procexp.exe - Sysinternals Process Explorer

info
MZ
PE
resources
strings
imports
foremost
version info
signature
hexdump
disasm
log
discuss
donate

filename	procexp.exe
size	2508432 (0x264690)
md5	9d8a4379868618f46677dbf2b94c800a

type	PE32 executable (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x108

Rich Header

lib id	version	times used
199	41118	1
223	21005	28
224	21005	168
225	21005	64
225	20806	7
131	30729	10
132	30729	1
147	30729	37
1	0	541
224	31101	2
225	31101	62
219	21005	1
222	31101	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	5
TimeDateStamp	0x5550362e
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x102
Magic	0x10b
LinkerVersion	12.0
SizeOfCode	0xadc00
SizeOfInitializedData	0x1b4c00
SizeOfUninitializedData	0
AddressOfEntryPoint	0x95108
BaseOfCode	0x1000
BaseOfData	0xaf000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	5.1
ImageVersion	0.0
SubsystemVersion	5.1
Reserved1	0
SizeOfImage	0x28a000
SizeOfHeaders	0x400
CheckSum	0x26d326
Subsystem	2
DllCharacteristics	0x8140
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

MS Visual C++ v8.0

Sections

name	va	vsize	raw size	flags
.text	0x1000	0xadb06	0xadc00	R-X CODE
.rdata	0xaf000	0x25b84	0x25c00	R-- IDATA
.data	0xd5000	0x2d6e8	0x9200	RW- IDATA
.rsrc	0x103000	0x17a368	0x17a400	R-- IDATA
.reloc	0x27e000	0xb8d4	0xba00	R-- IDATA DISCARDABLE

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0xd1e84	0x17c
RESOURCE	0x103000	0x17a368
EXCEPTION	0	0
SECURITY	0x262c00	0x1a90
BASERELOC	0x27e000	0xb8d4
DEBUG	0xaf980	0x1c
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0xcaaf8	0x40
Bound_IAT	0	0
IAT	0xaf000	0x848
Delay_IAT	0	0
CLR_Header	0	0

show previews

type	name	size	cp
BINRES	#150	29160	1252
BINRES	#152	1347216	1252
CURSOR	#1	308	1252
CURSOR	#2	308	1252
CURSOR	#3	308	1252
CURSOR	#4	308	1252
BITMAP	#108	4424	1252
ICON	#5	1384	1252
ICON	#6	1128	1252
ICON	#7	2216	1252
ICON	#8	4264	1252
ICON	#9	3752	1252
ICON	#10	9640	1252
ICON	#11	296	1252
ICON	#12	744	1252
ICON	#13	296	1252
ICON	#14	1640	1252
ICON	#15	744	1252
ICON	#16	296	1252
ICON	#17	3752	1252
ICON	#18	2216	1252
ICON	#19	1736	1252
ICON	#20	1384	1252
ICON	#21	9640	1252
ICON	#22	4264	1252
ICON	#23	2440	1252
ICON	#24	1128	1252
ICON	#25	744	1252
ICON	#26	744	1252
ICON	#27	744	1252
ICON	#28	296	1252
ICON	#29	1640	1252
ICON	#30	744	1252
ICON	#31	296	1252
ICON	#32	3752	1252
ICON	#33	2216	1252
ICON	#34	1384	1252
ICON	#35	9640	1252
ICON	#36	4264	1252
ICON	#37	1128	1252
MENU	DLLMENU	140	1252
MENU	HANDLEMENU	70	1252
MENU	OPACITY	150	1252
MENU	PRIORITY	108	1252
MENU	PROCESSOR	92	1252
MENU	PROCEXPLORER	2804	1252
MENU	TRAYMENU	174	1252
MENU	USERS	230	1252
DIALOG	ABOUTBOX	446	1252
DIALOG	CHOOSECOLORS	2114	1252
DIALOG	COLUMNSETS	436	1252
DIALOG	COLUMNSETSAVE	304	1252
DIALOG	CPUAFFINITY	1806	1252
DIALOG	CPUAFFINITY64	3216	1252
DIALOG	DIFFDURATION	456	1252
DIALOG	DLLCOLUMNS	1364	1252
DIALOG	DLLCOLUMNS95	784	1252
DIALOG	DLLINFO	1264	1252
DIALOG	DLLSTRINGS	474	1252
DIALOG	FINDDIALOG	392	1252
DIALOG	HANDLECOLUMNS	574	1252
DIALOG	HANDLEINFO	1148	1252
DIALOG	HANDLEINFO95	640	1252
DIALOG	MEMSCANPROGRESS	288	1252
DIALOG	NETCOLUMNS	1674	1252
DIALOG	PREFERENCES	212	1252
DIALOG	PROCCLR	242	1252
DIALOG	PROCCOLUMNS	1656	1252
DIALOG	PROCCOLUMNS95	986	1252
DIALOG	PROCCPU	290	1252
DIALOG	PROCCPUIO	406	1252
DIALOG	PROCDISKCOLUMNS	992	1252
DIALOG	PROCENV	130	1252
DIALOG	PROCGPU	584	1252
DIALOG	PROCGPUCOLUMNS	520	1252
DIALOG	PROCINFO	1816	1252
DIALOG	PROCIOCOLUMNS	1088	1252
DIALOG	PROCJOB	406	1252
DIALOG	PROCMEMCOLUMNS	1574	1252
DIALOG	PROCNET	344	1252
DIALOG	PROCNETWORKCOLUMNS	1008	1252
DIALOG	PROCPERF	3182	1252
DIALOG	PROCPERFCOLUMNS	1008	1252
DIALOG	PROCPERFETW	2590	1252
DIALOG	PROCPROPSHEET	230	1252
DIALOG	PROCSECURITY	904	1252
DIALOG	PROCSERVICES	544	1252
DIALOG	PROCSTRINGS	410	1252
DIALOG	PROCTCPUDP	200	1252
DIALOG	PROCTCPUDPSTACK	348	1252
DIALOG	PROCTHREADS	1706	1252
DIALOG	PROCWMIPROVIDERS	130	1252
DIALOG	RUNDLG	444	1252
DIALOG	SECURITY	924	1252
DIALOG	SENDMESSAGE	340	1252
DIALOG	SERVICECONTROL	384	1252
DIALOG	STATUSBARCOLUMNS	1302	1252
DIALOG	STATUSBARCOLUMNS95	592	1252
DIALOG	SYMBOLCONFIG	1016	1252
DIALOG	SYMBOLCONFIGWARNING	704	1252
DIALOG	SYMBOLDBGHELPGWARNING	940	1252
DIALOG	SYSINFOPROPSHEET	206	1252
DIALOG	SYSTEMINFOCPU	1160	1252
DIALOG	SYSTEMINFOGPU	1214	1252
DIALOG	SYSTEMINFOGPUNODES	298	1252
DIALOG	SYSTEMINFOIO	898	1252
DIALOG	SYSTEMINFOIOETW	2596	1252
DIALOG	SYSTEMINFOMEM	3940	1252
DIALOG	SYSTEMINFOMEMXP	2350	1252
DIALOG	SYSTEMINFOSUM	522	1252
DIALOG	SYSTEMINFOSUMETW	752	1252
DIALOG	THREADSTACK	384	1252
DIALOG	TSINFO	734	1252
DIALOG	#1543	520	1252
STRING	#1	778	1252
STRING	#2	332	1252
STRING	#3	320	1252
STRING	#65	104	1252
STRING	#66	204	1252
STRING	#67	374	1252
STRING	#68	234	1252
STRING	#69	550	1252
STRING	#70	422	1252
STRING	#74	164	1252
STRING	#75	496	1252
STRING	#76	56	1252
STRING	#83	126	1252
STRING	#84	418	1252
STRING	#101	268	1252
STRING	#102	608	1252
STRING	#103	274	1252
STRING	#104	238	1252
STRING	#105	98	1252
STRING	#2548	92	1252
ACCELERATORS	DLLPROPERTIES	64	1252
ACCELERATORS	PROCEXPLORER	288	1252
ACCELERATORS	PROCPROPERTIES	112	1252
GROUP_CURSOR	HAND	20	1252
GROUP_CURSOR	#10	20	1252
GROUP_CURSOR	#105	20	1252
GROUP_CURSOR	#106	20	1252
GROUP_ICON	#101	90	1252
GROUP_ICON	#110	20	1252
GROUP_ICON	#111	20	1252
GROUP_ICON	#112	20	1252
GROUP_ICON	#113	20	1252
GROUP_ICON	#147	160	1252
GROUP_ICON	#154	132	1252
GROUP_ICON	#203	20	1252
GROUP_ICON	#235	34	1252
VERSION	#1	956	1252
MANIFEST	#1	1904	1252

