IsProcessorFeaturePresent
KERNEL32.dll768IsDebuggerPresent
KERNEL32.dll722HeapReAlloc
KERNEL32.dll202DecodePointer
KERNEL32.dll234EncodePointer
KERNEL32.dll1048RtlUnwind
KERNEL32.dll945RaiseException
KERNEL32.dll1297WideCharToMultiByte
KERNEL32.dll871MultiByteToWideChar
KERNEL32.dll1357lstrlenA
KERNEL32.dll691GlobalAlloc
KERNEL32.dll168CreateProcessW
KERNEL32.dll896OpenProcess
KERNEL32.dll258EnumResourceNamesW
KERNEL32.dll830LoadLibraryExW
KERNEL32.dll676GetVersionExW
KERNEL32.dll490GetFileAttributesW
KERNEL32.dll507GetFullPathNameW
KERNEL32.dll627GetSystemInfo
KERNEL32.dll1260VirtualFree
KERNEL32.dll704GlobalMemoryStatusEx
KERNEL32.dll214DeleteFileW
KERNEL32.dll1121SetFileAttributesW
KERNEL32.dll447GetCurrentDirectoryW
KERNEL32.dll624GetSystemDirectoryW
KERNEL32.dll334FindResourceW
KERNEL32.dll285ExpandEnvironmentStringsW
KERNEL32.dll535GetModuleHandleExW
KERNEL32.dll586GetProcessHeap
KERNEL32.dll612GetStdHandle
KERNEL32.dll410GetConsoleCP
KERNEL32.dll428GetConsoleMode
KERNEL32.dll617GetStringTypeW
KERNEL32.dll1201SizeofResource
KERNEL32.dll833LoadResource
KERNEL32.dll1139SetLastError
KERNEL32.dll514GetLastError
KERNEL32.dll448GetCurrentProcess
KERNEL32.dll852LockResource
KERNEL32.dll1257VirtualAlloc
KERNEL32.dll209DeleteCriticalSection
KERNEL32.dll738InitializeCriticalSection
KERNEL32.dll633GetSystemTimeAsFileTime
KERNEL32.dll82CloseHandle
KERNEL32.dll1202Sleep
KERNEL32.dll1273WaitForSingleObject
KERNEL32.dll825LeaveCriticalSection
KERNEL32.dll238EnterCriticalSection
KERNEL32.dll181CreateThread
KERNEL32.dll532GetModuleFileNameW
KERNEL32.dll391GetCommandLineW
KERNEL32.dll840LocalFree
KERNEL32.dll836LocalAlloc
KERNEL32.dll690GlobalAddAtomW
KERNEL32.dll536GetModuleHandleW
KERNEL32.dll831LoadLibraryW
KERNEL32.dll659GetTickCount
KERNEL32.dll870MulDiv
KERNEL32.dll581GetProcAddress
KERNEL32.dll354FreeLibrary
KERNEL32.dll747InterlockedDecrement
KERNEL32.dll751InterlockedIncrement
KERNEL32.dll360GetACP
KERNEL32.dll567GetOEMCP
KERNEL32.dll499GetFileType
KERNEL32.dll611GetStartupInfoW
KERNEL32.dll1235UnhandledExceptionFilter
KERNEL32.dll1189SetUnhandledExceptionFilter
KERNEL32.dll739InitializeCriticalSectionAndSpinCount
KERNEL32.dll1216TerminateProcess
KERNEL32.dll1221TlsAlloc
KERNEL32.dll1223TlsGetValue
KERNEL32.dll1224TlsSetValue
KERNEL32.dll1222TlsFree
KERNEL32.dll531GetModuleFileNameA
KERNEL32.dll474GetEnvironmentStringsW
KERNEL32.dll353FreeEnvironmentStringsW
KERNEL32.dll813LCMapStringW
KERNEL32.dll1127SetFilePointerEx
KERNEL32.dll906OutputDebugStringW
KERNEL32.dll1159SetStdHandle
KERNEL32.dll343FlushFileBuffers
KERNEL32.dll1316WriteConsoleW
KERNEL32.dll958ReadConsoleW
KERNEL32.dll281ExitProcess
KERNEL32.dll370GetCPInfo
USER32.dll223EnumChildWindows
USER32.dll274GetClassNameW
USER32.dll487LoadBitmapW
USER32.dll461IsDialogMessageW
USER32.dll402GetWindowDC
USER32.dll812WindowFromPoint
USER32.dll214EnableMenuItem
USER32.dll63CheckMenuItem
USER32.dll164DestroyMenu
USER32.dll107CreatePopupMenu
USER32.dll331GetMenu
USER32.dll503LoadMenuW
USER32.dll762TranslateAcceleratorW
USER32.dll485LoadAcceleratorsW
USER32.dll476IsWindowEnabled
USER32.dll483KillTimer
USER32.dll65CheckRadioButton
USER32.dll298GetDlgItemTextW
USER32.dll296GetDlgItemInt
USER32.dll654SetDlgItemInt
USER32.dll99CreateDialogParamW
USER32.dll482IsZoomed
USER32.dll480IsWindowVisible
USER32.dll217EndDeferWindowPos
USER32.dll157DeferWindowPos
USER32.dll13BeginDeferWindowPos
USER32.dll709SetWindowPlacement
USER32.dll411GetWindowPlacement
USER32.dll252FlashWindowEx
USER32.dll590RegisterClassW
USER32.dll567PostQuitMessage
USER32.dll175DispatchMessageW
USER32.dll764TranslateMessage
USER32.dll349GetMessageW
USER32.dll198DrawFrameControl
USER32.dll611RegisterWindowMessageW
USER32.dll398GetWindow
USER32.dll256GetActiveWindow
USER32.dll495LoadImageW
USER32.dll71ClientToScreen
USER32.dll213EmptyClipboard
USER32.dll646SetClipboardData
USER32.dll73CloseClipboard
USER32.dll550OpenClipboard
USER32.dll420GetWindowThreadProcessId
USER32.dll249FindWindowExW
USER32.dll250FindWindowW
USER32.dll659SetForegroundWindow
USER32.dll465IsIconic
USER32.dll806WaitForInputIdle
USER32.dll102CreateIconFromResourceEx
USER32.dll576PtInRect
USER32.dll243EqualRect
USER32.dll536MonitorFromPoint
USER32.dll307GetIconInfo
USER32.dll200DrawIconEx
USER32.dll163DestroyIcon
USER32.dll493LoadIconW
USER32.dll644SetClassLongW
USER32.dll253FrameRect
USER32.dll337GetMenuItemCount
USER32.dll462IsDlgButtonChecked
USER32.dll166DestroyWindow
USER32.dll566PostMessageW
USER32.dll506LoadStringW
USER32.dll533MessageBoxW
USER32.dll260GetAncestor
USER32.dll291GetDesktopWindow
USER32.dll216EnableWindow
USER32.dll172DialogBoxParamW
USER32.dll67ChildWindowFromPoint
USER32.dll419GetWindowTextW
USER32.dll656SetDlgItemTextW
USER32.dll539MoveWindow
USER32.dll715SetWindowTextW
USER32.dll295GetDlgItem
USER32.dll218EndDialog
USER32.dll170DialogBoxIndirectParamW
USER32.dll373GetScrollInfo
USER32.dll688SetScrollInfo
USER32.dll491LoadCursorW
USER32.dll356GetParent
USER32.dll272GetClassLongW
USER32.dll769UnionRect
USER32.dll621ScreenToClient
USER32.dll525MessageBeep
USER32.dll714SetWindowTextA
USER32.dll639SetActiveWindow
USER32.dll670SetMenuDefaultItem
USER32.dll340GetMenuItemInfoW
USER32.dll441InsertMenuItemW
USER32.dll671SetMenuInfo
USER32.dll758TrackPopupMenu
USER32.dll158DeleteMenu
USER32.dll708SetWindowLongW
USER32.dll406GetWindowLongW
USER32.dll549OffsetRect
USER32.dll445IntersectRect
USER32.dll437InflateRect
USER32.dll246FillRect
USER32.dll380GetSysColorBrush
USER32.dll379GetSysColor
USER32.dll521MapWindowPoints
USER32.dll288GetCursorPos
USER32.dll648SetCursor
USER32.dll412GetWindowRect
USER32.dll276GetClientRect
USER32.dll363GetPropW
USER32.dll685SetPropW
USER32.dll625ScrollWindowEx
USER32.dll796ValidateRect
USER32.dll446InvalidateRect
USER32.dll392GetUpdateRgn
USER32.dll391GetUpdateRect
USER32.dll220EndPaint
USER32.dll14BeginPaint
USER32.dll613ReleaseDC
USER32.dll289GetDC
USER32.dll785UpdateWindow
USER32.dll351GetMonitorInfoW
USER32.dll442InsertMenuW
USER32.dll208DrawTextW
USER32.dll382GetSystemMetrics
USER32.dll699SetTimer
USER32.dll612ReleaseCapture
USER32.dll640SetCapture
USER32.dll264GetCapture
USER32.dll317GetKeyState
USER32.dll300GetFocus
USER32.dll658SetFocus
USER32.dll710SetWindowPos
USER32.dll735ShowWindow
USER32.dll110CreateWindowExW
USER32.dll589RegisterClassExW
USER32.dll30CallWindowProcW
USER32.dll156DefWindowProcW
USER32.dll636SendMessageW
USER32.dll285GetCursor
USER32.dll378GetSubMenu
USER32.dll62CheckDlgButton
GDI32.dll79CreateRectRgn
GDI32.dll80CreateRectRgnIndirect
GDI32.dll239EndDoc
GDI32.dll75CreatePen
GDI32.dll671SetROP2
GDI32.dll624SaveDC
GDI32.dll617RestoreDC
GDI32.dll607Rectangle
GDI32.dll373GdiFlush
GDI32.dll667SetPixel
GDI32.dll516GetPixel
GDI32.dll65CreateFontW
GDI32.dll598Polygon
GDI32.dll570MoveToEx
GDI32.dll566LineTo
GDI32.dll423GetBitmapBits
GDI32.dll509GetObjectW
GDI32.dll64CreateFontIndirectW
GDI32.dll242EndPage
GDI32.dll48CreateCompatibleDC
GDI32.dll47CreateCompatibleBitmap
GDI32.dll19BitBlt
GDI32.dll688StartDocW
GDI32.dll660SetMapMode
GDI32.dll599Polyline
GDI32.dll550GetTextMetricsW
GDI32.dll678SetTextColor
GDI32.dll639SetBkMode
GDI32.dll638SetBkColor
GDI32.dll631SelectObject
GDI32.dll629SelectClipRgn
GDI32.dll605RectInRegion
GDI32.dll525GetStockObject
GDI32.dll459GetDeviceCaps
GDI32.dll426GetBkMode
GDI32.dll425GetBkColor
GDI32.dll230DeleteObject
GDI32.dll227DeleteDC
GDI32.dll84CreateSolidBrush
GDI32.dll690StartPage
COMDLG32.dll14GetSaveFileNameW
COMDLG32.dll12GetOpenFileNameW
COMDLG32.dll1ChooseColorW
COMDLG32.dll8FindTextW
COMDLG32.dll3ChooseFontW
COMDLG32.dll21PrintDlgW
ADVAPI32.dll608RegOpenKeyExA
ADVAPI32.dll621RegQueryValueExA
ADVAPI32.dll594RegEnumValueW
ADVAPI32.dll116ConvertStringSidToSidW
ADVAPI32.dll108ConvertSidToStringSidW
ADVAPI32.dll639RegSetValueW
ADVAPI32.dll609RegOpenKeyExW
ADVAPI32.dll592RegEnumKeyW
ADVAPI32.dll569RegCreateKeyExW
ADVAPI32.dll401LookupAccountSidW
ADVAPI32.dll483MapGenericMask
ADVAPI32.dll310GetLengthSid
ADVAPI32.dll288FreeSid
ADVAPI32.dll32AllocateAndInitializeSid
ADVAPI32.dll263EqualSid
ADVAPI32.dll346GetTokenInformation
ADVAPI32.dll612RegOpenKeyW
ADVAPI32.dll584RegDeleteValueW
ADVAPI32.dll580RegDeleteKeyW
ADVAPI32.dll407LookupPrivilegeValueW
ADVAPI32.dll31AdjustTokenPrivileges
ADVAPI32.dll503OpenProcessToken
ADVAPI32.dll572RegCreateKeyW
ADVAPI32.dll560RegCloseKey
ADVAPI32.dll638RegSetValueExW
ADVAPI32.dll622RegQueryValueExW
SHELL32.dll123SHBrowseForFolderW
SHELL32.dll215SHGetPathFromIDListW
SHELL32.dll6CommandLineToArgvW
SHELL32.dll31DragQueryFileW
SHELL32.dll127SHChangeNotify
SHELL32.dll290ShellExecuteW
SHELL32.dll223SHGetSpecialFolderLocation
SHELL32.dll207SHGetMalloc
SHELL32.dll289ShellExecuteExW
SHELL32.dll189SHGetFileInfoW
ole32.dll99CoSetProxyBlanket
ole32.dll16CoCreateInstance
ole32.dll121CreateBindCtx
ole32.dll306OleInitialize
ole32.dll343RegisterDragDrop
ole32.dll344ReleaseStgMedium
ole32.dll62CoInitialize
OLEAUT32.dll16
OLEAUT32.dll19
OLEAUT32.dll20
OLEAUT32.dll23
OLEAUT32.dll24
OLEAUT32.dll25
OLEAUT32.dll7
OLEAUT32.dll9
OLEAUT32.dll12
OLEAUT32.dll150
OLEAUT32.dll185
OLEAUT32.dll4
OLEAUT32.dll6
OLEAUT32.dll2
OLEAUT32.dll8
SHLWAPI.dll164SHAutoComplete

