Procmon.exe-1090392-1259376.exe - Procmon.exe

info
MZ
PE
resources
strings
imports
foremost
version info
signature
hexdump
disasm
log
discuss
donate

filename	Procmon.exe-1090392-1259376.exe
size	1259376 (0x133770)
md5	d548c49122dbd73f8d8116dccc5b3bcc

type	PE32+ executable (GUI) x86-64, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x100

Rich Header

lib id	version	times used
149	30729	11
132	21022	5
135	30729	1
123	40310	2
136	30729	1
147	30729	27
1	0	459
131	30729	156
132	30729	104
148	30729	1
145	30729	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x8664
NumberOfSections	6
TimeDateStamp	0x4fddf5cf
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xf0
Characteristics	0x22
Magic	0x20b
LinkerVersion	9.0
SizeOfCode	0xbca00
SizeOfInitializedData	0x75400
SizeOfUninitializedData	0
AddressOfEntryPoint	0x99014
BaseOfCode	0x1000
ImageBase	0x140000000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	5.2
ImageVersion	0.0
SubsystemVersion	5.2
Reserved1	0
SizeOfImage	0x13e000
SizeOfHeaders	0x400
CheckSum	0x134ebe
Subsystem	2
DllCharacteristics	0x8140
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

MS Visual C++ 8.0

Sections

name	va	vsize	raw size	flags
.text	0x1000	0xbc90a	0xbca00	R-X CODE
.rdata	0xbe000	0x3e552	0x3e600	R-- IDATA
.data	0xfd000	0xad98	0x2200	RW- IDATA
.pdata	0x108000	0xbdc0	0xbe00	R-- IDATA
.rsrc	0x114000	0x27448	0x27600	R-- IDATA
.reloc	0x13c000	0x1706	0x1800	R-- IDATA DISCARDABLE

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0xf99a4	0x118
RESOURCE	0x114000	0x27448
EXCEPTION	0x108000	0xbdc0
SECURITY	0x132200	0x1570
BASERELOC	0x13c000	0xa80
DEBUG	0xbf010	0x1c
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0xbe000	0xe28
Delay_IAT	0	0
CLR_Header	0	0

show previews

type	name	size	cp
BINRES	RCDRIVERNT	84360	1252
CURSOR	#23	308	1252
CURSOR	#24	308	1252
BITMAP	#400	2744	1252
ICON	#1	3752	1252
ICON	#2	2216	1252
ICON	#3	1384	1252
ICON	#4	9640	1252
ICON	#5	4264	1252
ICON	#6	1128	1252
ICON	#7	296	1252
ICON	#8	296	1252
ICON	#9	296	1252
ICON	#10	296	1252
ICON	#11	296	1252
ICON	#12	296	1252
ICON	#13	296	1252
ICON	#14	1384	1252
ICON	#15	296	1252
ICON	#16	296	1252
ICON	#17	1384	1252
ICON	#18	296	1252
ICON	#19	872	1252
ICON	#20	296	1252
ICON	#21	296	1252
ICON	#22	296	1252
MENU	CONTEXT_HEADER	74	1252
MENU	CONTEXT_PROCESSTREE	220	1252
MENU	MAIN_MENU	2400	1252
MENU	#40075	122	1252
DIALOG	ABOUTBOX	446	1252
DIALOG	BACKINGFILE	1092	1252
DIALOG	BOOTLOG_OPTIONS	838	1252
DIALOG	COLUMNCHOOSER	1934	1252
DIALOG	CROSS_REFERENCE_SUMMARY	516	1252
DIALOG	DEVICE_PATH	816	1252
DIALOG	DISCONNECTING	290	1252
DIALOG	FILE_SUMMARY	418	1252
DIALOG	FILE_VIEWER	120	1252
DIALOG	FILTER	388	1252
DIALOG	FILTER_CONTROL	430	1252
DIALOG	FILTER_INIT	548	1252
DIALOG	HIGHLIGHT	460	1252
DIALOG	HISTORY_DEPTH	524	1252
DIALOG	MODULE_PROPERTIES	548	1252
DIALOG	NETWORK_SUMMARY	442	1252
DIALOG	OCCURRENCES	604	1252
DIALOG	ORGANIZE_FILTERS	366	1252
DIALOG	PROCESS_SUMMARY	916	1252
DIALOG	PROCESS_TIMELINE	1516	1252
DIALOG	PROCESS_TREE	1320	1252
DIALOG	PROFILING_OPTIONS	700	1252
DIALOG	PROGRESS	246	1252
DIALOG	PROPERTIES	380	1252
DIALOG	PROP_EVENT	684	1252
DIALOG	PROP_PROCESS	1466	1252
DIALOG	PROP_STACKTRACE	394	1252
DIALOG	REGISTRY_SUMMARY	446	1252
DIALOG	SAVE	1234	1252
DIALOG	SAVE_FILTER	292	1252
DIALOG	SELECTHIGHLIGHTCOLORS	1304	1252
DIALOG	STACK_SUMMARY	478	1252
DIALOG	SYMBOLCONFIG	1518	1252
DIALOG	SYMBOLCONFIGWARNING	712	1252
DIALOG	SYMBOLDBGHELPGWARNING	912	1252
DIALOG	SYSTEM_DETAILS	804	1252
DIALOG	UNIQUE	524	1252
DIALOG	USAGE	3240	1252
STRING	#2501	112	1252
STRING	#2502	220	1252
STRING	#2503	372	1252
STRING	#2504	220	1252
STRING	#2505	296	1252
STRING	#2506	218	1252
ACCELERATORS	ACCELERATORS	224	1252
GROUP_CURSOR	SPLITTER_CURSOR	20	1252
GROUP_CURSOR	#121	20	1252
GROUP_ICON	#101	90	1252
GROUP_ICON	#106	20	1252
GROUP_ICON	#107	20	1252
GROUP_ICON	#110	20	1252
GROUP_ICON	#113	20	1252
GROUP_ICON	#119	20	1252
GROUP_ICON	#120	34	1252
GROUP_ICON	#127	20	1252
GROUP_ICON	#128	20	1252
GROUP_ICON	#129	20	1252
GROUP_ICON	#130	20	1252
GROUP_ICON	#131	20	1252
GROUP_ICON	#203	20	1252
GROUP_ICON	#204	20	1252
GROUP_ICON	#205	34	1252
VERSION	#1	828	1252
MANIFEST	#1	1547	1252