id	lang	string
3	1033	Process
4	1033	PID
5	1033	Priority
6	1033	Threads
7	1033	Cycle CPU Usage
8	1033	GPU
9	1033	Paged Pool
10	1033	Nonpaged Pool
11	1033	Programs (.exe, .com, .bat, .pif)\|.exe;.com;.bat\|Executables (.exe)\|.exe\|Command Files (.com)\|.com\|Batch Files (.bat)\|.bat\|Pif Files (.pif)\|*.pif\|
12	1033	There is insufficent memory to run the program
13	1033	The file is not a valid executable format
14	1033	Cannot find the specified file
15	1033	Cannot find the specified path
16	1033	Refresh process list
18	1033	Handles
19	1033	User Name
20	1033	Handle
21	1033	Type
22	1033	Name
23	1033	Base
24	1033	Size
25	1033	Version
26	1033	Name
27	1033	Show Unnamed Objects (Ctrl+U)
28	1033	Find (Ctrl+F)
29	1033	View Handles (Ctrl+H)
30	1033	Time
31	1033	Save (Ctrl+S)
32	1033	View DLLs (Ctrl+D)
33	1033	References
34	1033	Parent
35	1033	Window Title
36	1033	Kill Process/Close Handle
37	1033	Properties
38	1033	Description
39	1033	Access
40	1033	Mapping
41	1033	Refresh Now (F5)
42	1033	Description
43	1033	Frame
44	1033	Address
1032	1033	Command Line
1033	1033	Company Name
1037	1033	Share
1039	1033	Service
1042	1033	Description
1044	1033	Display Name
1046	1033	Group
1047	1033	Privilege
1049	1033	Flags
1051	1033	Flags
1052	1033	Handle
1053	1033	Handle or DLL
1054	1033	Show Process Tree
1055	1033	CPU
1056	1033	Session
1057	1033	Variable
1058	1033	Value
1059	1033	Page Faults
1060	1033	Private Bytes
1061	1033	Path
1062	1033	Peak Private Bytes
1063	1033	Working Set
1064	1033	Peak Working Set
1065	1033	Threads
1066	1033	GDI Objects
1067	1033	USER Objects
1068	1033	I/O Reads
1069	1033	I/O Read Bytes
1070	1033	I/O Writes
1071	1033	I/O Write Bytes
1072	1033	I/O Other
1073	1033	I/O Other Bytes
1074	1033	Image Base
1075	1033	Limit
1076	1033	TID
1077	1033	Start Address
1078	1033	Function
1079	1033	User Time
1080	1033	Kernel Time
1086	1033	Start Time
1087	1033	CPU Time
1088	1033	Show Lower Pane (Ctrl+L)
1089	1033	Hide Lower Pane (Ctrl+L)
1090	1033	Show Processes From &All Users
1091	1033	Context Switches
1092	1033	CSwitch Delta
1093	1033	Counter
1094	1033	Methods Jitted
1095	1033	% Time in JIT
1096	1033	AppDomains
1097	1033	Assemblies
1098	1033	Classes Loaded
1099	1033	Total AppDomains
1100	1033	Total Assemblies
1101	1033	Total Classes Loaded
1102	1033	Total Lock Contentions
1103	1033	Heap Bytes
1104	1033	Gen 0 Collections
1105	1033	Gen 1 Collections
1106	1033	Gen 2 Collections
1107	1033	% Time in GC
1108	1033	Allocated Bytes/s
1109	1033	Runtime Checks
1110	1033	Contentions
1111	1033	Path
1112	1033	Find Handle (Ctrl+F)
1113	1033	Find Handle or DLL (Ctrl+F)
1114	1033	Virtual Size
1115	1033	WS Total
1116	1033	WS Private
1118	1033	WS Shared
1179	1033	PF Delta
1180	1033	Desktop Integrity Level
1181	1033	Comment
1182	1033	PROCEXPLORER
1183	1033	Process Explorer
1184	1033	Local Address
1185	1033	Object Address
1186	1033	Remote Address
1187	1033	Verified Signer
1188	1033	State
1189	1033	Protocol
1190	1033	Image Type
1191	1033	CPU History
1192	1033	Private Delta Bytes
1193	1033	Private Bytes History
1194	1033	Share Flags
1195	1033	Cycles
1196	1033	Window Status
1197	1033	Find &Window's Process (drag over window)
1198	1033	System Information (Ctrl+I)
1199	1033	DEP
1200	1033	Cycles Delta
1317	1033	WS Shareable
1326	1033	I/O Delta Reads
1327	1033	I/O Delta Read Bytes
1328	1033	I/O Delta Writes
1329	1033	I/O Delta Write Bytes
1330	1033	I/O History
1332	1033	I/O Delta Other Bytes
1333	1033	I/O Delta Total Bytes
1335	1033	I/O Delta Other
1336	1033	Integrity
1337	1033	Virtualized
1338	1033	ASLR
1339	1033	Memory Priority
1340	1033	I/O Priority
1341	1033	Min Working Set
1342	1033	Max Working Set
1343	1033	Service
1609	1033	Network Receives
1610	1033	Network Delta Receives
1611	1033	Network Sends
1612	1033	Network Delta Sends
1613	1033	Network Other
1614	1033	Network Delta Others
1615	1033	Network History
1616	1033	Network Delta Receive Bytes
1617	1033	Network Receive Bytes
1618	1033	Network Send Bytes
1619	1033	Network Delta Send Bytes
1620	1033	Network Other Bytes
1621	1033	Network Delta Other Bytes
1622	1033	Network Delta Total Bytes
1623	1033	Disk Reads
1624	1033	Disk Delta Reads
1625	1033	Disk Writes
1626	1033	Disk Delta Writes
1627	1033	Disk Other
1628	1033	Disk Delta Others
1629	1033	Disk History
1630	1033	Disk Read Bytes
1631	1033	Disk Delta Read Bytes
1632	1033	Disk Write Bytes
1633	1033	Disk Delta Write Bytes
1634	1033	Disk Other Bytes
1635	1033	Disk Delta Other Bytes
1636	1033	Disk Delta Total Bytes
1637	1033	Tree CPU Usage
1638	1033	Processor
1650	1033	GPU
1651	1033	GPU System Bytes
1652	1033	GPU Dedicated Bytes
1653	1033	GPU Committed Bytes
1654	1033	Package Name
1655	1033	Process Timeline
1656	1033	Autostart Location
1667	1033	DPI Awareness
1670	1033	VirusTotal
1673	1033	Protection
40754	1033	Provider Name
40755	1033	Namespace
40756	1033	DLL Path