StringTable 040904b0

CompanyNameSysinternals - www.sysinternals.com
FileDescriptionProcess Monitor
FileVersion3.20
InternalNameProcmon
LegalCopyrightCopyright © 1996-2015 Mark Russinovich
OriginalFilenameProcmon.exe
ProductNameSysinternals Procmon
ProductVersion3.20

VS_FIXEDFILEINFO

FileVersion3.20.0.0
ProductVersion3.20.0.0
StrucVersion0x10000
FileFlagsMask0x3f
FileFlags0
FileOS0x40004
FileType1
FileSubtype0

Signers (1)

issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA
serial: 33000000CA6CD5321235C4E1550001000000CA

Certificates (4)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time-Stamp PCA
        Validity
            Not Before: Mar 20 17:32:03 2015 GMT
            Not After : Jun 20 17:32:03 2016 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, OU=nCipher DSE ESN:B8EC-30A4-7144, CN=Microsoft Time-Stamp Service
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:91:bd:b2:88:fd:14:6f:21:36:28:03:66:33:
                    3a:66:08:fb:5b:4b:a4:ab:a0:28:34:4a:43:32:08:
                    c0:86:e5:c9:3d:d5:25:bc:7b:3e:62:87:d6:7d:ef:
                    0f:74:53:a3:f1:91:63:88:74:7f:e8:24:cd:03:50:
                    c5:f1:ca:00:16:7b:a5:39:b0:06:1c:3c:44:7e:f9:
                    eb:c4:b2:81:bc:17:23:ba:fd:65:38:19:85:7f:ca:
                    a0:29:fd:f6:3a:c0:0b:2f:68:f4:e0:34:4e:7d:6f:
                    17:c0:6e:99:aa:fa:7f:61:25:d1:26:70:d2:74:7d:
                    df:61:73:5c:ce:54:2a:39:51:03:33:09:f8:50:ad:
                    78:c7:89:08:b6:d4:85:2a:3f:d7:d8:1f:51:ea:ef:
                    fc:68:5e:b5:c1:e7:07:68:32:8d:2f:72:51:fe:03:
                    31:47:51:c5:d2:eb:72:07:af:20:95:f8:da:6a:f8:
                    77:67:e4:60:9a:70:4c:ab:45:cb:7e:08:af:e5:81:
                    d4:57:cf:3a:cc:13:75:9d:26:cd:a0:a2:69:50:bc:
                    3a:88:94:df:b0:54:38:de:89:39:cd:86:32:a5:90:
                    0f:7e:bf:ed:cc:94:25:a6:41:86:61:26:c7:dd:37:
                    7e:5c:0d:e8:17:ca:37:7f:e8:24:b6:4e:b4:f8:1b:
                    23:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                F8:FD:23:87:05:94:80:56:CD:33:A5:41:C2:6C:CC:08:36:C8:B2:A2
            X509v3 Authority Key Identifier: 
                keyid:23:34:F8:D9:52:46:70:0A:ED:40:FB:76:FB:B3:2B:B0:C3:35:B3:0F