id	lang	string
40005	1033	Save (Ctrl+S)
40006	1033	High Resolution Date & Time
40018	1033	Capture (Ctrl+E)
40019	1033	Autoscroll (Ctrl+A)
40020	1033	Clear (Ctrl+X)
40021	1033	Show Process Tree
40023	1033	Filter (Ctrl+L)
40024	1033	Find (Ctrl+F)
40036	1033	Open
40041	1033	Show File System Activity
40042	1033	Show Registry Activity
40043	1033	Show Network Activity
40044	1033	Show Process and Thread Activity
40045	1033	Highlight (Ctrl+H)
40046	1033	Show Profiling Events
40047	1033	Include Process From Window
40051	1033	Jump to Object (Ctrl+J)
40052	1033	Date & Time
40053	1033	Process Name
40054	1033	PID
40055	1033	Operation
40056	1033	Result
40057	1033	Detail
40058	1033	Sequence
40059	1033	Object Reference
40064	1033	Company
40065	1033	Description
40066	1033	Command Line
40067	1033	User
40068	1033	Image Path
40069	1033	Session
40070	1033	Event Complete
40071	1033	Path
40072	1033	TID
40073	1033	Image Load
40074	1033	Frame
40075	1033	Address
40076	1033	Relative Time
40077	1033	Duration
40078	1033	Time of Day
40079	1033	Module
40080	1033	Location
40081	1033	Version
40082	1033	Event Class
40083	1033	Authentication ID
40084	1033	Virtualized
40085	1033	Integrity
40086	1033	Category
40087	1033	Parent PID
40088	1033	Architecture