module_name	hint	ord	function_name
SHLWAPI.dll	12		ColorHLSToRGB
SHLWAPI.dll	13		ColorRGBToHLS
SHLWAPI.dll		176
SHLWAPI.dll	363		UrlUnescapeW
WS2_32.dll		15
WS2_32.dll		8
WS2_32.dll		9
WS2_32.dll		51
WS2_32.dll		56
WS2_32.dll		115
WS2_32.dll		14
MPR.dll	36		WNetGetConnectionW
COMCTL32.dll		17
COMCTL32.dll	133		PropertySheetW
COMCTL32.dll	12		CreateStatusWindowW
COMCTL32.dll	9		CreatePropertySheetPageW
COMCTL32.dll		410
COMCTL32.dll	14		CreateToolbarEx
COMCTL32.dll		413
COMCTL32.dll	111		ImageList_ReplaceIcon
COMCTL32.dll	77		ImageList_Add
COMCTL32.dll	123		InitCommonControlsEx
COMCTL32.dll	84		ImageList_Destroy
COMCTL32.dll	91		ImageList_DrawEx
COMCTL32.dll	83		ImageList_Create
VERSION.dll	14		VerQueryValueW
VERSION.dll	6		GetFileVersionInfoW
VERSION.dll	5		GetFileVersionInfoSizeW
credui.dll	10		CredUIPromptForCredentialsW
SETUPAPI.dll	342		SetupDiGetClassDevsW
SETUPAPI.dll	366		SetupDiGetDeviceInterfaceDetailW
SETUPAPI.dll	323		SetupDiEnumDeviceInterfaces
SETUPAPI.dll	319		SetupDiDestroyDeviceInfoList
CRYPT32.dll	37		CertDuplicateCertificateContext
CRYPT32.dll	75		CertGetNameStringW
KERNEL32.dll	582		GetProcessAffinityMask
KERNEL32.dll	449		GetCurrentProcessId
KERNEL32.dll	1168		SetThreadAffinityMask
KERNEL32.dll	1126		SetFilePointer
KERNEL32.dll	624		GetSystemDirectoryW
KERNEL32.dll	214		DeleteFileW
KERNEL32.dll	1053		SearchPathW
KERNEL32.dll	901		OpenThread
KERNEL32.dll	646		GetThreadContext
KERNEL32.dll	1210		SuspendThread
KERNEL32.dll	1043		ResumeThread
KERNEL32.dll	1219		Thread32First
KERNEL32.dll	1220		Thread32Next
KERNEL32.dll	1039		ResetEvent
KERNEL32.dll	935		QueryPerformanceCounter
KERNEL32.dll	936		QueryPerformanceFrequency
KERNEL32.dll	759		IsBadReadPtr
KERNEL32.dll	1266		VirtualQueryEx
KERNEL32.dll	703		GlobalMemoryStatus
KERNEL32.dll	1156		SetProcessWorkingSetSize
KERNEL32.dll	1216		TerminateProcess
KERNEL32.dll	588		GetProcessId
KERNEL32.dll	922		PulseEvent
KERNEL32.dll	1149		SetPriorityClass
KERNEL32.dll	399		GetComputerNameW
KERNEL32.dll	1257		VirtualAlloc
KERNEL32.dll	1260		VirtualFree
KERNEL32.dll	596		GetProcessWorkingSetSize
KERNEL32.dll	221		DeviceIoControl
KERNEL32.dll	232		DuplicateHandle
KERNEL32.dll	906		OutputDebugStringW
KERNEL32.dll	467		GetDriveTypeW
KERNEL32.dll	447		GetCurrentDirectoryW
KERNEL32.dll	1297		WideCharToMultiByte
KERNEL32.dll	202		DecodePointer
KERNEL32.dll	945		RaiseException
KERNEL32.dll	739		InitializeCriticalSectionAndSpinCount
KERNEL32.dll	627		GetSystemInfo
KERNEL32.dll	284		ExpandEnvironmentStringsA
KERNEL32.dll	828		LoadLibraryA
KERNEL32.dll	353		FreeEnvironmentStringsW
KERNEL32.dll	474		GetEnvironmentStringsW
KERNEL32.dll	428		GetConsoleMode
KERNEL32.dll	410		GetConsoleCP
KERNEL32.dll	343		FlushFileBuffers
KERNEL32.dll	499		GetFileType
KERNEL32.dll	617		GetStringTypeW
KERNEL32.dll	370		GetCPInfo
KERNEL32.dll	567		GetOEMCP
KERNEL32.dll	360		GetACP
KERNEL32.dll	778		IsValidCodePage
KERNEL32.dll	611		GetStartupInfoW
KERNEL32.dll	1222		TlsFree
KERNEL32.dll	1189		SetUnhandledExceptionFilter
KERNEL32.dll	1235		UnhandledExceptionFilter
KERNEL32.dll	535		GetModuleHandleExW
KERNEL32.dll	281		ExitProcess
KERNEL32.dll	453		GetCurrentThreadId
KERNEL32.dll	772		IsProcessorFeaturePresent
KERNEL32.dll	234		EncodePointer
KERNEL32.dll	1048		RtlUnwind
KERNEL32.dll	768		IsDebuggerPresent
KERNEL32.dll	1357		lstrlenA
KERNEL32.dll	476		GetEnvironmentVariableW
KERNEL32.dll	1349		lstrcmpiW
KERNEL32.dll	1346		lstrcmpW
KERNEL32.dll	963		ReadProcessMemory
KERNEL32.dll	885		OpenEventW
KERNEL32.dll	1139		SetLastError
KERNEL32.dll	761		IsBadStringPtrW
KERNEL32.dll	1213		SystemTimeToFileTime
KERNEL32.dll	633		GetSystemTimeAsFileTime
KERNEL32.dll	631		GetSystemTime
KERNEL32.dll	209		DeleteCriticalSection
KERNEL32.dll	861		Module32NextW
KERNEL32.dll	859		Module32FirstW
KERNEL32.dll	1217		TerminateThread
KERNEL32.dll	709		GlobalUnlock
KERNEL32.dll	702		GlobalLock
KERNEL32.dll	705		GlobalReAlloc
KERNEL32.dll	691		GlobalAlloc
KERNEL32.dll	333		FindResourceExW
KERNEL32.dll	334		FindResourceW
KERNEL32.dll	1201		SizeofResource
KERNEL32.dll	833		LoadResource
KERNEL32.dll	586		GetProcessHeap
KERNEL32.dll	724		HeapSize
KERNEL32.dll	719		HeapFree
KERNEL32.dll	722		HeapReAlloc
KERNEL32.dll	715		HeapAlloc
KERNEL32.dll	718		HeapDestroy
KERNEL32.dll	852		LockResource
KERNEL32.dll	391		GetCommandLineW
KERNEL32.dll	836		LocalAlloc
KERNEL32.dll	350		FormatMessageW
KERNEL32.dll	690		GlobalAddAtomW
KERNEL32.dll	659		GetTickCount
KERNEL32.dll	870		MulDiv
KERNEL32.dll	497		GetFileSizeEx
KERNEL32.dll	480		GetExitCodeThread
KERNEL32.dll	181		CreateThread
KERNEL32.dll	133		CreateEventW
KERNEL32.dll	1271		WaitForMultipleObjects
KERNEL32.dll	1273		WaitForSingleObject
KERNEL32.dll	1113		SetEvent
KERNEL32.dll	238		EnterCriticalSection
KERNEL32.dll	452		GetCurrentThread
KERNEL32.dll	825		LeaveCriticalSection
KERNEL32.dll	325		FindNextFileW
KERNEL32.dll	302		FindClose
KERNEL32.dll	871		MultiByteToWideChar
KERNEL32.dll	536		GetModuleHandleW
KERNEL32.dll	960		ReadFile
KERNEL32.dll	830		LoadLibraryExW
KERNEL32.dll	354		FreeLibrary
KERNEL32.dll	578		GetPrivateProfileStringW
KERNEL32.dll	313		FindFirstFileW
KERNEL32.dll	490		GetFileAttributesW
KERNEL32.dll	920		Process32NextW
KERNEL32.dll	918		Process32FirstW
KERNEL32.dll	190		CreateToolhelp32Snapshot
KERNEL32.dll	563		GetNumberFormatW
KERNEL32.dll	456		GetDateFormatW
KERNEL32.dll	663		GetTimeFormatW
KERNEL32.dll	518		GetLocaleInfoW
KERNEL32.dll	143		CreateFileW
KERNEL32.dll	507		GetFullPathNameW
KERNEL32.dll	687		GetWindowsDirectoryW
KERNEL32.dll	285		ExpandEnvironmentStringsW
KERNEL32.dll	1111		SetEnvironmentVariableW
KERNEL32.dll	168		CreateProcessW
KERNEL32.dll	532		GetModuleFileNameW
KERNEL32.dll	831		LoadLibraryW
KERNEL32.dll	140		CreateFileMappingW
KERNEL32.dll	1224		TlsSetValue
KERNEL32.dll	1221		TlsAlloc
KERNEL32.dll	1358		lstrlenW
KERNEL32.dll	1238		UnmapViewOfFile
KERNEL32.dll	855		MapViewOfFile
KERNEL32.dll	349		FormatMessageA
KERNEL32.dll	293		FileTimeToSystemTime
KERNEL32.dll	292		FileTimeToLocalFileTime
KERNEL32.dll	82		CloseHandle
KERNEL32.dll	498		GetFileTime
KERNEL32.dll	1317		WriteFile
KERNEL32.dll	612		GetStdHandle
KERNEL32.dll	496		GetFileSize
KERNEL32.dll	1202		Sleep
KERNEL32.dll	738		InitializeCriticalSection
KERNEL32.dll	1112		SetErrorMode
KERNEL32.dll	514		GetLastError
KERNEL32.dll	282		ExitThread
KERNEL32.dll	448		GetCurrentProcess
KERNEL32.dll	896		OpenProcess
KERNEL32.dll	840		LocalFree
KERNEL32.dll	674		GetVersion
KERNEL32.dll	581		GetProcAddress
KERNEL32.dll	747		InterlockedDecrement
KERNEL32.dll	751		InterlockedIncrement
KERNEL32.dll	1223		TlsGetValue
KERNEL32.dll	100		CompareStringW
KERNEL32.dll	813		LCMapStringW
KERNEL32.dll	1127		SetFilePointerEx
KERNEL32.dll	1159		SetStdHandle
KERNEL32.dll	1316		WriteConsoleW
KERNEL32.dll	664		GetTimeZoneInformation
KERNEL32.dll	958		ReadConsoleW
KERNEL32.dll	1107		SetEndOfFile
KERNEL32.dll	1110		SetEnvironmentVariableA
USER32.dll	398		GetWindow
USER32.dll	291		GetDesktopWindow
USER32.dll	476		IsWindowEnabled
USER32.dll	483		KillTimer
USER32.dll	540		MsgWaitForMultipleObjects
USER32.dll	294		GetDlgCtrlID
USER32.dll	65		CheckRadioButton
USER32.dll	635		SendMessageTimeoutW
USER32.dll	563		PeekMessageW
USER32.dll	396		GetUserObjectSecurity
USER32.dll	702		SetUserObjectSecurity
USER32.dll	461		IsDialogMessageW
USER32.dll	200		DrawIconEx
USER32.dll	64		CheckMenuRadioItem
USER32.dll	812		WindowFromPoint
USER32.dll	586		RedrawWindow
USER32.dll	758		TrackPopupMenu
USER32.dll	615		RemoveMenu
USER32.dll	106		CreateMenu
USER32.dll	201		DrawMenuBar
USER32.dll	503		LoadMenuW
USER32.dll	762		TranslateAcceleratorW
USER32.dll	485		LoadAcceleratorsW
USER32.dll	298		GetDlgItemTextW
USER32.dll	99		CreateDialogParamW
USER32.dll	475		IsWindow
USER32.dll	567		PostQuitMessage
USER32.dll	245		ExitWindowsEx
USER32.dll	175		DispatchMessageW
USER32.dll	764		TranslateMessage
USER32.dll	349		GetMessageW
USER32.dll	195		DrawEdge
USER32.dll	611		RegisterWindowMessageW
USER32.dll	402		GetWindowDC
USER32.dll	674		SetMenuItemInfoW
USER32.dll	465		IsIconic
USER32.dll	736		ShowWindowAsync
USER32.dll	748		SystemParametersInfoW
USER32.dll	242		EnumWindows
USER32.dll	644		SetClassLongW
USER32.dll	419		GetWindowTextW
USER32.dll	447		InvalidateRgn
USER32.dll	759		TrackPopupMenuEx
USER32.dll	535		ModifyMenuW
USER32.dll	10		AppendMenuW
USER32.dll	337		GetMenuItemCount
USER32.dll	338		GetMenuItemID
USER32.dll	214		EnableMenuItem
USER32.dll	107		CreatePopupMenu
USER32.dll	216		EnableWindow
USER32.dll	462		IsDlgButtonChecked
USER32.dll	62		CheckDlgButton
USER32.dll	411		GetWindowPlacement
USER32.dll	495		LoadImageW
USER32.dll	709		SetWindowPlacement
USER32.dll	590		RegisterClassW
USER32.dll	153		DefMDIChildProcW
USER32.dll	151		DefFrameProcW
USER32.dll	103		CreateIconIndirect
USER32.dll	253		FrameRect
USER32.dll	71		ClientToScreen
USER32.dll	480		IsWindowVisible
USER32.dll	166		DestroyWindow
USER32.dll	274		GetClassNameW
USER32.dll	223		EnumChildWindows
USER32.dll	576		PtInRect
USER32.dll	769		UnionRect
USER32.dll	85		CopyRect
USER32.dll	621		ScreenToClient
USER32.dll	213		EmptyClipboard
USER32.dll	646		SetClipboardData
USER32.dll	73		CloseClipboard
USER32.dll	550		OpenClipboard
USER32.dll	482		IsZoomed
USER32.dll	217		EndDeferWindowPos
USER32.dll	157		DeferWindowPos
USER32.dll	13		BeginDeferWindowPos
USER32.dll	198		DrawFrameControl
USER32.dll	67		ChildWindowFromPoint
USER32.dll	656		SetDlgItemTextW
USER32.dll	172		DialogBoxParamW
USER32.dll	539		MoveWindow
USER32.dll	715		SetWindowTextW
USER32.dll	295		GetDlgItem
USER32.dll	218		EndDialog
USER32.dll	170		DialogBoxIndirectParamW
USER32.dll	373		GetScrollInfo
USER32.dll	688		SetScrollInfo
USER32.dll	356		GetParent
USER32.dll	272		GetClassLongW
USER32.dll	708		SetWindowLongW
USER32.dll	406		GetWindowLongW
USER32.dll	549		OffsetRect
USER32.dll	445		IntersectRect
USER32.dll	437		InflateRect
USER32.dll	246		FillRect
USER32.dll	380		GetSysColorBrush
USER32.dll	379		GetSysColor
USER32.dll	521		MapWindowPoints
USER32.dll	288		GetCursorPos
USER32.dll	412		GetWindowRect
USER32.dll	276		GetClientRect
USER32.dll	363		GetPropW
USER32.dll	636		SendMessageW
USER32.dll	806		WaitForInputIdle
USER32.dll	735		ShowWindow
USER32.dll	658		SetFocus
USER32.dll	331		GetMenu
USER32.dll	63		CheckMenuItem
USER32.dll	378		GetSubMenu
USER32.dll	442		InsertMenuW
USER32.dll	685		SetPropW
USER32.dll	625		ScrollWindowEx
USER32.dll	796		ValidateRect
USER32.dll	446		InvalidateRect
USER32.dll	392		GetUpdateRgn
USER32.dll	391		GetUpdateRect
USER32.dll	220		EndPaint
USER32.dll	14		BeginPaint
USER32.dll	785		UpdateWindow
USER32.dll	208		DrawTextW
USER32.dll	382		GetSystemMetrics
USER32.dll	699		SetTimer
USER32.dll	612		ReleaseCapture
USER32.dll	640		SetCapture
USER32.dll	264		GetCapture
USER32.dll	317		GetKeyState
USER32.dll	158		DeleteMenu
USER32.dll	659		SetForegroundWindow
USER32.dll	533		MessageBoxW
USER32.dll	648		SetCursor
USER32.dll	250		FindWindowW
USER32.dll	249		FindWindowExW
USER32.dll	420		GetWindowThreadProcessId
USER32.dll	491		LoadCursorW
USER32.dll	493		LoadIconW
USER32.dll	163		DestroyIcon
USER32.dll	234		EnumDisplaySettingsW
USER32.dll	300		GetFocus
USER32.dll	710		SetWindowPos
USER32.dll	110		CreateWindowExW
USER32.dll	589		RegisterClassExW
USER32.dll	30		CallWindowProcW
USER32.dll	156		DefWindowProcW
USER32.dll	566		PostMessageW
USER32.dll	506		LoadStringW
USER32.dll	613		ReleaseDC
USER32.dll	289		GetDC
USER32.dll	149		DefDlgProcW
GDI32.dll	550		GetTextMetricsW
GDI32.dll	678		SetTextColor
GDI32.dll	605		RectInRegion
GDI32.dll	629		SelectClipRgn
GDI32.dll	631		SelectObject
GDI32.dll	638		SetBkColor
GDI32.dll	599		Polyline
GDI32.dll	660		SetMapMode
GDI32.dll	688		StartDocW
GDI32.dll	239		EndDoc
GDI32.dll	690		StartPage
GDI32.dll	242		EndPage
GDI32.dll	639		SetBkMode
GDI32.dll	570		MoveToEx
GDI32.dll	671		SetROP2
GDI32.dll	624		SaveDC
GDI32.dll	617		RestoreDC
GDI32.dll	607		Rectangle
GDI32.dll	566		LineTo
GDI32.dll	312		ExtTextOutW
GDI32.dll	676		SetTextAlign
GDI32.dll	542		GetTextExtentPoint32W
GDI32.dll	53		CreateDIBSection
GDI32.dll	509		GetObjectW
GDI32.dll	230		DeleteObject
GDI32.dll	19		BitBlt
GDI32.dll	47		CreateCompatibleBitmap
GDI32.dll	48		CreateCompatibleDC
GDI32.dll	75		CreatePen
GDI32.dll	79		CreateRectRgn
GDI32.dll	80		CreateRectRgnIndirect
GDI32.dll	84		CreateSolidBrush
GDI32.dll	227		DeleteDC
GDI32.dll	425		GetBkColor
GDI32.dll	426		GetBkMode
GDI32.dll	459		GetDeviceCaps
GDI32.dll	525		GetStockObject
GDI32.dll	64		CreateFontIndirectW
COMDLG32.dll	21		PrintDlgW
COMDLG32.dll	1		ChooseColorW
COMDLG32.dll	14		GetSaveFileNameW
COMDLG32.dll	12		GetOpenFileNameW
COMDLG32.dll	8		FindTextW
COMDLG32.dll	3		ChooseFontW
ADVAPI32.dll	609		RegOpenKeyExW
ADVAPI32.dll	608		RegOpenKeyExA
ADVAPI32.dll	621		RegQueryValueExA
ADVAPI32.dll	405		LookupPrivilegeNameW
ADVAPI32.dll	685		SetKernelObjectSecurity
ADVAPI32.dll	389		IsValidSecurityDescriptor
ADVAPI32.dll	309		GetKernelObjectSecurity
ADVAPI32.dll	124		CreateProcessAsUserW
ADVAPI32.dll	564		RegConnectRegistryW
ADVAPI32.dll	283		FlushTraceW
ADVAPI32.dll	108		ConvertSidToStringSidW
ADVAPI32.dll	420		LsaEnumerateAccountRights
ADVAPI32.dll	560		RegCloseKey
ADVAPI32.dll	445		LsaOpenPolicy
ADVAPI32.dll	413		LsaClose
ADVAPI32.dll	427		LsaFreeMemory
ADVAPI32.dll	699		SetSecurityInfo
ADVAPI32.dll	334		GetSecurityInfo
ADVAPI32.dll	16		AddAccessAllowedAce
ADVAPI32.dll	291		GetAce
ADVAPI32.dll	22		AddAce
ADVAPI32.dll	374		InitializeAcl
ADVAPI32.dll	344		GetSidSubAuthorityCount
ADVAPI32.dll	343		GetSidSubAuthority
ADVAPI32.dll	341		GetSidIdentifierAuthority
ADVAPI32.dll	390		IsValidSid
ADVAPI32.dll	706		SetTokenInformation
ADVAPI32.dll	548		QueryServiceConfigW
ADVAPI32.dll	118		CopySid
ADVAPI32.dll	656		RevertToSelf
ADVAPI32.dll	503		OpenProcessToken
ADVAPI32.dll	346		GetTokenInformation
ADVAPI32.dll	31		AdjustTokenPrivileges
ADVAPI32.dll	263		EqualSid
ADVAPI32.dll	32		AllocateAndInitializeSid
ADVAPI32.dll	310		GetLengthSid
ADVAPI32.dll	89		CloseTrace
ADVAPI32.dll	540		ProcessTrace
ADVAPI32.dll	511		OpenTraceW
ADVAPI32.dll	96		ControlTraceW
ADVAPI32.dll	715		StartTraceW
ADVAPI32.dll	703		SetServiceObjectSecurity
ADVAPI32.dll	551		QueryServiceObjectSecurity
ADVAPI32.dll	483		MapGenericMask
ADVAPI32.dll	572		RegCreateKeyW
ADVAPI32.dll	584		RegDeleteValueW
ADVAPI32.dll	288		FreeSid
ADVAPI32.dll	401		LookupAccountSidW
ADVAPI32.dll	399		LookupAccountNameW
ADVAPI32.dll	407		LookupPrivilegeValueW
ADVAPI32.dll	371		ImpersonateLoggedOnUser
ADVAPI32.dll	223		DuplicateTokenEx
ADVAPI32.dll	569		RegCreateKeyExW
ADVAPI32.dll	580		RegDeleteKeyW
ADVAPI32.dll	592		RegEnumKeyW
ADVAPI32.dll	594		RegEnumValueW
ADVAPI32.dll	602		RegLoadKeyW
ADVAPI32.dll	612		RegOpenKeyW
ADVAPI32.dll	616		RegQueryInfoKeyW
ADVAPI32.dll	622		RegQueryValueExW
ADVAPI32.dll	638		RegSetValueExW
ADVAPI32.dll	641		RegUnLoadKeyW
ADVAPI32.dll	623		RegQueryValueW
ADVAPI32.dll	177		CryptAcquireContextW
ADVAPI32.dll	203		CryptReleaseContext
ADVAPI32.dll	196		CryptGetHashParam
ADVAPI32.dll	179		CryptCreateHash
ADVAPI32.dll	200		CryptHashData
ADVAPI32.dll	182		CryptDestroyHash
ADVAPI32.dll	87		CloseServiceHandle
ADVAPI32.dll	505		OpenSCManagerW
ADVAPI32.dll	507		OpenServiceW
ADVAPI32.dll	92		ControlService
ADVAPI32.dll	552		QueryServiceStatus
ADVAPI32.dll	713		StartServiceW
SHELL32.dll	215		SHGetPathFromIDListW
SHELL32.dll	223		SHGetSpecialFolderLocation
SHELL32.dll	123		SHBrowseForFolderW
SHELL32.dll	207		SHGetMalloc
SHELL32.dll	302		Shell_NotifyIconW
SHELL32.dll	289		ShellExecuteExW
SHELL32.dll	189		SHGetFileInfoW
SHELL32.dll	290		ShellExecuteW
ole32.dll	73		CoMarshalInterThreadInterfaceInStream
ole32.dll	99		CoSetProxyBlanket
ole32.dll	49		CoGetInterfaceAndReleaseStream
ole32.dll	108		CoUninitialize
ole32.dll	62		CoInitialize
ole32.dll	104		CoTaskMemFree
ole32.dll	16		CoCreateInstance
OLEAUT32.dll		20
OLEAUT32.dll		4
OLEAUT32.dll		25
OLEAUT32.dll		24
OLEAUT32.dll		23
OLEAUT32.dll		2
OLEAUT32.dll		6
OLEAUT32.dll		7
OLEAUT32.dll		150
OLEAUT32.dll		8
OLEAUT32.dll		9
OLEAUT32.dll		12
OLEAUT32.dll		16
OLEAUT32.dll		19
WINHTTP.dll	18		WinHttpQueryDataAvailable
WINHTTP.dll	31		WinHttpWriteData
WINHTTP.dll	16		WinHttpOpenRequest
WINHTTP.dll	8		WinHttpConnect
WINHTTP.dll	7		WinHttpCloseHandle
WINHTTP.dll	15		WinHttpOpen
WINHTTP.dll	23		WinHttpSendRequest
WINHTTP.dll	22		WinHttpReceiveResponse
WINHTTP.dll	19		WinHttpQueryHeaders
WINHTTP.dll	21		WinHttpReadData
PSAPI.DLL	16		GetModuleFileNameExW