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl

            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt

            X509v3 Extended Key Usage: 
                Time Stamping
    Signature Algorithm: sha1WithRSAEncryption
         2d:04:b4:ca:29:0b:59:fc:2e:ea:a0:af:4c:4e:68:04:f8:92:
         ed:29:c2:66:cc:6b:70:c9:87:e8:be:87:fc:5d:f4:dd:4f:a5:
         1a:6f:78:97:ad:6b:05:38:51:41:72:9d:39:e4:1a:1b:c3:6d:
         71:fc:70:b6:d3:cc:b6:90:58:04:28:3f:d6:1e:ef:83:b3:14:
         18:0c:95:0b:f7:a5:11:13:98:c6:85:56:5e:ee:33:b4:0c:37:
         b5:80:ea:f5:12:68:d9:2e:7b:86:08:72:3b:14:7b:d4:d9:d0:
         16:4f:c0:2f:0b:1f:2d:ca:e5:1b:d0:ae:e9:84:b0:8f:0b:5d:
         73:b8:16:81:40:23:58:2c:ea:61:aa:fe:bd:7f:d3:8d:5a:70:
         fc:79:cd:66:96:65:63:b5:05:12:76:e2:2a:3b:2b:ed:82:ac:
         9a:ec:27:41:a7:97:0e:23:16:9f:41:c8:4e:6d:53:11:40:04:
         cc:60:99:da:98:ec:2b:ae:97:fb:e0:7d:f5:ba:8b:00:f4:25:
         17:7f:62:7a:bb:51:57:c1:f0:f0:cd:9c:1b:61:73:ad:95:8c:
         2b:76:22:a8:ab:70:38:b4:01:28:7d:66:42:53:de:9f:f4:07:
         7c:5a:30:0e:82:03:59:f6:84:86:b9:15:25:62:b0:0b:d2:cf:
         f1:db:96:45
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA
        Validity
            Not Before: Apr 22 17:39:00 2014 GMT
            Not After : Jul 22 17:39:00 2015 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Corporation
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:71:5d:ed:06:46:fa:84:cb:9d:5b:b7:46:c7:
                    b0:e1:b4:11:39:03:ad:b1:15:73:60:9c:eb:a7:b6:
                    6e:1a:3c:3f:ff:65:e3:34:f1:a6:a5:21:5e:56:99:
                    6c:58:e4:92:a1:0a:5c:c2:d3:dc:52:2f:0c:65:9a:
                    20:61:40:53:31:9c:6c:8f:21:7d:ba:f9:fe:13:50:
                    52:60:95:3a:5b:b9:58:a5:74:61:41:a9:94:e0:ad:
                    26:4e:4c:a1:97:70:49:27:5e:7c:67:ca:4f:1e:71:
                    84:46:bc:1d:4b:b6:e2:0f:c5:c6:27:c9:07:e6:7a:
                    0a:a5:17:00:19:4c:70:45:38:2d:81:b4:50:aa:c5:
                    67:d1:fa:79:bc:c5:cc:a1:72:9b:f4:25:34:98:f8:
                    54:df:12:39:38:12:2f:a4:6b:a5:9a:7e:c7:62:d1:
                    dc:cf:ed:3d:34:f8:b9:df:35:30:ba:ec:79:32:a9:
                    e1:a9:ac:55:4d:4c:7f:4c:56:c3:13:0b:76:f1:07:
                    f9:cc:47:ac:fb:88:d5:52:a5:1e:28:fa:3d:2d:cf:
                    cf:84:98:86:71:65:11:cf:85:c9:09:44:86:e1:6f:
                    e7:b1:fc:ac:40:44:a5:a9:8b:23:3f:82:49:9d:d5:
                    96:59:50:13:59:18:73:ff:43:0c:ad:2b:d4:7f:30:
                    40:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                Code Signing
            X509v3 Subject Key Identifier: 
                1F:5E:E2:5D:50:8D:56:86:BE:4A:3C:CF:04:E8:A7:87:B5:CB:BF:83
            X509v3 Subject Alternative Name: 
                DirName:/OU=MOPR/serialNumber=31595+b4218f13-6fca-490f-9c47-3fc557dfc440
            X509v3 Authority Key Identifier: 
                keyid:CB:11:E8:CA:D2:B4:16:58:01:C9:37:2E:33:16:16:B9:4C:9A:0A:1F

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl

            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt

    Signature Algorithm: sha1WithRSAEncryption
         77:5c:eb:d7:91:3d:cd:bd:7b:83:d9:85:a9:b0:43:9d:73:7c:
         17:c9:0f:ed:36:db:c7:b5:2c:1b:5e:fb:54:05:3a:83:71:40:
         81:09:a2:b7:71:26:5e:d6:7d:b6:6c:3b:c9:aa:5f:5d:03:18:
         2a:1d:27:7e:07:e9:c5:65:1f:b5:cf:0d:b7:54:c7:28:38:5a:
         88:e7:7b:c1:19:b6:56:32:ba:e2:cc:cb:93:db:af:6e:0f:5d:
         44:f5:d4:b0:ef:1b:d5:4e:c1:af:0e:ef:20:9b:f2:e1:fe:27:
         5d:e8:c5:ff:61:f6:19:d2:28:0a:22:9d:df:cd:70:82:9e:18:
         72:d8:23:cc:7a:2c:43:ee:ff:ea:c0:e0:e6:1d:aa:9e:97:33:
         00:52:6f:07:b8:d3:88:6c:de:a4:06:35:a7:c2:53:86:65:11:
         77:09:8f:35:59:b9:d8:86:a8:00:fe:f8:31:7d:2c:f4:8c:05:
         9d:c0:c1:d5:77:72:6c:e9:4d:59:26:83:f1:c2:b2:88:57:93:
         35:00:7c:50:2b:bc:59:fc:fe:1c:29:38:82:d3:de:52:97:45:
         29:18:4e:96:5b:9d:ba:5f:1b:a3:f1:27:50:ea:07:95:e8:6d:
         34:0d:38:57:dc:37:28:35:95:3a:38:9c:d4:ed:6a:85:5d:0e:
         22:11:5e:7b
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:33:26:1a:00:00:00:00:00:31
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
        Validity
            Not Before: Aug 31 22:19:32 2010 GMT
            Not After : Aug 31 22:29:32 2020 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:72:59:5c:19:30:64:bf:1d:9a:60:20:20:42:
                    99:76:53:6c:3e:1b:d6:6f:cc:cb:f1:ea:6b:fe:97:
                    16:10:e0:df:3a:74:83:1a:b7:2f:a0:32:ec:ff:de:
                    c2:42:4e:23:d5:72:00:db:35:57:0a:89:ca:ae:20:
                    49:f4:f0:68:ac:4d:4b:8d:a5:bd:79:4b:71:9b:47:
                    07:da:fd:25:df:9d:75:88:cf:aa:73:44:7f:d7:81:
                    db:f3:bd:f2:36:a4:c9:5c:45:dc:af:ad:3d:e0:28:
                    68:97:1a:a7:a5:72:73:56:f1:17:94:e4:fd:35:94:
                    72:a0:d6:76:5f:1e:77:45:83:85:38:16:d0:73:5b:
                    05:ba:67:52:8d:a5:b2:69:2f:da:19:0b:fe:92:74:
                    29:e2:76:2f:54:dd:14:30:59:f8:d2:8d:62:fd:cb:
                    c9:5f:46:31:50:b9:27:13:e4:40:30:cf:72:29:10:
                    28:22:c7:37:4e:3d:a0:32:3d:90:cd:a1:38:06:85:
                    5c:4e:56:82:28:2a:05:32:b7:4b:d7:4f:63:e7:d2:
                    2d:62:f1:45:3d:e7:ac:08:00:f6:46:a1:9e:d1:5b:
                    8c:26:53:e8:7a:aa:4a:f2:46:cf:37:3c:38:9e:b4:
                    77:5c:a5:17:9e:8d:cb:11:8f:56:3c:c1:ac:09:5f:
                    03:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                CB:11:E8:CA:D2:B4:16:58:01:C9:37:2E:33:16:16:B9:4C:9A:0A:1F
            X509v3 Key Usage: 
                Digital Signature, Certificate Sign, CRL Sign
            1.3.6.1.4.1.311.21.1: 
                .....
            1.3.6.1.4.1.311.21.2: 
                ....1N.&....`;.1o.<..-
            1.3.6.1.4.1.311.20.2: 
                .
.S.u.b.C.A
            X509v3 Authority Key Identifier: 
                keyid:0E:AC:82:60:40:56:27:97:E5:25:13:FC:2A:E1:0A:53:95:59:E4:A4