module_name	hint	ord	function_name
WS2_32.dll		1
WS2_32.dll		2
WS2_32.dll		52
WS2_32.dll		3
WS2_32.dll		16
WS2_32.dll		6
WS2_32.dll		13
WS2_32.dll		8
WS2_32.dll		112
WS2_32.dll		56
WS2_32.dll		51
WS2_32.dll		55
WS2_32.dll		9
WS2_32.dll		12
WS2_32.dll		11
WS2_32.dll		115
WS2_32.dll		15
WS2_32.dll		111
WS2_32.dll		19
WS2_32.dll		4
WS2_32.dll		23
VERSION.dll	6		GetFileVersionInfoW
VERSION.dll	14		VerQueryValueW
VERSION.dll	5		GetFileVersionInfoSizeW
COMCTL32.dll	114		ImageList_SetBkColor
COMCTL32.dll	84		ImageList_Create
COMCTL32.dll		17
COMCTL32.dll	78		ImageList_Add
COMCTL32.dll	100		ImageList_GetIconSize
COMCTL32.dll	99		ImageList_GetIcon
COMCTL32.dll	120		ImageList_SetOverlayImage
COMCTL32.dll	14		CreateToolbarEx
COMCTL32.dll	12		CreateStatusWindowW
COMCTL32.dll	124		InitCommonControlsEx
COMCTL32.dll	92		ImageList_DrawEx
COMCTL32.dll	85		ImageList_Destroy
COMCTL32.dll	112		ImageList_ReplaceIcon
FLTLIB.DLL	11		FilterGetMessage
FLTLIB.DLL	19		FilterReplyMessage
FLTLIB.DLL	3		FilterConnectCommunicationPort
FLTLIB.DLL	20		FilterSendMessage
KERNEL32.dll	140		CreateFileMappingW
KERNEL32.dll	857		MapViewOfFile
KERNEL32.dll	1121		SetEndOfFile
KERNEL32.dll	1140		SetFilePointer
KERNEL32.dll	503		GetFileSize
KERNEL32.dll	143		CreateFileW
KERNEL32.dll	299		FileTimeToSystemTime
KERNEL32.dll	298		FileTimeToLocalFileTime
KERNEL32.dll	682		GetVersion
KERNEL32.dll	1332		WriteFile
KERNEL32.dll	963		ReadFile
KERNEL32.dll	356		FormatMessageW
KERNEL32.dll	840		LocalFileTimeToFileTime
KERNEL32.dll	1227		SystemTimeToFileTime
KERNEL32.dll	570		GetNumberFormatW
KERNEL32.dll	670		GetTimeFormatW
KERNEL32.dll	463		GetDateFormatW
KERNEL32.dll	1190		SetThreadPriority
KERNEL32.dll	458		GetCurrentThread
KERNEL32.dll	732		HeapSize
KERNEL32.dll	723		HeapAlloc
KERNEL32.dll	727		HeapFree
KERNEL32.dll	1286		WaitForMultipleObjects
KERNEL32.dll	133		CreateEventW
KERNEL32.dll	402		GetComputerNameA
KERNEL32.dll	938		QueryPerformanceFrequency
KERNEL32.dll	937		QueryPerformanceCounter
KERNEL32.dll	725		HeapCreate
KERNEL32.dll	174		CreateSemaphoreW
KERNEL32.dll	726		HeapDestroy
KERNEL32.dll	1042		ResetEvent
KERNEL32.dll	1127		SetEvent
KERNEL32.dll	1025		ReleaseSemaphore
KERNEL32.dll	1253		UnmapViewOfFile
KERNEL32.dll	494		GetFileAttributesExW
KERNEL32.dll	1168		SetProcessShutdownParameters
KERNEL32.dll	1083		SetConsoleCtrlHandler
KERNEL32.dll	405		GetComputerNameW
KERNEL32.dll	903		OpenThread
KERNEL32.dll	653		GetThreadContext
KERNEL32.dll	455		GetCurrentProcessId
KERNEL32.dll	830		LoadLibraryA
KERNEL32.dll	630		GetSystemDirectoryA
KERNEL32.dll	308		FindClose
KERNEL32.dll	331		FindNextFileW
KERNEL32.dll	319		FindFirstFileW
KERNEL32.dll	784		IsWow64Process
KERNEL32.dll	483		GetEnvironmentVariableW
KERNEL32.dll	1125		SetEnvironmentVariableW
KERNEL32.dll	290		ExpandEnvironmentStringsA
KERNEL32.dll	619		GetStdHandle
KERNEL32.dll	731		HeapSetInformation
KERNEL32.dll	344		FlsAlloc
KERNEL32.dll	345		FlsFree
KERNEL32.dll	347		FlsSetValue
KERNEL32.dll	346		FlsGetValue
KERNEL32.dll	203		DecodePointer
KERNEL32.dll	238		EncodePointer
KERNEL32.dll	617		GetStartupInfoA
KERNEL32.dll	396		GetCommandLineA
KERNEL32.dll	459		GetCurrentThreadId
KERNEL32.dll	288		ExitThread
KERNEL32.dll	730		HeapReAlloc
KERNEL32.dll	1057		RtlPcToFileHeader
KERNEL32.dll	948		RaiseException
KERNEL32.dll	1048		RtlCaptureContext
KERNEL32.dll	1062		RtlVirtualUnwind
KERNEL32.dll	770		IsDebuggerPresent
KERNEL32.dll	1203		SetUnhandledExceptionFilter
KERNEL32.dll	1250		UnhandledExceptionFilter
KERNEL32.dll	1230		TerminateProcess
KERNEL32.dll	1061		RtlUnwindEx
KERNEL32.dll	1055		RtlLookupFunctionEntry
KERNEL32.dll	593		GetProcessHeap
KERNEL32.dll	1312		WideCharToMultiByte
KERNEL32.dll	1376		lstrlenA
KERNEL32.dll	873		MultiByteToWideChar
KERNEL32.dll	1244		TryEnterCriticalSection
KERNEL32.dll	699		GlobalAlloc
KERNEL32.dll	710		GlobalLock
KERNEL32.dll	717		GlobalUnlock
KERNEL32.dll	524		GetLocaleInfoW
KERNEL32.dll	100		CompareStringW
KERNEL32.dll	898		OpenProcess
KERNEL32.dll	168		CreateProcessW
KERNEL32.dll	832		LoadLibraryExW
KERNEL32.dll	263		EnumResourceNamesW
KERNEL32.dll	698		GlobalAddAtomW
KERNEL32.dll	360		FreeLibrary
KERNEL32.dll	872		MulDiv
KERNEL32.dll	497		GetFileAttributesW
KERNEL32.dll	514		GetFullPathNameW
KERNEL32.dll	634		GetSystemInfo
KERNEL32.dll	712		GlobalMemoryStatusEx
KERNEL32.dll	574		GetOEMCP
KERNEL32.dll	780		IsValidCodePage
KERNEL32.dll	416		GetConsoleCP
KERNEL32.dll	434		GetConsoleMode
KERNEL32.dll	1148		SetHandleCount
KERNEL32.dll	506		GetFileType
KERNEL32.dll	813		LCMapStringA