StringTable 040904e4

CompanyName	Sysinternals - www.sysinternals.com
FileDescription	Sysinternals Process Explorer
FileVersion	16.05
InternalName	Process Explorer
LegalCopyright	Copyright © 1998-2014 Mark Russinovich
LegalTrademarks	Copyright (C) 1998-2014 Mark Russinovich
OriginalFilename	Procexp.exe
ProductName	Process Explorer
ProductVersion	16.05

VS_FIXEDFILEINFO

FileVersion	16.5.0.0
ProductVersion	16.5.0.0
StrucVersion	0x10000
FileFlagsMask	0x3f
FileFlags	8
FileOS	4
FileType	1
FileSubtype	0

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA

serial: 33000000CA6CD5321235C4E1550001000000CA

Certificates (4)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time-Stamp PCA
        Validity
            Not Before: Mar 20 17:32:03 2015 GMT
            Not After : Jun 20 17:32:03 2016 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, OU=nCipher DSE ESN:B8EC-30A4-7144, CN=Microsoft Time-Stamp Service
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ea:91:bd:b2:88:fd:14:6f:21:36:28:03:66:33:
                    3a:66:08:fb:5b:4b:a4:ab:a0:28:34:4a:43:32:08:
                    c0:86:e5:c9:3d:d5:25:bc:7b:3e:62:87:d6:7d:ef:
                    0f:74:53:a3:f1:91:63:88:74:7f:e8:24:cd:03:50:
                    c5:f1:ca:00:16:7b:a5:39:b0:06:1c:3c:44:7e:f9:
                    eb:c4:b2:81:bc:17:23:ba:fd:65:38:19:85:7f:ca:
                    a0:29:fd:f6:3a:c0:0b:2f:68:f4:e0:34:4e:7d:6f:
                    17:c0:6e:99:aa:fa:7f:61:25:d1:26:70:d2:74:7d:
                    df:61:73:5c:ce:54:2a:39:51:03:33:09:f8:50:ad:
                    78:c7:89:08:b6:d4:85:2a:3f:d7:d8:1f:51:ea:ef:
                    fc:68:5e:b5:c1:e7:07:68:32:8d:2f:72:51:fe:03:
                    31:47:51:c5:d2:eb:72:07:af:20:95:f8:da:6a:f8:
                    77:67:e4:60:9a:70:4c:ab:45:cb:7e:08:af:e5:81:
                    d4:57:cf:3a:cc:13:75:9d:26:cd:a0:a2:69:50:bc:
                    3a:88:94:df:b0:54:38:de:89:39:cd:86:32:a5:90:
                    0f:7e:bf:ed:cc:94:25:a6:41:86:61:26:c7:dd:37:
                    7e:5c:0d:e8:17:ca:37:7f:e8:24:b6:4e:b4:f8:1b:
                    23:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                F8:FD:23:87:05:94:80:56:CD:33:A5:41:C2:6C:CC:08:36:C8:B2:A2
            X509v3 Authority Key Identifier: 
                23:34:F8:D9:52:46:70:0A:ED:40:FB:76:FB:B3:2B:B0:C3:35:B3:0F
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl
            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt
            X509v3 Extended Key Usage: 
                Time Stamping
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        2d:04:b4:ca:29:0b:59:fc:2e:ea:a0:af:4c:4e:68:04:f8:92:
        ed:29:c2:66:cc:6b:70:c9:87:e8:be:87:fc:5d:f4:dd:4f:a5:
        1a:6f:78:97:ad:6b:05:38:51:41:72:9d:39:e4:1a:1b:c3:6d:
        71:fc:70:b6:d3:cc:b6:90:58:04:28:3f:d6:1e:ef:83:b3:14:
        18:0c:95:0b:f7:a5:11:13:98:c6:85:56:5e:ee:33:b4:0c:37:
        b5:80:ea:f5:12:68:d9:2e:7b:86:08:72:3b:14:7b:d4:d9:d0:
        16:4f:c0:2f:0b:1f:2d:ca:e5:1b:d0:ae:e9:84:b0:8f:0b:5d:
        73:b8:16:81:40:23:58:2c:ea:61:aa:fe:bd:7f:d3:8d:5a:70:
        fc:79:cd:66:96:65:63:b5:05:12:76:e2:2a:3b:2b:ed:82:ac:
        9a:ec:27:41:a7:97:0e:23:16:9f:41:c8:4e:6d:53:11:40:04:
        cc:60:99:da:98:ec:2b:ae:97:fb:e0:7d:f5:ba:8b:00:f4:25:
        17:7f:62:7a:bb:51:57:c1:f0:f0:cd:9c:1b:61:73:ad:95:8c:
        2b:76:22:a8:ab:70:38:b4:01:28:7d:66:42:53:de:9f:f4:07:
        7c:5a:30:0e:82:03:59:f6:84:86:b9:15:25:62:b0:0b:d2:cf:
        f1:db:96:45