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl

            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt

    Signature Algorithm: sha1WithRSAEncryption
         59:39:3e:7f:26:46:af:eb:6f:40:b1:32:b5:6a:eb:0e:2f:6e:
         a8:49:f7:eb:5f:75:ed:4c:3b:2d:d7:43:ad:0b:fe:cb:e9:2d:
         31:a3:23:cc:7c:50:98:80:21:5d:ac:3d:2f:4c:ba:a2:a8:56:
         9c:e3:70:bb:b8:b4:f8:79:b5:49:72:f7:3e:ea:41:7f:ca:e1:
         0c:17:69:cb:a5:9c:20:2d:fa:0b:50:c4:56:cd:2d:e3:4a:d2:
         bc:70:e7:a8:0d:a2:03:a5:56:e0:b8:8a:4b:57:f2:95:42:9c:
         f1:f3:ef:ee:e3:86:1f:34:3c:b8:56:9a:f0:53:23:85:2a:a4:
         82:1c:93:e2:94:07:1d:f2:e2:4e:f8:8c:a1:ca:e8:13:a5:91:
         4e:c8:1b:d2:8f:72:95:2a:71:6d:9b:1a:f8:1c:f0:53:d6:67:
         cc:22:ff:5c:1d:cd:a2:8c:bd:27:b2:79:63:56:44:a2:51:cd:
         f9:e9:a3:58:56:dd:9b:02:45:44:2f:5f:f4:da:ae:d4:82:32:
         6e:fc:a4:95:13:e4:eb:69:e7:a9:a2:2c:be:c8:2b:10:0e:65:
         8e:99:db:f5:a2:fa:12:26:09:65:38:94:f1:7a:1f:4a:bb:d1:
         e1:56:e8:d0:78:96:18:5c:c9:35:16:5f:dd:93:1d:49:8e:2d:
         be:ad:34:44:1c:ee:10:15:1a:00:5d:dd:35:5b:21:ce:98:c7:
         09:ee:85:0e:8c:4f:6d:0e:13:4e:3d:7c:29:48:9c:72:d1:f3:
         6c:ca:c1:ec:70:a3:57:92:57:7d:94:8d:a0:1b:48:03:5a:f7:
         cf:a3:67:0a:74:a5:36:ed:2d:2f:17:c8:e6:72:37:12:f4:6f:
         b1:3c:67:82:f9:52:b2:8d:33:16:65:1e:0e:8a:dd:10:de:64:
         f4:6f:ce:46:d4:d3:17:e9:79:c4:04:b4:d3:fb:2c:df:1f:8a:
         9e:ac:0a:fb:13:27:40:ad:e4:f9:e1:a9:7f:46:bb:07:60:47:
         65:60:40:4e:b0:42:ec:4e:ed:b3:76:79:d8:0a:34:09:6d:1c:
         80:31:1f:e2:0e:54:dd:e5:a1:fb:e5:47:10:ad:64:98:ff:50:
         16:2e:7c:bf:05:21:7a:e2:95:41:27:69:c3:93:8f:95:c9:8d:
         d8:9b:21:ae:0d:5c:9c:f0:a2:ae:86:68:83:0c:6a:2d:bb:76:
         6b:00:1d:96:ad:f2:16:7b:f6:16:83:24:b9:88:cf:6a:a8:47:
         31:2f:9a:dc:e3:71:3d:d7:00:7e:62:47:d1:ce:88:c9:b8:18:
         fa:0e:72:8d:c1:a3:3d:af:02:40:6a:ff:69:9b:96:e2:10:a8:
         10:b4:37:50:08:d6:c3:3d
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:16:68:34:00:00:00:00:00:1c
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
        Validity
            Not Before: Apr  3 12:53:09 2007 GMT
            Not After : Apr  3 13:03:09 2021 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time-Stamp PCA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a1:6c:b1:df:db:48:92:2a:7c:6b:2e:19:e1:
                    bd:e2:e3:c5:99:51:23:50:ad:ce:dd:18:4e:24:0f:
                    ee:d1:a7:d1:4c:ad:74:30:20:11:eb:07:d5:54:95:
                    15:49:94:1b:42:92:ae:98:5c:30:26:da:00:6b:e8:
                    7b:bd:ec:89:07:0f:f7:0e:04:98:f0:89:cc:1f:cb:
                    33:24:87:9d:f2:f4:67:1c:2c:fc:7b:e7:88:1d:ea:
                    e7:4e:a3:a1:c1:23:53:ca:8d:fa:45:cf:09:d0:5e:
                    af:d0:b0:42:04:a2:f9:a6:6c:93:67:d7:28:dc:46:
                    53:b0:86:d0:e5:28:46:2e:27:ac:86:4f:55:52:0c:
                    e4:03:2c:fb:6a:90:90:30:6e:87:f3:59:30:9d:fa:
                    7e:d6:97:b3:e8:21:97:7e:f8:d2:13:f3:08:b7:53:
                    6d:52:b4:45:90:9f:48:00:4a:47:66:11:27:29:66:
                    a8:97:e4:d3:06:81:4a:a2:f9:84:a7:11:47:14:09:
                    82:9f:84:ed:55:78:fe:01:9a:1d:50:08:85:00:10:
                    30:46:ed:b7:de:23:46:bb:c4:2d:54:9f:af:1e:78:
                    41:31:77:cc:9b:df:3b:83:93:a1:61:02:b5:1d:0d:
                    b1:fc:f7:9b:b2:01:ce:22:4b:54:ff:f9:05:c3:c2:
                    20:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                23:34:F8:D9:52:46:70:0A:ED:40:FB:76:FB:B3:2B:B0:C3:35:B3:0F
            X509v3 Key Usage: 
                Digital Signature, Certificate Sign, CRL Sign
            1.3.6.1.4.1.311.21.1: 
                ...
            X509v3 Authority Key Identifier: 
                keyid:0E:AC:82:60:40:56:27:97:E5:25:13:FC:2A:E1:0A:53:95:59:E4:A4
                DirName:/DC=com/DC=microsoft/CN=Microsoft Root Certificate Authority
                serial:79:AD:16:A1:4A:A0:A5:AD:4C:73:58:F4:07:13:2E:65