KERNEL32.dll	684		GetVersionExW
KERNEL32.dll	1275		VirtualFree
KERNEL32.dll	397		GetCommandLineW
KERNEL32.dll	838		LocalAlloc
KERNEL32.dll	842		LocalFree
KERNEL32.dll	215		DeleteFileW
KERNEL32.dll	631		GetSystemDirectoryW
KERNEL32.dll	453		GetCurrentDirectoryW
KERNEL32.dll	291		ExpandEnvironmentStringsW
KERNEL32.dll	1152		SetLastError
KERNEL32.dll	340		FindResourceW
KERNEL32.dll	835		LoadResource
KERNEL32.dll	1215		SizeofResource
KERNEL32.dll	854		LockResource
KERNEL32.dll	1135		SetFileAttributesW
KERNEL32.dll	454		GetCurrentProcess
KERNEL32.dll	520		GetLastError
KERNEL32.dll	1272		VirtualAlloc
KERNEL32.dll	210		DeleteCriticalSection
KERNEL32.dll	746		InitializeCriticalSection
KERNEL32.dll	180		CreateThread
KERNEL32.dll	666		GetTickCount
KERNEL32.dll	640		GetSystemTimeAsFileTime
KERNEL32.dll	1288		WaitForSingleObject
KERNEL32.dll	82		CloseHandle
KERNEL32.dll	1216		Sleep
KERNEL32.dll	827		LeaveCriticalSection
KERNEL32.dll	242		EnterCriticalSection
KERNEL32.dll	538		GetModuleFileNameW
KERNEL32.dll	542		GetModuleHandleW
KERNEL32.dll	833		LoadLibraryW
KERNEL32.dll	588		GetProcAddress
KERNEL32.dll	537		GetModuleFileNameA
KERNEL32.dll	376		GetCPInfo
KERNEL32.dll	815		LCMapStringW
KERNEL32.dll	358		FreeEnvironmentStringsA
KERNEL32.dll	479		GetEnvironmentStrings
KERNEL32.dll	359		FreeEnvironmentStringsW
KERNEL32.dll	481		GetEnvironmentStringsW
KERNEL32.dll	747		InitializeCriticalSectionAndSpinCount
KERNEL32.dll	621		GetStringTypeA
KERNEL32.dll	624		GetStringTypeW
KERNEL32.dll	522		GetLocaleInfoA
KERNEL32.dll	1172		SetStdHandle
KERNEL32.dll	349		FlushFileBuffers
KERNEL32.dll	1321		WriteConsoleA
KERNEL32.dll	438		GetConsoleOutputCP
KERNEL32.dll	1331		WriteConsoleW
KERNEL32.dll	136		CreateFileA
KERNEL32.dll	287		ExitProcess
KERNEL32.dll	366		GetACP
USER32.dll	175		DispatchMessageW
USER32.dll	594		RegisterClassW
USER32.dll	491		LoadBitmapW
USER32.dll	164		DestroyMenu
USER32.dll	571		PostQuitMessage
USER32.dll	487		KillTimer
USER32.dll	243		EqualRect
USER32.dll	252		FlashWindowEx
USER32.dll	480		IsWindowEnabled
USER32.dll	507		LoadMenuW
USER32.dll	766		TrackPopupMenu
USER32.dll	484		IsWindowVisible
USER32.dll	643		SetActiveWindow
USER32.dll	722		SetWindowTextA
USER32.dll	158		DeleteMenu
USER32.dll	446		InsertMenuW
USER32.dll	99		CreateDialogParamW
USER32.dll	529		MessageBeep
USER32.dll	486		IsZoomed
USER32.dll	198		DrawFrameControl
USER32.dll	214		EnableMenuItem
USER32.dll	677		SetMenuInfo
USER32.dll	300		GetDlgItemTextW
USER32.dll	676		SetMenuDefaultItem
USER32.dll	107		CreatePopupMenu
USER32.dll	445		InsertMenuItemW
USER32.dll	380		GetSubMenu
USER32.dll	339		GetMenuItemCount
USER32.dll	342		GetMenuItemInfoW
USER32.dll	333		GetMenu
USER32.dll	63		CheckMenuItem
USER32.dll	298		GetDlgItemInt
USER32.dll	660		SetDlgItemInt
USER32.dll	615		RegisterWindowMessageW
USER32.dll	65		CheckRadioButton
USER32.dll	717		SetWindowPlacement
USER32.dll	415		GetWindowPlacement
USER32.dll	13		BeginDeferWindowPos
USER32.dll	223		EnumChildWindows
USER32.dll	217		EndDeferWindowPos
USER32.dll	777		UnionRect
USER32.dll	276		GetClassNameW
USER32.dll	157		DeferWindowPos
USER32.dll	625		ScreenToClient
USER32.dll	256		GetActiveWindow
USER32.dll	400		GetWindow
USER32.dll	379		GetShellWindow
USER32.dll	772		TranslateMessage
USER32.dll	213		EmptyClipboard
USER32.dll	652		SetClipboardData
USER32.dll	73		CloseClipboard
USER32.dll	71		ClientToScreen
USER32.dll	499		LoadImageW
USER32.dll	250		FindWindowW
USER32.dll	814		WaitForInputIdle
USER32.dll	469		IsIconic
USER32.dll	665		SetForegroundWindow
USER32.dll	249		FindWindowExW
USER32.dll	664		SetFocus
USER32.dll	102		CreateIconFromResourceEx
USER32.dll	580		PtInRect
USER32.dll	264		GetCapture
USER32.dll	449		IntersectRect
USER32.dll	365		GetPropW
USER32.dll	166		DestroyWindow
USER32.dll	650		SetClassLongW
USER32.dll	163		DestroyIcon
USER32.dll	497		LoadIconW
USER32.dll	290		GetCursorPos
USER32.dll	718		SetWindowPos
USER32.dll	30		CallWindowProcW
USER32.dll	465		IsDialogMessageW
USER32.dll	770		TranslateAcceleratorW
USER32.dll	351		GetMessageW
USER32.dll	489		LoadAcceleratorsW
USER32.dll	629		ScrollWindowEx
USER32.dll	694		SetScrollInfo
USER32.dll	820		WindowFromPoint
USER32.dll	404		GetWindowDC
USER32.dll	319		GetKeyState
USER32.dll	394		GetUpdateRgn
USER32.dll	553		OffsetRect
USER32.dll	287		GetCursor
USER32.dll	540		MonitorFromPoint
USER32.dll	353		GetMonitorInfoW
USER32.dll	302		GetFocus
USER32.dll	200		DrawIconEx
USER32.dll	253		FrameRect
USER32.dll	466		IsDlgButtonChecked
USER32.dll	62		CheckDlgButton