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA
        Validity
            Not Before: Apr 22 17:39:00 2014 GMT
            Not After : Jul 22 17:39:00 2015 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Corporation
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:96:71:5d:ed:06:46:fa:84:cb:9d:5b:b7:46:c7:
                    b0:e1:b4:11:39:03:ad:b1:15:73:60:9c:eb:a7:b6:
                    6e:1a:3c:3f:ff:65:e3:34:f1:a6:a5:21:5e:56:99:
                    6c:58:e4:92:a1:0a:5c:c2:d3:dc:52:2f:0c:65:9a:
                    20:61:40:53:31:9c:6c:8f:21:7d:ba:f9:fe:13:50:
                    52:60:95:3a:5b:b9:58:a5:74:61:41:a9:94:e0:ad:
                    26:4e:4c:a1:97:70:49:27:5e:7c:67:ca:4f:1e:71:
                    84:46:bc:1d:4b:b6:e2:0f:c5:c6:27:c9:07:e6:7a:
                    0a:a5:17:00:19:4c:70:45:38:2d:81:b4:50:aa:c5:
                    67:d1:fa:79:bc:c5:cc:a1:72:9b:f4:25:34:98:f8:
                    54:df:12:39:38:12:2f:a4:6b:a5:9a:7e:c7:62:d1:
                    dc:cf:ed:3d:34:f8:b9:df:35:30:ba:ec:79:32:a9:
                    e1:a9:ac:55:4d:4c:7f:4c:56:c3:13:0b:76:f1:07:
                    f9:cc:47:ac:fb:88:d5:52:a5:1e:28:fa:3d:2d:cf:
                    cf:84:98:86:71:65:11:cf:85:c9:09:44:86:e1:6f:
                    e7:b1:fc:ac:40:44:a5:a9:8b:23:3f:82:49:9d:d5:
                    96:59:50:13:59:18:73:ff:43:0c:ad:2b:d4:7f:30:
                    40:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                Code Signing
            X509v3 Subject Key Identifier: 
                1F:5E:E2:5D:50:8D:56:86:BE:4A:3C:CF:04:E8:A7:87:B5:CB:BF:83
            X509v3 Subject Alternative Name: 
                DirName:/OU=MOPR/serialNumber=31595\+b4218f13-6fca-490f-9c47-3fc557dfc440
            X509v3 Authority Key Identifier: 
                CB:11:E8:CA:D2:B4:16:58:01:C9:37:2E:33:16:16:B9:4C:9A:0A:1F
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl
            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        77:5c:eb:d7:91:3d:cd:bd:7b:83:d9:85:a9:b0:43:9d:73:7c:
        17:c9:0f:ed:36:db:c7:b5:2c:1b:5e:fb:54:05:3a:83:71:40:
        81:09:a2:b7:71:26:5e:d6:7d:b6:6c:3b:c9:aa:5f:5d:03:18:
        2a:1d:27:7e:07:e9:c5:65:1f:b5:cf:0d:b7:54:c7:28:38:5a:
        88:e7:7b:c1:19:b6:56:32:ba:e2:cc:cb:93:db:af:6e:0f:5d:
        44:f5:d4:b0:ef:1b:d5:4e:c1:af:0e:ef:20:9b:f2:e1:fe:27:
        5d:e8:c5:ff:61:f6:19:d2:28:0a:22:9d:df:cd:70:82:9e:18:
        72:d8:23:cc:7a:2c:43:ee:ff:ea:c0:e0:e6:1d:aa:9e:97:33:
        00:52:6f:07:b8:d3:88:6c:de:a4:06:35:a7:c2:53:86:65:11:
        77:09:8f:35:59:b9:d8:86:a8:00:fe:f8:31:7d:2c:f4:8c:05:
        9d:c0:c1:d5:77:72:6c:e9:4d:59:26:83:f1:c2:b2:88:57:93:
        35:00:7c:50:2b:bc:59:fc:fe:1c:29:38:82:d3:de:52:97:45:
        29:18:4e:96:5b:9d:ba:5f:1b:a3:f1:27:50:ea:07:95:e8:6d:
        34:0d:38:57:dc:37:28:35:95:3a:38:9c:d4:ed:6a:85:5d:0e:
        22:11:5e:7b

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:33:26:1a:00:00:00:00:00:31
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
        Validity
            Not Before: Aug 31 22:19:32 2010 GMT
            Not After : Aug 31 22:29:32 2020 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b2:72:59:5c:19:30:64:bf:1d:9a:60:20:20:42:
                    99:76:53:6c:3e:1b:d6:6f:cc:cb:f1:ea:6b:fe:97:
                    16:10:e0:df:3a:74:83:1a:b7:2f:a0:32:ec:ff:de:
                    c2:42:4e:23:d5:72:00:db:35:57:0a:89:ca:ae:20:
                    49:f4:f0:68:ac:4d:4b:8d:a5:bd:79:4b:71:9b:47:
                    07:da:fd:25:df:9d:75:88:cf:aa:73:44:7f:d7:81:
                    db:f3:bd:f2:36:a4:c9:5c:45:dc:af:ad:3d:e0:28:
                    68:97:1a:a7:a5:72:73:56:f1:17:94:e4:fd:35:94:
                    72:a0:d6:76:5f:1e:77:45:83:85:38:16:d0:73:5b:
                    05:ba:67:52:8d:a5:b2:69:2f:da:19:0b:fe:92:74:
                    29:e2:76:2f:54:dd:14:30:59:f8:d2:8d:62:fd:cb:
                    c9:5f:46:31:50:b9:27:13:e4:40:30:cf:72:29:10:
                    28:22:c7:37:4e:3d:a0:32:3d:90:cd:a1:38:06:85:
                    5c:4e:56:82:28:2a:05:32:b7:4b:d7:4f:63:e7:d2:
                    2d:62:f1:45:3d:e7:ac:08:00:f6:46:a1:9e:d1:5b:
                    8c:26:53:e8:7a:aa:4a:f2:46:cf:37:3c:38:9e:b4:
                    77:5c:a5:17:9e:8d:cb:11:8f:56:3c:c1:ac:09:5f:
                    03:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                CB:11:E8:CA:D2:B4:16:58:01:C9:37:2E:33:16:16:B9:4C:9A:0A:1F
            X509v3 Key Usage: 
                Digital Signature, Certificate Sign, CRL Sign
            1.3.6.1.4.1.311.21.1: 
                .....
            1.3.6.1.4.1.311.21.2: 
                ....1N.&....`;.1o.<..-
            1.3.6.1.4.1.311.20.2: 
                .
.S.u.b.C.A
            X509v3 Authority Key Identifier: 
                0E:AC:82:60:40:56:27:97:E5:25:13:FC:2A:E1:0A:53:95:59:E4:A4
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        59:39:3e:7f:26:46:af:eb:6f:40:b1:32:b5:6a:eb:0e:2f:6e:
        a8:49:f7:eb:5f:75:ed:4c:3b:2d:d7:43:ad:0b:fe:cb:e9:2d:
        31:a3:23:cc:7c:50:98:80:21:5d:ac:3d:2f:4c:ba:a2:a8:56:
        9c:e3:70:bb:b8:b4:f8:79:b5:49:72:f7:3e:ea:41:7f:ca:e1:
        0c:17:69:cb:a5:9c:20:2d:fa:0b:50:c4:56:cd:2d:e3:4a:d2:
        bc:70:e7:a8:0d:a2:03:a5:56:e0:b8:8a:4b:57:f2:95:42:9c:
        f1:f3:ef:ee:e3:86:1f:34:3c:b8:56:9a:f0:53:23:85:2a:a4:
        82:1c:93:e2:94:07:1d:f2:e2:4e:f8:8c:a1:ca:e8:13:a5:91:
        4e:c8:1b:d2:8f:72:95:2a:71:6d:9b:1a:f8:1c:f0:53:d6:67:
        cc:22:ff:5c:1d:cd:a2:8c:bd:27:b2:79:63:56:44:a2:51:cd:
        f9:e9:a3:58:56:dd:9b:02:45:44:2f:5f:f4:da:ae:d4:82:32:
        6e:fc:a4:95:13:e4:eb:69:e7:a9:a2:2c:be:c8:2b:10:0e:65:
        8e:99:db:f5:a2:fa:12:26:09:65:38:94:f1:7a:1f:4a:bb:d1:
        e1:56:e8:d0:78:96:18:5c:c9:35:16:5f:dd:93:1d:49:8e:2d:
        be:ad:34:44:1c:ee:10:15:1a:00:5d:dd:35:5b:21:ce:98:c7:
        09:ee:85:0e:8c:4f:6d:0e:13:4e:3d:7c:29:48:9c:72:d1:f3:
        6c:ca:c1:ec:70:a3:57:92:57:7d:94:8d:a0:1b:48:03:5a:f7:
        cf:a3:67:0a:74:a5:36:ed:2d:2f:17:c8:e6:72:37:12:f4:6f:
        b1:3c:67:82:f9:52:b2:8d:33:16:65:1e:0e:8a:dd:10:de:64:
        f4:6f:ce:46:d4:d3:17:e9:79:c4:04:b4:d3:fb:2c:df:1f:8a:
        9e:ac:0a:fb:13:27:40:ad:e4:f9:e1:a9:7f:46:bb:07:60:47:
        65:60:40:4e:b0:42:ec:4e:ed:b3:76:79:d8:0a:34:09:6d:1c:
        80:31:1f:e2:0e:54:dd:e5:a1:fb:e5:47:10:ad:64:98:ff:50:
        16:2e:7c:bf:05:21:7a:e2:95:41:27:69:c3:93:8f:95:c9:8d:
        d8:9b:21:ae:0d:5c:9c:f0:a2:ae:86:68:83:0c:6a:2d:bb:76:
        6b:00:1d:96:ad:f2:16:7b:f6:16:83:24:b9:88:cf:6a:a8:47:
        31:2f:9a:dc:e3:71:3d:d7:00:7e:62:47:d1:ce:88:c9:b8:18:
        fa:0e:72:8d:c1:a3:3d:af:02:40:6a:ff:69:9b:96:e2:10:a8:
        10:b4:37:50:08:d6:c3:3d