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl

            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt

            X509v3 Extended Key Usage: 
                Time Stamping
    Signature Algorithm: sha1WithRSAEncryption
         10:97:8a:c3:5c:03:44:36:dd:e9:b4:ad:77:db:ce:79:51:4d:
         01:b1:2e:74:71:5b:6d:0c:13:ab:ce:be:7b:8f:b8:2e:d4:12:
         a2:8c:6d:62:b8:57:02:cb:4e:20:13:50:99:dd:7a:40:e2:57:
         bb:af:58:9a:1c:e1:1d:01:86:ac:bb:78:f2:8b:d0:ec:3b:01:
         ee:e2:be:8f:0a:05:c8:8d:48:e2:f0:53:15:dd:4f:ab:92:e4:
         e7:8d:6a:d5:80:c1:e6:94:f2:06:2f:85:03:e9:91:2a:24:22:
         70:fb:f6:fc:e4:78:99:2e:0d:f7:07:e2:70:bc:18:4e:9d:8e:
         6b:0a:72:95:b8:a1:39:9c:67:2d:c5:51:0e:ea:62:5c:3f:16:
         98:8b:20:3f:e2:07:1a:32:f9:cc:31:4a:76:31:3d:2b:72:0b:
         c8:ea:70:3d:ff:85:0a:13:df:c2:0a:61:8e:f0:d7:b8:17:eb:
         4e:8b:7f:c5:35:2b:5e:a3:bf:eb:bc:7d:0b:42:7b:d4:53:72:
         21:ee:30:ca:bb:78:65:5c:5b:01:17:0a:14:0e:d2:da:14:98:
         f5:3c:b9:66:58:b3:2d:2f:e7:f9:85:86:cc:51:56:e8:9d:70:
         94:6c:ac:39:4c:d4:f6:79:bf:aa:18:7a:62:29:ef:a2:9b:29:
         34:06:77:1a:62:c9:3d:1e:6d:1f:82:f0:0b:c7:2c:bb:cf:43:
         b3:e5:f9:ec:7d:b5:e3:a4:a8:74:35:b8:4e:c5:71:23:12:26:
         76:0b:3c:52:8c:71:5a:46:43:14:bc:b3:b3:b0:4d:67:c8:9f:
         42:ff:80:79:21:80:9e:15:30:66:e8:42:12:5e:1a:c8:9e:22:
         21:d0:43:e9:2b:e9:bb:f4:48:cc:2c:d4:d8:32:80:4c:26:2a:
         48:24:5f:5a:ea:56:ef:a6:de:99:9d:ca:3a:6f:bd:81:27:74:
         06:11:ee:76:21:bf:9b:82:c1:27:54:b6:b1:6a:3d:89:a1:76:
         61:b4:6e:a1:13:a6:bf:aa:47:f0:12:6f:fd:8a:32:6c:b2:fe:
         df:51:c8:8c:23:c9:66:bd:9d:1d:87:12:64:02:3d:2d:af:59:
         8f:b8:e4:21:e5:b5:b0:ca:63:b4:78:54:05:d4:41:2e:50:ac:
         94:b0:a5:78:ab:b3:a0:96:75:1a:d9:92:87:13:75:22:2f:32:
         a8:08:6e:a0:5b:8c:25:bf:a0:ef:84:ca:21:d6:eb:1e:4f:c9:
         9a:ee:49:e0:f7:01:65:6f:89:0b:7d:c8:69:c8:e6:6e:ea:a7:
         97:ce:31:29:ff:0e:c5:5b:5c:d8:4d:1b:a1:d8:fa:2f:9e:3f:
         2e:55:16:6b:c9:13:a3:fd
pkcs7-signedData
  • 1
    • SHA1: nil
    • 1.3.6.1.4.1.311.2.1.4
      • #0
        • 1.3.6.1.4.1.311.2.1.15
          • :
        • SHA1
          • f7 f0 fa 64 51 d4 e0 4f  c7 b3 36 12 42 43 26 32  |...dQ..O..6.BC&2|
87 1e 7b 76                                       |..{v            |
    • unnamed
      • Certificate #0
        • 2
          • 33:00:00:00:71:B3:2E:8A:6B:82:AA:1F:4E:00:00:00:
            00:00:71
          • RSA-SHA1: nil
          • Issuer
            • C: US
            • ST: Washington
            • L: Redmond
            • O: Microsoft Corporation
            • CN: Microsoft Time-Stamp PCA
          • 2015-03-20 17:32:03 UTC: 2016-06-20 17:32:03 UTC
          • Subject
            • C: US
            • ST: Washington
            • L: Redmond
            • O: Microsoft Corporation
            • OU: MOPR
            • OU: nCipher DSE ESN:B8EC-30A4-7144
            • CN: Microsoft Time-Stamp Service
          • #5
            • rsaEncryption: nil
            • EA:91:BD:B2:88:FD:14:6F:21:36:28:03:66:33:3A:66:
              08:FB:5B:4B:A4:AB:A0:28:34:4A:43:32:08:C0:86:E5:
              C9:3D:D5:25:BC:7B:3E:62:87:D6:7D:EF:0F:74:53:A3:
              F1:91:63:88:74:7F:E8:24:CD:03:50:C5:F1:CA:00:16:
              7B:A5:39:B0:06:1C:3C:44:7E:F9:EB:C4:B2:81:BC:17:
              23:BA:FD:65:38:19:85:7F:CA:A0:29:FD:F6:3A:C0:0B:
              2F:68:F4:E0:34:4E:7D:6F:17:C0:6E:99:AA:FA:7F:61:
              25:D1:26:70:D2:74:7D:DF:61:73:5C:CE:54:2A:39:51:
              03:33:09:F8:50:AD:78:C7:89:08:B6:D4:85:2A:3F:D7:
              D8:1F:51:EA:EF:FC:68:5E:B5:C1:E7:07:68:32:8D:2F:
              72:51:FE:03:31:47:51:C5:D2:EB:72:07:AF:20:95:F8:
              DA:6A:F8:77:67:E4:60:9A:70:4C:AB:45:CB:7E:08:AF:
              E5:81:D4:57:CF:3A:CC:13:75:9D:26:CD:A0:A2:69:50:
              BC:3A:88:94:DF:B0:54:38:DE:89:39:CD:86:32:A5:90:
              0F:7E:BF:ED:CC:94:25:A6:41:86:61:26:C7:DD:37:7E:
              5C:0D:E8:17:CA:37:7F:E8:24:B6:4E:B4:F8:1B:23:EB              : 0x010001
          • #6
            • subjectKeyIdentifier: 
              f8 fd 23 87 05 94 80 56  cd 33 a5 41 c2 6c cc 08  |..#....V.3.A.l..|
36 c8 b2 a2                                       |6...            |
            • authorityKeyIdentifier: 
              23 34 f8 d9 52 46 70 0a  ed 40 fb 76 fb b3 2b b0  |#4..RFp..@.v..+.|
c3 35 b3 0f                                       |.5..            |
            • crlDistributionPoints: http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl
            • authorityInfoAccess
              • caIssuers: http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt
            • extendedKeyUsage: timeStamping
        • RSA-SHA1: 
          2d 04 b4 ca 29 0b 59 fc  2e ea a0 af 4c 4e 68 04  |-...).Y.....LNh.|
f8 92 ed 29 c2 66 cc 6b  70 c9 87 e8 be 87 fc 5d  |...).f.kp......]|
f4 dd 4f a5 1a 6f 78 97  ad 6b 05 38 51 41 72 9d  |..O..ox..k.8QAr.|
39 e4 1a 1b c3 6d 71 fc  70 b6 d3 cc b6 90 58 04  |9....mq.p.....X.|
28 3f d6 1e ef 83 b3 14  18 0c 95 0b f7 a5 11 13  |(?..............|
98 c6 85 56 5e ee 33 b4  0c 37 b5 80 ea f5 12 68  |...V^.3..7.....h|
d9 2e 7b 86 08 72 3b 14  7b d4 d9 d0 16 4f c0 2f  |..{..r;.{....O./|