USER32.dll	309		GetIconInfo
USER32.dll	246		FillRect
USER32.dll	570		PostMessageW
USER32.dll	510		LoadStringW
USER32.dll	170		DialogBoxIndirectParamW
USER32.dll	654		SetCursor
USER32.dll	441		InflateRect
USER32.dll	537		MessageBoxW
USER32.dll	291		GetDC
USER32.dll	617		ReleaseDC
USER32.dll	384		GetSystemMetrics
USER32.dll	260		GetAncestor
USER32.dll	172		DialogBoxParamW
USER32.dll	793		UpdateWindow
USER32.dll	716		SetWindowLongW
USER32.dll	723		SetWindowTextW
USER32.dll	554		OpenClipboard
USER32.dll	273		GetClassLongPtrW
USER32.dll	705		SetTimer
USER32.dll	293		GetDesktopWindow
USER32.dll	216		EnableWindow
USER32.dll	297		GetDlgItem
USER32.dll	543		MoveWindow
USER32.dll	662		SetDlgItemTextW
USER32.dll	218		EndDialog
USER32.dll	495		LoadCursorW
USER32.dll	593		RegisterClassExW
USER32.dll	640		SendMessageW
USER32.dll	743		ShowWindow
USER32.dll	416		GetWindowRect
USER32.dll	358		GetParent
USER32.dll	525		MapWindowPoints
USER32.dll	110		CreateWindowExW
USER32.dll	409		GetWindowLongPtrW
USER32.dll	67		ChildWindowFromPoint
USER32.dll	644		SetCapture
USER32.dll	616		ReleaseCapture
USER32.dll	450		InvalidateRect
USER32.dll	14		BeginPaint
USER32.dll	278		GetClientRect
USER32.dll	410		GetWindowLongW
USER32.dll	423		GetWindowTextW
USER32.dll	382		GetSysColorBrush
USER32.dll	381		GetSysColor
USER32.dll	208		DrawTextW
USER32.dll	220		EndPaint
USER32.dll	715		SetWindowLongPtrW
USER32.dll	156		DefWindowProcW
USER32.dll	691		SetPropW
USER32.dll	375		GetScrollInfo
USER32.dll	424		GetWindowThreadProcessId
GDI32.dll	624		SaveDC
GDI32.dll	671		SetROP2
GDI32.dll	607		Rectangle
GDI32.dll	617		RestoreDC
GDI32.dll	79		CreateRectRgn
GDI32.dll	605		RectInRegion
GDI32.dll	525		GetStockObject
GDI32.dll	80		CreateRectRgnIndirect
GDI32.dll	629		SelectClipRgn
GDI32.dll	426		GetBkMode
GDI32.dll	550		GetTextMetricsW
GDI32.dll	373		GdiFlush
GDI32.dll	65		CreateFontW
GDI32.dll	516		GetPixel
GDI32.dll	667		SetPixel
GDI32.dll	47		CreateCompatibleBitmap
GDI32.dll	75		CreatePen
GDI32.dll	598		Polygon
GDI32.dll	570		MoveToEx
GDI32.dll	566		LineTo
GDI32.dll	631		SelectObject
GDI32.dll	678		SetTextColor
GDI32.dll	639		SetBkMode
GDI32.dll	423		GetBitmapBits
GDI32.dll	425		GetBkColor
GDI32.dll	84		CreateSolidBrush
GDI32.dll	459		GetDeviceCaps
GDI32.dll	660		SetMapMode
GDI32.dll	688		StartDocW
GDI32.dll	690		StartPage
GDI32.dll	242		EndPage
GDI32.dll	239		EndDoc
GDI32.dll	638		SetBkColor
GDI32.dll	19		BitBlt
GDI32.dll	48		CreateCompatibleDC
GDI32.dll	227		DeleteDC
GDI32.dll	230		DeleteObject
GDI32.dll	509		GetObjectW
GDI32.dll	64		CreateFontIndirectW
GDI32.dll	599		Polyline
COMDLG32.dll	21		PrintDlgW
COMDLG32.dll	1		ChooseColorW
COMDLG32.dll	12		GetOpenFileNameW
COMDLG32.dll	8		FindTextW
COMDLG32.dll	3		ChooseFontW
COMDLG32.dll	14		GetSaveFileNameW
ADVAPI32.dll	621		RegQueryValueExA
ADVAPI32.dll	608		RegOpenKeyExA
ADVAPI32.dll	594		RegEnumValueW
ADVAPI32.dll	116		ConvertStringSidToSidW
ADVAPI32.dll	310		GetLengthSid
ADVAPI32.dll	401		LookupAccountSidW
ADVAPI32.dll	569		RegCreateKeyExW
ADVAPI32.dll	639		RegSetValueW
ADVAPI32.dll	483		MapGenericMask
ADVAPI32.dll	223		DuplicateTokenEx
ADVAPI32.dll	32		AllocateAndInitializeSid
ADVAPI32.dll	346		GetTokenInformation
ADVAPI32.dll	263		EqualSid
ADVAPI32.dll	288		FreeSid
ADVAPI32.dll	609		RegOpenKeyExW
ADVAPI32.dll	592		RegEnumKeyW
ADVAPI32.dll	108		ConvertSidToStringSidW
ADVAPI32.dll	580		RegDeleteKeyW
ADVAPI32.dll	584		RegDeleteValueW
ADVAPI32.dll	612		RegOpenKeyW
ADVAPI32.dll	622		RegQueryValueExW
ADVAPI32.dll	638		RegSetValueExW
ADVAPI32.dll	572		RegCreateKeyW
ADVAPI32.dll	560		RegCloseKey
ADVAPI32.dll	407		LookupPrivilegeValueW
ADVAPI32.dll	503		OpenProcessToken
ADVAPI32.dll	31		AdjustTokenPrivileges
SHELL32.dll	207		SHGetMalloc
SHELL32.dll	215		SHGetPathFromIDListW
SHELL32.dll	6		CommandLineToArgvW
SHELL32.dll	31		DragQueryFileW
SHELL32.dll	127		SHChangeNotify
SHELL32.dll	290		ShellExecuteW
SHELL32.dll	223		SHGetSpecialFolderLocation
SHELL32.dll	123		SHBrowseForFolderW
SHELL32.dll	289		ShellExecuteExW
SHELL32.dll	189		SHGetFileInfoW
ole32.dll	103		CoSetProxyBlanket
ole32.dll	20		CoCreateInstance
ole32.dll	66		CoInitialize
ole32.dll	396		ReleaseStgMedium
ole32.dll	395		RegisterDragDrop
ole32.dll	358		OleInitialize
ole32.dll	125		CreateBindCtx
OLEAUT32.dll		2
OLEAUT32.dll		6
OLEAUT32.dll		7
OLEAUT32.dll		150
OLEAUT32.dll		9
OLEAUT32.dll		8
OLEAUT32.dll		25
OLEAUT32.dll		12
OLEAUT32.dll		16
OLEAUT32.dll		24
OLEAUT32.dll		23
OLEAUT32.dll		19
OLEAUT32.dll		20
OLEAUT32.dll		185
OLEAUT32.dll		4
SHLWAPI.dll	164		SHAutoComplete