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:16:68:34:00:00:00:00:00:1c
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
        Validity
            Not Before: Apr  3 12:53:09 2007 GMT
            Not After : Apr  3 13:03:09 2021 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time-Stamp PCA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:9f:a1:6c:b1:df:db:48:92:2a:7c:6b:2e:19:e1:
                    bd:e2:e3:c5:99:51:23:50:ad:ce:dd:18:4e:24:0f:
                    ee:d1:a7:d1:4c:ad:74:30:20:11:eb:07:d5:54:95:
                    15:49:94:1b:42:92:ae:98:5c:30:26:da:00:6b:e8:
                    7b:bd:ec:89:07:0f:f7:0e:04:98:f0:89:cc:1f:cb:
                    33:24:87:9d:f2:f4:67:1c:2c:fc:7b:e7:88:1d:ea:
                    e7:4e:a3:a1:c1:23:53:ca:8d:fa:45:cf:09:d0:5e:
                    af:d0:b0:42:04:a2:f9:a6:6c:93:67:d7:28:dc:46:
                    53:b0:86:d0:e5:28:46:2e:27:ac:86:4f:55:52:0c:
                    e4:03:2c:fb:6a:90:90:30:6e:87:f3:59:30:9d:fa:
                    7e:d6:97:b3:e8:21:97:7e:f8:d2:13:f3:08:b7:53:
                    6d:52:b4:45:90:9f:48:00:4a:47:66:11:27:29:66:
                    a8:97:e4:d3:06:81:4a:a2:f9:84:a7:11:47:14:09:
                    82:9f:84:ed:55:78:fe:01:9a:1d:50:08:85:00:10:
                    30:46:ed:b7:de:23:46:bb:c4:2d:54:9f:af:1e:78:
                    41:31:77:cc:9b:df:3b:83:93:a1:61:02:b5:1d:0d:
                    b1:fc:f7:9b:b2:01:ce:22:4b:54:ff:f9:05:c3:c2:
                    20:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                23:34:F8:D9:52:46:70:0A:ED:40:FB:76:FB:B3:2B:B0:C3:35:B3:0F
            X509v3 Key Usage: 
                Digital Signature, Certificate Sign, CRL Sign
            1.3.6.1.4.1.311.21.1: 
                ...
            X509v3 Authority Key Identifier: 
                keyid:0E:AC:82:60:40:56:27:97:E5:25:13:FC:2A:E1:0A:53:95:59:E4:A4
                DirName:/DC=com/DC=microsoft/CN=Microsoft Root Certificate Authority
                serial:79:AD:16:A1:4A:A0:A5:AD:4C:73:58:F4:07:13:2E:65
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt
            X509v3 Extended Key Usage: 
                Time Stamping
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        10:97:8a:c3:5c:03:44:36:dd:e9:b4:ad:77:db:ce:79:51:4d:
        01:b1:2e:74:71:5b:6d:0c:13:ab:ce:be:7b:8f:b8:2e:d4:12:
        a2:8c:6d:62:b8:57:02:cb:4e:20:13:50:99:dd:7a:40:e2:57:
        bb:af:58:9a:1c:e1:1d:01:86:ac:bb:78:f2:8b:d0:ec:3b:01:
        ee:e2:be:8f:0a:05:c8:8d:48:e2:f0:53:15:dd:4f:ab:92:e4:
        e7:8d:6a:d5:80:c1:e6:94:f2:06:2f:85:03:e9:91:2a:24:22:
        70:fb:f6:fc:e4:78:99:2e:0d:f7:07:e2:70:bc:18:4e:9d:8e:
        6b:0a:72:95:b8:a1:39:9c:67:2d:c5:51:0e:ea:62:5c:3f:16:
        98:8b:20:3f:e2:07:1a:32:f9:cc:31:4a:76:31:3d:2b:72:0b:
        c8:ea:70:3d:ff:85:0a:13:df:c2:0a:61:8e:f0:d7:b8:17:eb:
        4e:8b:7f:c5:35:2b:5e:a3:bf:eb:bc:7d:0b:42:7b:d4:53:72:
        21:ee:30:ca:bb:78:65:5c:5b:01:17:0a:14:0e:d2:da:14:98:
        f5:3c:b9:66:58:b3:2d:2f:e7:f9:85:86:cc:51:56:e8:9d:70:
        94:6c:ac:39:4c:d4:f6:79:bf:aa:18:7a:62:29:ef:a2:9b:29:
        34:06:77:1a:62:c9:3d:1e:6d:1f:82:f0:0b:c7:2c:bb:cf:43:
        b3:e5:f9:ec:7d:b5:e3:a4:a8:74:35:b8:4e:c5:71:23:12:26:
        76:0b:3c:52:8c:71:5a:46:43:14:bc:b3:b3:b0:4d:67:c8:9f:
        42:ff:80:79:21:80:9e:15:30:66:e8:42:12:5e:1a:c8:9e:22:
        21:d0:43:e9:2b:e9:bb:f4:48:cc:2c:d4:d8:32:80:4c:26:2a:
        48:24:5f:5a:ea:56:ef:a6:de:99:9d:ca:3a:6f:bd:81:27:74:
        06:11:ee:76:21:bf:9b:82:c1:27:54:b6:b1:6a:3d:89:a1:76:
        61:b4:6e:a1:13:a6:bf:aa:47:f0:12:6f:fd:8a:32:6c:b2:fe:
        df:51:c8:8c:23:c9:66:bd:9d:1d:87:12:64:02:3d:2d:af:59:
        8f:b8:e4:21:e5:b5:b0:ca:63:b4:78:54:05:d4:41:2e:50:ac:
        94:b0:a5:78:ab:b3:a0:96:75:1a:d9:92:87:13:75:22:2f:32:
        a8:08:6e:a0:5b:8c:25:bf:a0:ef:84:ca:21:d6:eb:1e:4f:c9:
        9a:ee:49:e0:f7:01:65:6f:89:0b:7d:c8:69:c8:e6:6e:ea:a7:
        97:ce:31:29:ff:0e:c5:5b:5c:d8:4d:1b:a1:d8:fa:2f:9e:3f:
        2e:55:16:6b:c9:13:a3:fd

pkcs7-signedData

SHA1: nil

1.3.6.1.4.1.311.2.1.4

1.3.6.1.4.1.311.2.1.15
- :

SHA1

8c 7b 66 75 0a e8 2c 6d 88 43 cb 88 a6 b4 44 f4 |.{fu..,m.C....D.| 88 7c db d9 |.|.. |