0b 1f 2d ca e5 1b d0 ae  e9 84 b0 8f 0b 5d 73 b8  |..-..........]s.|
16 81 40 23 58 2c ea 61  aa fe bd 7f d3 8d 5a 70  |..@#X,.a......Zp|
fc 79 cd 66 96 65 63 b5  05 12 76 e2 2a 3b 2b ed  |.y.f.ec...v.*;+.|
82 ac 9a ec 27 41 a7 97  0e 23 16 9f 41 c8 4e 6d  |....'A...#..A.Nm|
53 11 40 04 cc 60 99 da  98 ec 2b ae 97 fb e0 7d  |S.@..`....+....}|
f5 ba 8b 00 f4 25 17 7f  62 7a bb 51 57 c1 f0 f0  |.....%..bz.QW...|
cd 9c 1b 61 73 ad 95 8c  2b 76 22 a8 ab 70 38 b4  |...as...+v"..p8.|
01 28 7d 66 42 53 de 9f  f4 07 7c 5a 30 0e 82 03  |.(}fBS....|Z0...|
59 f6 84 86 b9 15 25 62  b0 0b d2 cf f1 db 96 45  |Y.....%b.......E|
      • Certificate #1
        • 2
          • 33:00:00:00:CA:6C:D5:32:12:35:C4:E1:55:00:01:00:
            00:00:CA
          • RSA-SHA1: nil
          • Issuer
            • C: US
            • ST: Washington
            • L: Redmond
            • O: Microsoft Corporation
            • CN: Microsoft Code Signing PCA
          • 2014-04-22 17:39:00 UTC: 2015-07-22 17:39:00 UTC
          • Subject
            • C: US
            • ST: Washington
            • L: Redmond
            • O: Microsoft Corporation
            • OU: MOPR
            • CN: Microsoft Corporation
          • #5
            • rsaEncryption: nil
            • 96:71:5D:ED:06:46:FA:84:CB:9D:5B:B7:46:C7:B0:E1:
              B4:11:39:03:AD:B1:15:73:60:9C:EB:A7:B6:6E:1A:3C:
              3F:FF:65:E3:34:F1:A6:A5:21:5E:56:99:6C:58:E4:92:
              A1:0A:5C:C2:D3:DC:52:2F:0C:65:9A:20:61:40:53:31:
              9C:6C:8F:21:7D:BA:F9:FE:13:50:52:60:95:3A:5B:B9:
              58:A5:74:61:41:A9:94:E0:AD:26:4E:4C:A1:97:70:49:
              27:5E:7C:67:CA:4F:1E:71:84:46:BC:1D:4B:B6:E2:0F:
              C5:C6:27:C9:07:E6:7A:0A:A5:17:00:19:4C:70:45:38:
              2D:81:B4:50:AA:C5:67:D1:FA:79:BC:C5:CC:A1:72:9B:
              F4:25:34:98:F8:54:DF:12:39:38:12:2F:A4:6B:A5:9A:
              7E:C7:62:D1:DC:CF:ED:3D:34:F8:B9:DF:35:30:BA:EC:
              79:32:A9:E1:A9:AC:55:4D:4C:7F:4C:56:C3:13:0B:76:
              F1:07:F9:CC:47:AC:FB:88:D5:52:A5:1E:28:FA:3D:2D:
              CF:CF:84:98:86:71:65:11:CF:85:C9:09:44:86:E1:6F:
              E7:B1:FC:AC:40:44:A5:A9:8B:23:3F:82:49:9D:D5:96:
              59:50:13:59:18:73:FF:43:0C:AD:2B:D4:7F:30:40:67              : 0x010001
          • #6
            • extendedKeyUsage: codeSigning
            • subjectKeyIdentifier: 
              1f 5e e2 5d 50 8d 56 86  be 4a 3c cf 04 e8 a7 87  |.^.]P.V..J<.....|
b5 cb bf 83                                       |....            |
            • subjectAltName
              • #0
                • OU: MOPR
                • serialNumber: 31595+b4218f13-6fca-490f-9c47-3fc557dfc440
            • authorityKeyIdentifier: 
              cb 11 e8 ca d2 b4 16 58  01 c9 37 2e 33 16 16 b9  |.......X..7.3...|
4c 9a 0a 1f                                       |L...            |
            • crlDistributionPoints: http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl
            • authorityInfoAccess
              • caIssuers: http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt
        • RSA-SHA1: 
          77 5c eb d7 91 3d cd bd  7b 83 d9 85 a9 b0 43 9d  |w\...=..{.....C.|
73 7c 17 c9 0f ed 36 db  c7 b5 2c 1b 5e fb 54 05  |s|....6...,.^.T.|
3a 83 71 40 81 09 a2 b7  71 26 5e d6 7d b6 6c 3b  |:.q@....q&^.}.l;|
c9 aa 5f 5d 03 18 2a 1d  27 7e 07 e9 c5 65 1f b5  |.._]..*.'~...e..|
cf 0d b7 54 c7 28 38 5a  88 e7 7b c1 19 b6 56 32  |...T.(8Z..{...V2|
ba e2 cc cb 93 db af 6e  0f 5d 44 f5 d4 b0 ef 1b  |.......n.]D.....|
d5 4e c1 af 0e ef 20 9b  f2 e1 fe 27 5d e8 c5 ff  |.N.... ....']...|
61 f6 19 d2 28 0a 22 9d  df cd 70 82 9e 18 72 d8  |a...(."...p...r.|
23 cc 7a 2c 43 ee ff ea  c0 e0 e6 1d aa 9e 97 33  |#.z,C..........3|
00 52 6f 07 b8 d3 88 6c  de a4 06 35 a7 c2 53 86  |.Ro....l...5..S.|
65 11 77 09 8f 35 59 b9  d8 86 a8 00 fe f8 31 7d  |e.w..5Y.......1}|
2c f4 8c 05 9d c0 c1 d5  77 72 6c e9 4d 59 26 83  |,.......wrl.MY&.|
f1 c2 b2 88 57 93 35 00  7c 50 2b bc 59 fc fe 1c  |....W.5.|P+.Y...|
29 38 82 d3 de 52 97 45  29 18 4e 96 5b 9d ba 5f  |)8...R.E).N.[.._|
1b a3 f1 27 50 ea 07 95  e8 6d 34 0d 38 57 dc 37  |...'P....m4.8W.7|
28 35 95 3a 38 9c d4 ed  6a 85 5d 0e 22 11 5e 7b  |(5.:8...j.].".^{|
      • #2
        • 2
          • 61:33:26:1A:00:00:00:00:00:31
          • RSA-SHA1: nil
          • #2
            • DC: com
            • DC: microsoft
            • CN: Microsoft Root Certificate Authority
          • 2010-08-31 22:19:32 UTC: 2020-08-31 22:29:32 UTC
          • Subject
            • C: US
            • ST: Washington
            • L: Redmond
            • O: Microsoft Corporation
            • CN: Microsoft Code Signing PCA
          • #5
            • rsaEncryption: nil
            • B2:72:59:5C:19:30:64:BF:1D:9A:60:20:20:42:99:76:
              53:6C:3E:1B:D6:6F:CC:CB:F1:EA:6B:FE:97:16:10:E0:
              DF:3A:74:83:1A:B7:2F:A0:32:EC:FF:DE:C2:42:4E:23:
              D5:72:00:DB:35:57:0A:89:CA:AE:20:49:F4:F0:68:AC:
              4D:4B:8D:A5:BD:79:4B:71:9B:47:07:DA:FD:25:DF:9D:
              75:88:CF:AA:73:44:7F:D7:81:DB:F3:BD:F2:36:A4:C9:
              5C:45:DC:AF:AD:3D:E0:28:68:97:1A:A7:A5:72:73:56:
              F1:17:94:E4:FD:35:94:72:A0:D6:76:5F:1E:77:45:83:
              85:38:16:D0:73:5B:05:BA:67:52:8D:A5:B2:69:2F:DA:
              19:0B:FE:92:74:29:E2:76:2F:54:DD:14:30:59:F8:D2:
              8D:62:FD:CB:C9:5F:46:31:50:B9:27:13:E4:40:30:CF:
              72:29:10:28:22:C7:37:4E:3D:A0:32:3D:90:CD:A1:38:
              06:85:5C:4E:56:82:28:2A:05:32:B7:4B:D7:4F:63:E7:
              D2:2D:62:F1:45:3D:E7:AC:08:00:F6:46:A1:9E:D1:5B:
              8C:26:53:E8:7A:AA:4A:F2:46:CF:37:3C:38:9E:B4:77:
              5C:A5:17:9E:8D:CB:11:8F:56:3C:C1:AC:09:5F:03:D3              : 0x010001
          • X509v3 extensions
            • basicConstraints: true, true
            • subjectKeyIdentifier: 
              cb 11 e8 ca d2 b4 16 58  01 c9 37 2e 33 16 16 b9  |.......X..7.3...|
4c 9a 0a 1f                                       |L...            |
            • keyUsage: 0x86
            • 1.3.6.1.4.1.311.21.1: 0x010001
            • 1.3.6.1.4.1.311.21.2: 
              fd d1 31 4e d3 26 8a 95  e1 98 60 3b a8 31 6f a6  |..1N.&....`;.1o.|
3c bc d8 2d                                       |<..-            |
            • 1.3.6.1.4.1.311.20.2: 
              00 53 00 75 00 62 00 43  00 41                    |.S.u.b.C.A      |
            • authorityKeyIdentifier: 
              0e ac 82 60 40 56 27 97  e5 25 13 fc 2a e1 0a 53  |...`@V'..%..*..S|
95 59 e4 a4                                       |.Y..            |
            • crlDistributionPoints: http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
            • authorityInfoAccess
              • caIssuers: http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt
        • RSA-SHA1: 
          59 39 3e 7f 26 46 af eb  6f 40 b1 32 b5 6a eb 0e  |Y9>.&F..o@.2.j..|
2f 6e a8 49 f7 eb 5f 75  ed 4c 3b 2d d7 43 ad 0b  |/n.I.._u.L;-.C..|
fe cb e9 2d 31 a3 23 cc  7c 50 98 80 21 5d ac 3d  |...-1.#.|P..!].=|
2f 4c ba a2 a8 56 9c e3  70 bb b8 b4 f8 79 b5 49  |/L...V..p....y.I|
72 f7 3e ea 41 7f ca e1  0c 17 69 cb a5 9c 20 2d  |r.>.A.....i... -|
fa 0b 50 c4 56 cd 2d e3  4a d2 bc 70 e7 a8 0d a2  |..P.V.-.J..p....|
03 a5 56 e0 b8 8a 4b 57  f2 95 42 9c f1 f3 ef ee  |..V...KW..B.....|
e3 86 1f 34 3c b8 56 9a  f0 53 23 85 2a a4 82 1c  |...4<.V..S#.*...|
93 e2 94 07 1d f2 e2 4e  f8 8c a1 ca e8 13 a5 91  |.......N........|
4e c8 1b d2 8f 72 95 2a  71 6d 9b 1a f8 1c f0 53  |N....r.*qm.....S|
d6 67 cc 22 ff 5c 1d cd  a2 8c bd 27 b2 79 63 56  |.g.".\.....'.ycV|
44 a2 51 cd f9 e9 a3 58  56 dd 9b 02 45 44 2f 5f  |D.Q....XV...ED/_|
f4 da ae d4 82 32 6e fc  a4 95 13 e4 eb 69 e7 a9  |.....2n......i..|
a2 2c be c8 2b 10 0e 65  8e 99 db f5 a2 fa 12 26  |.,..+..e.......&|
09 65 38 94 f1 7a 1f 4a  bb d1 e1 56 e8 d0 78 96  |.e8..z.J...V..x.|
18 5c c9 35 16 5f dd 93  1d 49 8e 2d be ad 34 44  |.\.5._...I.-..4D|
1c ee 10 15 1a 00 5d dd  35 5b 21 ce 98 c7 09 ee  |......].5[!.....|
85 0e 8c 4f 6d 0e 13 4e  3d 7c 29 48 9c 72 d1 f3  |...Om..N=|)H.r..|
6c ca c1 ec 70 a3 57 92  57 7d 94 8d a0 1b 48 03  |l...p.W.W}....H.|
5a f7 cf a3 67 0a 74 a5  36 ed 2d 2f 17 c8 e6 72  |Z...g.t.6.-/...r|
37 12 f4 6f b1 3c 67 82  f9 52 b2 8d 33 16 65 1e  |7..o.
      • #3
        • 2
          • 61:16:68:34:00:00:00:00:00:1C
          • RSA-SHA1: nil
          • #2
            • DC: com
            • DC: microsoft
            • CN: Microsoft Root Certificate Authority
          • 2007-04-03 12:53:09 UTC: 2021-04-03 13:03:09 UTC
          • Subject
            • C: US
            • ST: Washington
            • L: Redmond
            • O: Microsoft Corporation
            • CN: Microsoft Time-Stamp PCA
          • #5
            • rsaEncryption: nil
            • 9F:A1:6C:B1:DF:DB:48:92:2A:7C:6B:2E:19:E1:BD:E2:
              E3:C5:99:51:23:50:AD:CE:DD:18:4E:24:0F:EE:D1:A7:
              D1:4C:AD:74:30:20:11:EB:07:D5:54:95:15:49:94:1B:
              42:92:AE:98:5C:30:26:DA:00:6B:E8:7B:BD:EC:89:07:
              0F:F7:0E:04:98:F0:89:CC:1F:CB:33:24:87:9D:F2:F4:
              67:1C:2C:FC:7B:E7:88:1D:EA:E7:4E:A3:A1:C1:23:53:
              CA:8D:FA:45:CF:09:D0:5E:AF:D0:B0:42:04:A2:F9:A6:
              6C:93:67:D7:28:DC:46:53:B0:86:D0:E5:28:46:2E:27:
              AC:86:4F:55:52:0C:E4:03:2C:FB:6A:90:90:30:6E:87:
              F3:59:30:9D:FA:7E:D6:97:B3:E8:21:97:7E:F8:D2:13:
              F3:08:B7:53:6D:52:B4:45:90:9F:48:00:4A:47:66:11:
              27:29:66:A8:97:E4:D3:06:81:4A:A2:F9:84:A7:11:47:
              14:09:82:9F:84:ED:55:78:FE:01:9A:1D:50:08:85:00:
              10:30:46:ED:B7:DE:23:46:BB:C4:2D:54:9F:AF:1E:78:
              41:31:77:CC:9B:DF:3B:83:93:A1:61:02:B5:1D:0D:B1:
              FC:F7:9B:B2:01:CE:22:4B:54:FF:F9:05:C3:C2:20:0B              : 0x010001
          • X509v3 extensions
            • basicConstraints: true, true
            • subjectKeyIdentifier: 
              23 34 f8 d9 52 46 70 0a  ed 40 fb 76 fb b3 2b b0  |#4..RFp..@.v..+.|
c3 35 b3 0f                                       |.5..            |
            • keyUsage: 0x86
            • 1.3.6.1.4.1.311.21.1: 0
            • authorityKeyIdentifier
              • 0e ac 82 60 40 56 27 97  e5 25 13 fc 2a e1 0a 53  |...`@V'..%..*..S|
95 59 e4 a4                                       |.Y..            |
                • #0
                  • DC: com
                  • DC: microsoft
                  • CN: Microsoft Root Certificate Authority