StringTable 040904b0

CompanyName	Sysinternals - www.sysinternals.com
FileDescription	Process Monitor
FileVersion	3.02
InternalName	Procmon
LegalCopyright	Copyright © 1996-2012 Mark Russinovich and Bryce Cogswell
OriginalFilename	Procmon.exe
ProductName	Sysinternals Procmon
ProductVersion	3.02

VS_FIXEDFILEINFO

FileVersion	3.2.0.0
ProductVersion	3.2.0.0
StrucVersion	0x10000
FileFlagsMask	0x3f
FileFlags	0
FileOS	0x40004
FileType	1
FileSubtype	0

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Code Signing 2009-2 CA

serial: 4112E632C7B18A029A3A1FAC803AB89F

Certificates (4)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
        Validity
            Not Before: May  1 00:00:00 2012 GMT
            Not After : Dec 31 23:59:59 2012 GMT
        Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer - G3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (1024 bit)
                Modulus:
                    00:a9:59:66:74:da:3d:8a:7d:7a:d8:fc:f5:80:44:
                    7b:fe:47:6a:14:55:4e:50:47:0b:ec:d3:ed:ce:f6:
                    38:f7:4f:69:b9:b1:f0:b6:78:82:0a:8c:76:16:67:
                    e2:02:ad:b7:0d:a5:8a:f6:03:fc:66:d3:fc:08:2d:
                    cc:b5:73:59:7b:89:dc:33:6e:66:5a:5e:52:37:b4:
                    62:d1:92:59:35:14:8b:45:ac:59:b2:4d:24:a2:98:
                    94:68:42:72:9f:3a:68:e2:6b:8b:9e:22:2d:f4:98:
                    4e:9a:c6:af:b3:e4:a0:ab:3c:28:bf:23:e1:d7:72:
                    a4:f2:10:53:67:ae:77:af:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.verisign.com/tss-ca.crl

            X509v3 Extended Key Usage: critical
                Time Stamping
            Authority Information Access: 
                OCSP - URI:http://ocsp.verisign.com