unnamed

Certificate #0
- 2
  - 33:00:00:00:71:B3:2E:8A:6B:82:AA:1F:4E:00:00:00:
    00:00:71
  - RSA-SHA1: nil
  - Issuer
    - C: US
    - ST: Washington
    - L: Redmond
    - O: Microsoft Corporation
    - CN: Microsoft Time-Stamp PCA
  - 2015-03-20 17:32:03 UTC: 2016-06-20 17:32:03 UTC
  - Subject
    - C: US
    - ST: Washington
    - L: Redmond
    - O: Microsoft Corporation
    - OU: MOPR
    - OU: nCipher DSE ESN:B8EC-30A4-7144
    - CN: Microsoft Time-Stamp Service
  - #5
    - rsaEncryption: nil
    - EA:91:BD:B2:88:FD:14:6F:21:36:28:03:66:33:3A:66:
      08:FB:5B:4B:A4:AB:A0:28:34:4A:43:32:08:C0:86:E5:
      C9:3D:D5:25:BC:7B:3E:62:87:D6:7D:EF:0F:74:53:A3:
      F1:91:63:88:74:7F:E8:24:CD:03:50:C5:F1:CA:00:16:
      7B:A5:39:B0:06:1C:3C:44:7E:F9:EB:C4:B2:81:BC:17:
      23:BA:FD:65:38:19:85:7F:CA:A0:29:FD:F6:3A:C0:0B:
      2F:68:F4:E0:34:4E:7D:6F:17:C0:6E:99:AA:FA:7F:61:
      25:D1:26:70:D2:74:7D:DF:61:73:5C:CE:54:2A:39:51:
      03:33:09:F8:50:AD:78:C7:89:08:B6:D4:85:2A:3F:D7:
      D8:1F:51:EA:EF:FC:68:5E:B5:C1:E7:07:68:32:8D:2F:
      72:51:FE:03:31:47:51:C5:D2:EB:72:07:AF:20:95:F8:
      DA:6A:F8:77:67:E4:60:9A:70:4C:AB:45:CB:7E:08:AF:
      E5:81:D4:57:CF:3A:CC:13:75:9D:26:CD:A0:A2:69:50:
      BC:3A:88:94:DF:B0:54:38:DE:89:39:CD:86:32:A5:90:
      0F:7E:BF:ED:CC:94:25:A6:41:86:61:26:C7:DD:37:7E:
      5C:0D:E8:17:CA:37:7F:E8:24:B6:4E:B4:F8:1B:23:EB: 0x010001
  - #6
    - subjectKeyIdentifier:
```
f8 fd 23 87 05 94 80 56  cd 33 a5 41 c2 6c cc 08  |..#....V.3.A.l..|
36 c8 b2 a2                                       |6...            |
```
    - authorityKeyIdentifier:
```
23 34 f8 d9 52 46 70 0a  ed 40 fb 76 fb b3 2b b0  |#4..RFp..@.v..+.|
c3 35 b3 0f                                       |.5..            |
```
    - crlDistributionPoints: http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl
    - authorityInfoAccess
      - caIssuers: http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt
    - extendedKeyUsage: timeStamping
- RSA-SHA1:
```
2d 04 b4 ca 29 0b 59 fc  2e ea a0 af 4c 4e 68 04  |-...).Y.....LNh.|
f8 92 ed 29 c2 66 cc 6b  70 c9 87 e8 be 87 fc 5d  |...).f.kp......]|
f4 dd 4f a5 1a 6f 78 97  ad 6b 05 38 51 41 72 9d  |..O..ox..k.8QAr.|
39 e4 1a 1b c3 6d 71 fc  70 b6 d3 cc b6 90 58 04  |9....mq.p.....X.|
28 3f d6 1e ef 83 b3 14  18 0c 95 0b f7 a5 11 13  |(?..............|
98 c6 85 56 5e ee 33 b4  0c 37 b5 80 ea f5 12 68  |...V^.3..7.....h|
d9 2e 7b 86 08 72 3b 14  7b d4 d9 d0 16 4f c0 2f  |..{..r;.{....O./|
0b 1f 2d ca e5 1b d0 ae  e9 84 b0 8f 0b 5d 73 b8  |..-..........]s.|
16 81 40 23 58 2c ea 61  aa fe bd 7f d3 8d 5a 70  |..@#X,.a......Zp|
fc 79 cd 66 96 65 63 b5  05 12 76 e2 2a 3b 2b ed  |.y.f.ec...v.*;+.|
82 ac 9a ec 27 41 a7 97  0e 23 16 9f 41 c8 4e 6d  |....'A...#..A.Nm|
53 11 40 04 cc 60 99 da  98 ec 2b ae 97 fb e0 7d  |S.@..`....+....}|
f5 ba 8b 00 f4 25 17 7f  62 7a bb 51 57 c1 f0 f0  |.....%..bz.QW...|
cd 9c 1b 61 73 ad 95 8c  2b 76 22 a8 ab 70 38 b4  |...as...+v"..p8.|
01 28 7d 66 42 53 de 9f  f4 07 7c 5a 30 0e 82 03  |.(}fBS....|Z0...|
59 f6 84 86 b9 15 25 62  b0 0b d2 cf f1 db 96 45  |Y.....%b.......E|
```
Certificate #1
- 2
  - 33:00:00:00:CA:6C:D5:32:12:35:C4:E1:55:00:01:00:
    00:00:CA
  - RSA-SHA1: nil
  - Issuer
    - C: US
    - ST: Washington
    - L: Redmond
    - O: Microsoft Corporation
    - CN: Microsoft Code Signing PCA
  - 2014-04-22 17:39:00 UTC: 2015-07-22 17:39:00 UTC
  - Subject
    - C: US
    - ST: Washington
    - L: Redmond
    - O: Microsoft Corporation
    - OU: MOPR
    - CN: Microsoft Corporation
  - #5
    - rsaEncryption: nil
    - 96:71:5D:ED:06:46:FA:84:CB:9D:5B:B7:46:C7:B0:E1:
      B4:11:39:03:AD:B1:15:73:60:9C:EB:A7:B6:6E:1A:3C:
      3F:FF:65:E3:34:F1:A6:A5:21:5E:56:99:6C:58:E4:92:
      A1:0A:5C:C2:D3:DC:52:2F:0C:65:9A:20:61:40:53:31:
      9C:6C:8F:21:7D:BA:F9:FE:13:50:52:60:95:3A:5B:B9:
      58:A5:74:61:41:A9:94:E0:AD:26:4E:4C:A1:97:70:49:
      27:5E:7C:67:CA:4F:1E:71:84:46:BC:1D:4B:B6:E2:0F:
      C5:C6:27:C9:07:E6:7A:0A:A5:17:00:19:4C:70:45:38:
      2D:81:B4:50:AA:C5:67:D1:FA:79:BC:C5:CC:A1:72:9B:
      F4:25:34:98:F8:54:DF:12:39:38:12:2F:A4:6B:A5:9A:
      7E:C7:62:D1:DC:CF:ED:3D:34:F8:B9:DF:35:30:BA:EC:
      79:32:A9:E1:A9:AC:55:4D:4C:7F:4C:56:C3:13:0B:76:
      F1:07:F9:CC:47:AC:FB:88:D5:52:A5:1E:28:FA:3D:2D:
      CF:CF:84:98:86:71:65:11:CF:85:C9:09:44:86:E1:6F:
      E7:B1:FC:AC:40:44:A5:A9:8B:23:3F:82:49:9D:D5:96:
      59:50:13:59:18:73:FF:43:0C:AD:2B:D4:7F:30:40:67: 0x010001
  - #6
    - extendedKeyUsage: codeSigning
    - subjectKeyIdentifier:
```
1f 5e e2 5d 50 8d 56 86  be 4a 3c cf 04 e8 a7 87  |.^.]P.V..J<.....|
b5 cb bf 83                                       |....            |
```
    - subjectAltName
      - #0
        OU: MOPR
        serialNumber: 31595+b4218f13-6fca-490f-9c47-3fc557dfc440
    - authorityKeyIdentifier:
```
cb 11 e8 ca d2 b4 16 58  01 c9 37 2e 33 16 16 b9  |.......X..7.3...|
4c 9a 0a 1f                                       |L...            |
```
    - crlDistributionPoints: http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl
    - authorityInfoAccess
      - caIssuers: http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt
- RSA-SHA1:
```
77 5c eb d7 91 3d cd bd  7b 83 d9 85 a9 b0 43 9d  |w\...=..{.....C.|
73 7c 17 c9 0f ed 36 db  c7 b5 2c 1b 5e fb 54 05  |s|....6...,.^.T.|
3a 83 71 40 81 09 a2 b7  71 26 5e d6 7d b6 6c 3b  |:.q@....q&^.}.l;|
c9 aa 5f 5d 03 18 2a 1d  27 7e 07 e9 c5 65 1f b5  |.._]..*.'~...e..|
cf 0d b7 54 c7 28 38 5a  88 e7 7b c1 19 b6 56 32  |...T.(8Z..{...V2|
ba e2 cc cb 93 db af 6e  0f 5d 44 f5 d4 b0 ef 1b  |.......n.]D.....|
d5 4e c1 af 0e ef 20 9b  f2 e1 fe 27 5d e8 c5 ff  |.N.... ....']...|
61 f6 19 d2 28 0a 22 9d  df cd 70 82 9e 18 72 d8  |a...(."...p...r.|
23 cc 7a 2c 43 ee ff ea  c0 e0 e6 1d aa 9e 97 33  |#.z,C..........3|
00 52 6f 07 b8 d3 88 6c  de a4 06 35 a7 c2 53 86  |.Ro....l...5..S.|
65 11 77 09 8f 35 59 b9  d8 86 a8 00 fe f8 31 7d  |e.w..5Y.......1}|
2c f4 8c 05 9d c0 c1 d5  77 72 6c e9 4d 59 26 83  |,.......wrl.MY&.|
f1 c2 b2 88 57 93 35 00  7c 50 2b bc 59 fc fe 1c  |....W.5.|P+.Y...|
29 38 82 d3 de 52 97 45  29 18 4e 96 5b 9d ba 5f  |)8...R.E).N.[.._|
1b a3 f1 27 50 ea 07 95  e8 6d 34 0d 38 57 dc 37  |...'P....m4.8W.7|
28 35 95 3a 38 9c d4 ed  6a 85 5d 0e 22 11 5e 7b  |(5.:8...j.].".^{|
```

2
- 61:33:26:1A:00:00:00:00:00:31
- RSA-SHA1: nil
- #2
  - DC: com
  - DC: microsoft
  - CN: Microsoft Root Certificate Authority
- 2010-08-31 22:19:32 UTC: 2020-08-31 22:29:32 UTC
- Subject
  - C: US
  - ST: Washington
  - L: Redmond
  - O: Microsoft Corporation
  - CN: Microsoft Code Signing PCA
- #5
  - rsaEncryption: nil
  - B2:72:59:5C:19:30:64:BF:1D:9A:60:20:20:42:99:76:
    53:6C:3E:1B:D6:6F:CC:CB:F1:EA:6B:FE:97:16:10:E0:
    DF:3A:74:83:1A:B7:2F:A0:32:EC:FF:DE:C2:42:4E:23:
    D5:72:00:DB:35:57:0A:89:CA:AE:20:49:F4:F0:68:AC:
    4D:4B:8D:A5:BD:79:4B:71:9B:47:07:DA:FD:25:DF:9D:
    75:88:CF:AA:73:44:7F:D7:81:DB:F3:BD:F2:36:A4:C9:
    5C:45:DC:AF:AD:3D:E0:28:68:97:1A:A7:A5:72:73:56:
    F1:17:94:E4:FD:35:94:72:A0:D6:76:5F:1E:77:45:83:
    85:38:16:D0:73:5B:05:BA:67:52:8D:A5:B2:69:2F:DA:
    19:0B:FE:92:74:29:E2:76:2F:54:DD:14:30:59:F8:D2:
    8D:62:FD:CB:C9:5F:46:31:50:B9:27:13:E4:40:30:CF:
    72:29:10:28:22:C7:37:4E:3D:A0:32:3D:90:CD:A1:38:
    06:85:5C:4E:56:82:28:2A:05:32:B7:4B:D7:4F:63:E7:
    D2:2D:62:F1:45:3D:E7:AC:08:00:F6:46:A1:9E:D1:5B:
    8C:26:53:E8:7A:AA:4A:F2:46:CF:37:3C:38:9E:B4:77:
    5C:A5:17:9E:8D:CB:11:8F:56:3C:C1:AC:09:5F:03:D3: 0x010001
- X509v3 extensions
  - basicConstraints: true, true
  - subjectKeyIdentifier:
```
cb 11 e8 ca d2 b4 16 58  01 c9 37 2e 33 16 16 b9  |.......X..7.3...|
4c 9a 0a 1f                                       |L...            |
```
  - keyUsage: 0x86
  - 1.3.6.1.4.1.311.21.1: 0x010001
  - 1.3.6.1.4.1.311.21.2:
```
fd d1 31 4e d3 26 8a 95  e1 98 60 3b a8 31 6f a6  |..1N.&....`;.1o.|
3c bc d8 2d                                       |<..-            |
```
  - 1.3.6.1.4.1.311.20.2:
```
00 53 00 75 00 62 00 43  00 41                    |.S.u.b.C.A      |
```
  - authorityKeyIdentifier:
```
0e ac 82 60 40 56 27 97  e5 25 13 fc 2a e1 0a 53  |...`@V'..%..*..S|
95 59 e4 a4                                       |.Y..            |
```
  - crlDistributionPoints: http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
  - authorityInfoAccess
    - caIssuers: http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt

RSA-SHA1:

59 39 3e 7f 26 46 af eb  6f 40 b1 32 b5 6a eb 0e  |Y9>.&F..o@.2.j..|
2f 6e a8 49 f7 eb 5f 75  ed 4c 3b 2d d7 43 ad 0b  |/n.I.._u.L;-.C..|
fe cb e9 2d 31 a3 23 cc  7c 50 98 80 21 5d ac 3d  |...-1.#.|P..!].=|
2f 4c ba a2 a8 56 9c e3  70 bb b8 b4 f8 79 b5 49  |/L...V..p....y.I|
72 f7 3e ea 41 7f ca e1  0c 17 69 cb a5 9c 20 2d  |r.>.A.....i... -|
fa 0b 50 c4 56 cd 2d e3  4a d2 bc 70 e7 a8 0d a2  |..P.V.-.J..p....|
03 a5 56 e0 b8 8a 4b 57  f2 95 42 9c f1 f3 ef ee  |..V...KW..B.....|
e3 86 1f 34 3c b8 56 9a  f0 53 23 85 2a a4 82 1c  |...4<.V..S#.*...|
93 e2 94 07 1d f2 e2 4e  f8 8c a1 ca e8 13 a5 91  |.......N........|
4e c8 1b d2 8f 72 95 2a  71 6d 9b 1a f8 1c f0 53  |N....r.*qm.....S|
d6 67 cc 22 ff 5c 1d cd  a2 8c bd 27 b2 79 63 56  |.g.".\.....'.ycV|
44 a2 51 cd f9 e9 a3 58  56 dd 9b 02 45 44 2f 5f  |D.Q....XV...ED/_|
f4 da ae d4 82 32 6e fc  a4 95 13 e4 eb 69 e7 a9  |.....2n......i..|
a2 2c be c8 2b 10 0e 65  8e 99 db f5 a2 fa 12 26  |.,..+..e.......&|
09 65 38 94 f1 7a 1f 4a  bb d1 e1 56 e8 d0 78 96  |.e8..z.J...V..x.|
18 5c c9 35 16 5f dd 93  1d 49 8e 2d be ad 34 44  |.\.5._...I.-..4D|
1c ee 10 15 1a 00 5d dd  35 5b 21 ce 98 c7 09 ee  |......].5[!.....|
85 0e 8c 4f 6d 0e 13 4e  3d 7c 29 48 9c 72 d1 f3  |...Om..N=|)H.r..|
6c ca c1 ec 70 a3 57 92  57 7d 94 8d a0 1b 48 03  |l...p.W.W}....H.|
5a f7 cf a3 67 0a 74 a5  36 ed 2d 2f 17 c8 e6 72  |Z...g.t.6.-/...r|
37 12 f4 6f b1 3c 67 82  f9 52 b2 8d 33 16 65 1e  |7..o.