                • 79 ad 16 a1 4a a0 a5 ad  4c 73 58 f4 07 13 2e 65  |y...J...LsX....e|
            • crlDistributionPoints: http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
            • authorityInfoAccess
              • caIssuers: http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt
            • extendedKeyUsage: timeStamping
        • RSA-SHA1: 
          10 97 8a c3 5c 03 44 36  dd e9 b4 ad 77 db ce 79  |....\.D6....w..y|
51 4d 01 b1 2e 74 71 5b  6d 0c 13 ab ce be 7b 8f  |QM...tq[m.....{.|
b8 2e d4 12 a2 8c 6d 62  b8 57 02 cb 4e 20 13 50  |......mb.W..N .P|
99 dd 7a 40 e2 57 bb af  58 9a 1c e1 1d 01 86 ac  |..z@.W..X.......|
bb 78 f2 8b d0 ec 3b 01  ee e2 be 8f 0a 05 c8 8d  |.x....;.........|
48 e2 f0 53 15 dd 4f ab  92 e4 e7 8d 6a d5 80 c1  |H..S..O.....j...|
e6 94 f2 06 2f 85 03 e9  91 2a 24 22 70 fb f6 fc  |..../....*$"p...|
e4 78 99 2e 0d f7 07 e2  70 bc 18 4e 9d 8e 6b 0a  |.x......p..N..k.|
72 95 b8 a1 39 9c 67 2d  c5 51 0e ea 62 5c 3f 16  |r...9.g-.Q..b\?.|
98 8b 20 3f e2 07 1a 32  f9 cc 31 4a 76 31 3d 2b  |.. ?...2..1Jv1=+|
72 0b c8 ea 70 3d ff 85  0a 13 df c2 0a 61 8e f0  |r...p=.......a..|
d7 b8 17 eb 4e 8b 7f c5  35 2b 5e a3 bf eb bc 7d  |....N...5+^....}|
0b 42 7b d4 53 72 21 ee  30 ca bb 78 65 5c 5b 01  |.B{.Sr!.0..xe\[.|
17 0a 14 0e d2 da 14 98  f5 3c b9 66 58 b3 2d 2f  |.........<.fX.-/|
e7 f9 85 86 cc 51 56 e8  9d 70 94 6c ac 39 4c d4  |.....QV..p.l.9L.|
f6 79 bf aa 18 7a 62 29  ef a2 9b 29 34 06 77 1a  |.y...zb)...)4.w.|
62 c9 3d 1e 6d 1f 82 f0  0b c7 2c bb cf 43 b3 e5  |b.=.m.....,..C..|
f9 ec 7d b5 e3 a4 a8 74  35 b8 4e c5 71 23 12 26  |..}....t5.N.q#.&|
76 0b 3c 52 8c 71 5a 46  43 14 bc b3 b3 b0 4d 67  |v.
    • Signer
      • 1
      • unnamed
        • #0
          • C: US
          • ST: Washington
          • L: Redmond
          • O: Microsoft Corporation
          • CN: Microsoft Code Signing PCA
        • 33:00:00:00:CA:6C:D5:32:12:35:C4:E1:55:00:01:00:
          00:00:CA
      • SHA1: nil
      • #3
        • contentType: 1.3.6.1.4.1.311.2.1.4
        • 1.3.6.1.4.1.311.2.1.11: msCodeInd
        • messageDigest: 
          e1 e3 c2 2a 2b e3 92 96  bf 79 18 a8 92 c0 83 ae  |...*+....y......|
4b 2e 57 8e                                       |K.W.            |
        • 1.3.6.1.4.1.311.2.1.12
          • 00 50 00 72 00 6f 00 63  00 6d 00 6f 00 6e        |.P.r.o.c.m.o.n  |
            : http://www.sysinternals.com
      • rsaEncryption: 
        3e 41 46 8f 01 03 df 01  d8 3f 2e 03 64 a0 66 4a  |>AF......?..d.fJ|
c2 5b 0e a5 68 b9 38 63  3d 51 4a dc 1a f0 46 cd  |.[..h.8c=QJ...F.|
46 1e 27 88 74 9f 38 d6  89 0b e4 a8 31 48 f3 d4  |F.'.t.8.....1H..|
07 50 92 74 6b cf c1 38  f8 d6 05 4f 4d f1 16 29  |.P.tk..8...OM..)|
55 c3 94 7e c7 d7 03 2e  dc 65 73 07 3a 6a f8 96  |U..~.....es.:j..|
a4 1e 69 fb a9 e5 41 d6  a5 b0 c6 67 2b 7f e4 f8  |..i...A....g+...|
c1 a1 a0 d3 08 79 65 01  44 45 de 1f 2d 85 9c 56  |.....ye.DE..-..V|
eb dd 35 79 36 cf 19 62  6f 4e b9 90 3d c4 f7 8b  |..5y6..boN..=...|
ed 1c cf e4 89 ba 23 ff  be bb 3f f3 7c f8 6f 2f  |......#...?.|.o/|
54 18 ab d9 2a 20 54 2d  21 46 d9 b7 81 d7 ec 0b  |T...* T-!F......|
c7 82 d6 be b0 d6 95 e4  17 0b d4 e5 50 db e4 89  |............P...|
85 0a 3d 6c 84 e2 bf fe  71 0e e5 9c 70 b7 12 a3  |..=l....q...p...|
d9 5e 43 27 fe 49 2b 2e  b1 f7 23 df 87 bc 26 33  |.^C'.I+...#...&3|
fa 6e e4 86 eb e6 f8 e7  05 51 b6 82 2a 40 f5 94  |.n.......Q..*@..|
f6 be 4d 84 4e 8d f8 51  41 06 50 0c f4 32 45 fa  |..M.N..QA.P..2E.|
16 c5 d7 c1 b5 af b5 f4  bc 34 32 5f 6f 27 76 14  |.........42_o'v.|
      • countersignature
        • 1
          • unnamed
            • #0
              • C: US
              • ST: Washington
              • L: Redmond
              • O: Microsoft Corporation
              • CN: Microsoft Time-Stamp PCA
            • 33:00:00:00:71:B3:2E:8A:6B:82:AA:1F:4E:00:00:00:
              00:00:71
          • SHA1: nil
          • #2
            • contentType: pkcs7-data
            • signingTime: 2015-05-26 00:38:01 UTC
            • messageDigest: 
              36 b2 1d 24 e9 36 15 f8  18 93 1b 86 54 49 51 5e  |6..$.6......TIQ^|
74 38 4a aa                                       |t8J.            |
          • RSA-SHA1: 
            0e a9 7b df 2c 2e 31 02  95 bb 34 23 bd 67 66 15  |..{.,.1...4#.gf.|
2d d7 86 de ee 7e 22 d9  dc 9a 64 b8 0e ef ee c8  |-....~"...d.....|
6d 3e ad 1c bd 1d 8e 7c  ba 10 d6 83 b1 c0 a1 e1  |m>.....|........|
51 87 06 08 8e 9c 4f b5  55 53 a6 6a 4d 2b 92 a0  |Q.....O.US.jM+..|
a1 fb 27 13 f1 1f 83 9e  d0 23 02 14 7f fb a8 bb  |..'......#......|
3d 36 3d 61 38 1c 6d a9  a2 6f 8c 35 4a 98 96 13  |=6=a8.m..o.5J...|
d9 43 22 45 25 e8 7f 97  3b 27 44 e7 6a 3e c4 bc  |.C"E%...;'D.j>..|
17 a0 c4 ab 3b 2f d5 bc  39 c1 ad bf 5c 16 f7 e7  |....;/..9...\...|
2b 71 f4 36 c6 91 35 35  7b c5 2a 4b c6 05 59 48  |+q.6..55{.*K..YH|
e9 2e 86 13 77 91 05 18  68 06 8c 09 85 6d f4 a4  |....w...h....m..|
27 82 29 52 92 9b ae ef  66 8a bb e2 2e 0b d3 f4  |'.)R....f.......|
bb 5e 62 3c d2 82 26 38  88 37 62 9f dd e7 3c 4c  |.^b<..&8.7b...c&Xb.......Pr|
50 0e ea c9 3b 03 53 55  1c 70 7e 90 71 d9 f7 7d  |P...;.SU.p~.q..}|
offsetsizetypecomment
02039808EXE05/26/2015 00:37:43#
15c115HTM#
1f20006800PKCS7Authenticode Signature#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







everything is OK