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Subject Alternative Name: 
                DirName:/CN=TSA1-3
            X509v3 Subject Key Identifier: 
                B4:B7:F1:89:49:26:60:E7:65:EA:73:AE:DC:D3:38:CD:BF:57:92:6F
    Signature Algorithm: sha1WithRSAEncryption
         1e:98:aa:27:b7:78:b5:08:b5:c9:72:6d:b7:df:c0:0e:98:a6:
         35:c4:88:c9:d2:f6:6d:f1:4b:1a:fb:d5:f9:2d:99:00:9e:d1:
         e7:9b:8b:e1:3f:bd:39:80:0c:66:cd:07:bc:5c:98:54:a6:94:
         ba:10:d1:4e:8b:ab:f5:6f:65:cc:67:09:a2:80:7c:52:e8:0e:
         03:d6:6b:7a:c6:05:18:ec:c8:ac:42:7c:07:2c:a7:3d:08:66:
         dc:00:ed:fd:94:1d:73:f2:72:98:93:b1:11:d6:8f:ef:8e:ea:
         ac:f4:96:51:0c:d0:8d:df:31:52:4f:5e:af:7d:a7:4a:75:e6:
         4e:ce:2b:9f:29:2b:e7:cf:5d:9f:03:7e:6e:27:7b:23:ad:62:
         29:66:af:92:e8:2c:ce:bd:9c:7f:dc:cd:17:3c:43:c2:09:3f:
         75:45:c7:9e:e4:d7:60:7f:97:c6:e4:aa:c7:69:f5:fc:cd:74:
         ac:2c:b0:48:c1:50:4e:70:56:1e:b5:35:d3:8e:be:b1:ed:ac:
         bd:fe:0c:ec:85:7d:d5:bb:85:66:44:19:5d:9f:93:eb:82:ba:
         63:9e:d3:7c:61:ff:c8:1b:d9:23:58:7f:30:a3:66:a1:39:26:
         5e:92:c3:3c:cb:37:32:fa:f5:a3:8d:dc:d5:b0:a3:e9:25:36:
         55:d7:81:fa

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
        Validity
            Not Before: Dec  4 00:00:00 2003 GMT
            Not After : Dec  3 23:59:59 2013 GMT
        Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ca:b2:a4:cc:cd:20:af:0a:7d:89:ac:87:75:
                    f0:b4:4e:f1:df:c1:0f:bf:67:61:bd:a3:64:1c:da:
                    bb:f9:ca:33:ab:84:30:89:58:7e:8c:db:6b:dd:36:
                    9e:0f:bf:d1:ec:78:f2:77:a6:7e:6f:3c:bf:93:af:
                    0d:ba:68:f4:6c:94:ca:bd:52:2d:ab:48:3d:f5:b6:
                    d5:5d:5f:1b:02:9f:fa:2f:6b:1e:a4:f7:a3:9a:a6:
                    1a:c8:02:e1:7f:4c:52:e3:0e:60:ec:40:1c:7e:b9:
                    0d:de:3f:c7:b4:df:87:bd:5f:7a:6a:31:2e:03:99:
                    81:13:a8:47:20:ce:31:73:0d:57:2d:cd:78:34:33:
                    95:12:99:12:b9:de:68:2f:aa:e6:e3:c2:8a:8c:2a:
                    c3:8b:21:87:66:bd:83:58:57:6f:75:bf:3c:aa:26:
                    87:5d:ca:10:15:3c:9f:84:ea:54:c1:0a:6e:c4:fe:
                    c5:4a:dd:b9:07:11:97:22:7c:db:3e:27:d1:1e:78:
                    ec:9f:31:c9:f1:e6:22:19:db:c4:b3:47:43:9a:1a:
                    5f:a0:1e:90:e4:5e:f5:ee:7c:f1:7d:ab:62:01:8f:
                    f5:4d:0b:de:d0:22:56:a8:95:cd:ae:88:76:ae:ee:
                    ba:0d:f3:e4:4d:d9:a0:fb:68:a0:ae:14:3b:b3:87:
                    c1:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Authority Information Access: 
                OCSP - URI:http://ocsp.verisign.com

            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.verisign.com/ThawteTimestampingCA.crl

            X509v3 Extended Key Usage: 
                Time Stamping
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Alternative Name: 
                DirName:/CN=TSA2048-1-53
    Signature Algorithm: sha1WithRSAEncryption
         4a:6b:f9:ea:58:c2:44:1c:31:89:79:99:2b:96:bf:82:ac:01:
         d6:1c:4c:cd:b0:8a:58:6e:df:08:29:a3:5e:c8:ca:93:13:e7:
         04:52:0d:ef:47:27:2f:00:38:b0:e4:c9:93:4e:9a:d4:22:62:
         15:f7:3f:37:21:4f:70:31:80:f1:8b:38:87:b3:e8:e8:97:00:
         fe:cf:55:96:4e:24:d2:a9:27:4e:7a:ae:b7:61:41:f3:2a:ce:
         e7:c9:d9:5e:dd:bb:2b:85:3e:b5:9d:b5:d9:e1:57:ff:be:b4:
         c5:7e:f5:cf:0c:9e:f0:97:fe:2b:d3:3b:52:1b:1b:38:27:f7:
         3f:4a