2
- 61:16:68:34:00:00:00:00:00:1C
- RSA-SHA1: nil
- #2
  - DC: com
  - DC: microsoft
  - CN: Microsoft Root Certificate Authority
- 2007-04-03 12:53:09 UTC: 2021-04-03 13:03:09 UTC
- Subject
  - C: US
  - ST: Washington
  - L: Redmond
  - O: Microsoft Corporation
  - CN: Microsoft Time-Stamp PCA
- #5
  - rsaEncryption: nil
  - 9F:A1:6C:B1:DF:DB:48:92:2A:7C:6B:2E:19:E1:BD:E2:
    E3:C5:99:51:23:50:AD:CE:DD:18:4E:24:0F:EE:D1:A7:
    D1:4C:AD:74:30:20:11:EB:07:D5:54:95:15:49:94:1B:
    42:92:AE:98:5C:30:26:DA:00:6B:E8:7B:BD:EC:89:07:
    0F:F7:0E:04:98:F0:89:CC:1F:CB:33:24:87:9D:F2:F4:
    67:1C:2C:FC:7B:E7:88:1D:EA:E7:4E:A3:A1:C1:23:53:
    CA:8D:FA:45:CF:09:D0:5E:AF:D0:B0:42:04:A2:F9:A6:
    6C:93:67:D7:28:DC:46:53:B0:86:D0:E5:28:46:2E:27:
    AC:86:4F:55:52:0C:E4:03:2C:FB:6A:90:90:30:6E:87:
    F3:59:30:9D:FA:7E:D6:97:B3:E8:21:97:7E:F8:D2:13:
    F3:08:B7:53:6D:52:B4:45:90:9F:48:00:4A:47:66:11:
    27:29:66:A8:97:E4:D3:06:81:4A:A2:F9:84:A7:11:47:
    14:09:82:9F:84:ED:55:78:FE:01:9A:1D:50:08:85:00:
    10:30:46:ED:B7:DE:23:46:BB:C4:2D:54:9F:AF:1E:78:
    41:31:77:CC:9B:DF:3B:83:93:A1:61:02:B5:1D:0D:B1:
    FC:F7:9B:B2:01:CE:22:4B:54:FF:F9:05:C3:C2:20:0B: 0x010001
- X509v3 extensions
  - basicConstraints: true, true
  - subjectKeyIdentifier:
```
23 34 f8 d9 52 46 70 0a  ed 40 fb 76 fb b3 2b b0  |#4..RFp..@.v..+.|
c3 35 b3 0f                                       |.5..            |
```
  - keyUsage: 0x86
  - 1.3.6.1.4.1.311.21.1: 0
  - authorityKeyIdentifier
    - 0e ac 82 60 40 56 27 97 e5 25 13 fc 2a e1 0a 53 |...`@V'..%..*..S| 95 59 e4 a4 |.Y.. |
      - #0
        DC: com
        DC: microsoft
        CN: Microsoft Root Certificate Authority
      - 79 ad 16 a1 4a a0 a5 ad 4c 73 58 f4 07 13 2e 65 |y...J...LsX....e|
  - crlDistributionPoints: http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
  - authorityInfoAccess
    - caIssuers: http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt
  - extendedKeyUsage: timeStamping

RSA-SHA1:

10 97 8a c3 5c 03 44 36  dd e9 b4 ad 77 db ce 79  |....\.D6....w..y|
51 4d 01 b1 2e 74 71 5b  6d 0c 13 ab ce be 7b 8f  |QM...tq[m.....{.|
b8 2e d4 12 a2 8c 6d 62  b8 57 02 cb 4e 20 13 50  |......mb.W..N .P|
99 dd 7a 40 e2 57 bb af  58 9a 1c e1 1d 01 86 ac  |..z@.W..X.......|
bb 78 f2 8b d0 ec 3b 01  ee e2 be 8f 0a 05 c8 8d  |.x....;.........|
48 e2 f0 53 15 dd 4f ab  92 e4 e7 8d 6a d5 80 c1  |H..S..O.....j...|
e6 94 f2 06 2f 85 03 e9  91 2a 24 22 70 fb f6 fc  |..../....*$"p...|
e4 78 99 2e 0d f7 07 e2  70 bc 18 4e 9d 8e 6b 0a  |.x......p..N..k.|
72 95 b8 a1 39 9c 67 2d  c5 51 0e ea 62 5c 3f 16  |r...9.g-.Q..b\?.|
98 8b 20 3f e2 07 1a 32  f9 cc 31 4a 76 31 3d 2b  |.. ?...2..1Jv1=+|
72 0b c8 ea 70 3d ff 85  0a 13 df c2 0a 61 8e f0  |r...p=.......a..|
d7 b8 17 eb 4e 8b 7f c5  35 2b 5e a3 bf eb bc 7d  |....N...5+^....}|
0b 42 7b d4 53 72 21 ee  30 ca bb 78 65 5c 5b 01  |.B{.Sr!.0..xe\[.|
17 0a 14 0e d2 da 14 98  f5 3c b9 66 58 b3 2d 2f  |.........<.fX.-/|
e7 f9 85 86 cc 51 56 e8  9d 70 94 6c ac 39 4c d4  |.....QV..p.l.9L.|
f6 79 bf aa 18 7a 62 29  ef a2 9b 29 34 06 77 1a  |.y...zb)...)4.w.|
62 c9 3d 1e 6d 1f 82 f0  0b c7 2c bb cf 43 b3 e5  |b.=.m.....,..C..|
f9 ec 7d b5 e3 a4 a8 74  35 b8 4e c5 71 23 12 26  |..}....t5.N.q#.&|
76 0b 3c 52 8c 71 5a 46  43 14 bc b3 b3 b0 4d 67  |v.

Signer

1
unnamed
- #0
  - C: US
  - ST: Washington
  - L: Redmond
  - O: Microsoft Corporation
  - CN: Microsoft Code Signing PCA
- 33:00:00:00:CA:6C:D5:32:12:35:C4:E1:55:00:01:00:
  00:00:CA
SHA1: nil

contentType: 1.3.6.1.4.1.311.2.1.4
1.3.6.1.4.1.311.2.1.11: msCodeInd

messageDigest:

e6 bd 45 7c 63 5f 75 0d  eb 19 6b 73 d0 31 69 e0  |..E|c_u...ks.1i.|
bf 53 25 82                                       |.S%.            |

1.3.6.1.4.1.311.2.1.12

00 70 00 72 00 6f 00 63 00 65 00 78 00 70 |.p.r.o.c.e.x.p |
: http://www.sysinternals.com

rsaEncryption:

55 1c 41 1b fc 6d 7c a9  17 93 dc 53 31 9c 37 7b  |U.A..m|....S1.7{|
6b cd fe 5a 7f 32 d1 fc  68 09 04 83 ad f1 88 55  |k..Z.2..h......U|
ef d4 14 3c 49 e5 e4 24  11 2a f6 96 47 ab 3b 0a  |...6.....2p..|
64 39 d4 ed b5 bf c7 54  bf c8 c2 48 90 27 62 c7  |d9.....T...H.'b.|
b7 40 8e ed 60 3b 0d cf  1a 4a 9c d4 52 54 a1 4f  |.@..`;...J..RT.O|
49 da 07 2e d8 db 01 5e  73 98 d5 f2 a3 e6 d6 97  |I......^s.......|
cc 35 c4 46 02 ec eb 44  38 d9 fa 5b 54 b2 b5 41  |.5.F...D8..[T..A|
8f 42 3d 7d 8c 18 3f 16  76 af 02 ed 06 3c 58 67  |.B=}..?.v....countersignature1unnamed#0C: US
ST: Washington
L: Redmond
O: Microsoft Corporation
CN: Microsoft Time-Stamp PCA
33:00:00:00:71:B3:2E:8A:6B:82:AA:1F:4E:00:00:00:
00:00:71
SHA1: nil
#2contentType: pkcs7-data
signingTime: 2015-05-11 04:55:26 UTC
messageDigest: 8f 31 1d d7 34 88 0f 2a  e1 a6 b9 75 d6 9f 3e 1e  |.1..4..*...u..>.|
25 f6 3b 1e                                       |%.;.            |
RSA-SHA1: 17 fb 1e 20 91 ee 07 8d  cf 58 15 97 3b 1b 41 3c  |... .....X..;.A<|
72 8c dc 14 59 2a a0 74  57 5a b8 16 f1 f0 3d df  |r...Y*.tWZ....=.|
15 59 7a 60 26 0b e4 54  f0 cc c6 cf 07 cb 74 33  |.Yz`&..T......t3|
ec 19 17 e1 ed 85 4c ba  09 2e 61 ec d1 65 10 2d  |......L...a..e.-|
0d 62 81 a1 ac a6 ad e1  85 c7 ca c9 ef d7 df 33  |.b.............3|
6d 7d a7 2b 2d 45 39 1e  37 d8 dc 0c 2a 6a 69 af  |m}.+-E9.7...*ji.|
aa 47 74 a3 8f 54 26 01  ed 14 51 a1 9c b8 1f d7  |.Gt..T&...Q.....|
44 a3 bd 73 61 bf 60 1b  cc b0 0e 14 00 8e f6 36  |D..sa.`........6|
56 4d 94 84 d5 cf d2 ee  1f b7 e0 79 77 5b 19 24  |VM.........yw[.$|
83 ad 8e 2e 21 33 8c 29  d5 ac 93 b7 2d 54 89 df  |....!3.)....-T..|
35 b2 0a d6 12 8d fe 3e  d9 86 2c 49 51 07 ac c3  |5......>..,IQ...|
f5 ac 2b 40 52 1c 00 0a  6e 2f bd a0 9d fa d0 36  |..+@R...n/.....6|
e3 71 d9 ca 9f 8a cf d0  4a 9c 5f 34 df 71 3a d0  |.q......J._4.q:.|
67 7b 7e fd 2e d3 d3 4b  e7 54 66 6b ad 94 f2 1a  |g{~....K.Tfk....|
52 03 5c 48 ee 98 10 9d  1f cf 04 6d 7f 56 0b 08  |R.\H.......m.V..|
82 14 b2 fa 6f c0 ac 0e  18 1d a7 10 27 d0 80 67  |....o.......'..g|