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:12:e6:32:c7:b1:8a:02:9a:3a:1f:ac:80:3a:b8:9f
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009-2 CA
        Validity
            Not Before: Mar  4 00:00:00 2010 GMT
            Not After : Apr 18 23:59:59 2013 GMT
        Subject: C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (1024 bit)
                Modulus:
                    00:b2:a3:01:89:b8:8f:f5:51:c8:0b:9a:a9:ea:f6:
                    aa:91:f5:ea:ae:b9:a7:15:9b:73:2e:18:45:25:17:
                    1f:95:65:60:3e:02:c4:93:63:a3:65:b8:e7:96:c1:
                    1d:0a:2d:6b:ed:7b:c6:e9:92:a0:e7:af:e6:69:8b:
                    da:97:a4:2b:92:15:3e:69:eb:d2:82:b3:68:7b:b4:
                    26:6d:44:8d:95:cc:2d:5c:5d:2a:82:61:db:ee:a0:
                    33:e9:8f:ff:db:bc:9a:00:5a:c7:34:e0:9a:79:b1:
                    34:81:e3:89:95:fd:be:67:4a:9f:61:d6:e6:fe:1a:
                    a2:f5:e9:f6:00:97:ab:31:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl

            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.113733.1.7.23.3
                  CPS: https://www.verisign.com/rpa

            X509v3 Extended Key Usage: 
                Code Signing
            Authority Information Access: 
                OCSP - URI:http://ocsp.verisign.com
                CA Issuers - URI:http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer

            X509v3 Authority Key Identifier: 
                keyid:97:D0:6B:A8:26:70:C8:A1:3F:94:1F:08:2D:C4:35:9B:A4:A1:1E:F2

            Netscape Cert Type: 
                Object Signing
            1.3.6.1.4.1.311.2.1.27: 
                0.......
    Signature Algorithm: sha1WithRSAEncryption
         69:9b:1e:86:26:5a:98:79:a8:22:a8:a6:69:9a:8c:10:44:59:
         51:bf:2b:4f:57:3e:73:a1:d6:1d:4c:b8:27:9a:80:69:fc:69:
         f0:09:28:09:08:b4:91:82:f4:70:1c:79:28:c3:c2:b6:d5:86:
         36:5f:50:27:8e:f3:5f:08:b6:cd:f8:20:8a:12:e1:ac:53:1e:
         f3:54:a0:cc:d6:e3:e3:f2:f4:6c:b6:24:ad:8e:38:a4:01:43:
         79:39:50:d6:c4:da:6a:9a:eb:34:20:d1:6f:7e:db:f1:e9:39:
         44:64:e6:4d:d6:8c:3a:22:7d:c7:e3:92:17:e3:53:9b:63:0a:
         b8:2a:9f:fe:d2:52:b8:a8:9d:32:c2:d3:73:e5:3b:bf:c4:d7:
         11:0f:58:a7:a8:fb:88:fd:b9:d9:18:25:1a:d2:a6:e1:31:57:
         25:00:75:97:a4:49:2e:e3:9b:51:3e:0d:de:05:fe:42:1f:e4:
         ef:18:cf:7b:86:f5:16:5a:e7:1a:6f:e4:09:48:f0:fa:39:e3:
         a9:d6:81:be:27:6f:20:29:5d:21:32:e5:30:43:f5:db:8a:1e:
         d0:2e:bb:f7:f3:2b:57:4e:95:cb:60:7a:af:ac:1b:a4:1c:77:
         15:1a:de:19:84:53:2d:f7:ac:19:0f:b5:7e:17:f7:30:a1:97:
         05:0c:0e:32

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
        Validity
            Not Before: May 21 00:00:00 2009 GMT
            Not After : May 20 23:59:59 2019 GMT
        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009-2 CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:67:1d:b4:60:aa:10:49:6f:56:17:7c:66:c9:
                    5e:86:0d:d5:f1:ac:a7:71:83:8e:8b:89:f8:88:04:
                    89:15:06:ba:2d:84:21:95:e4:d1:9c:50:4c:fb:d2:
                    22:bd:da:f2:b2:35:3b:1e:8f:c3:09:fb:fc:13:2e:
                    5a:bf:89:7c:3d:3b:25:1e:f6:f3:58:7b:9c:f4:01:
                    b5:c6:0a:b8:80:ce:be:27:74:61:67:27:4d:6a:e5:
                    ec:81:61:58:79:a3:e0:17:10:12:15:27:b0:e1:4d:
                    34:7f:2b:47:20:44:b9:de:66:24:66:8a:cd:4f:ba:
                    1f:c5:38:c8:54:90:e1:72:f6:19:66:75:6a:b9:49:
                    68:cf:38:79:0d:aa:30:a8:db:2c:60:48:9e:d7:aa:
                    14:01:a9:83:d7:38:91:30:39:13:96:03:3a:7c:40:
                    54:b6:ad:e0:2f:1b:83:dc:a8:11:52:3e:02:b3:d7:
                    2b:fd:21:b6:a7:5c:a3:0f:0b:a9:a6:10:50:0e:34:
                    2e:4d:a7:ce:c9:5e:25:d4:8c:bc:f3:6e:7c:29:bc:
                    01:5d:fc:31:87:5a:d5:8c:85:67:58:88:19:a0:bf:
                    35:f0:ea:2b:a3:21:e7:90:f6:83:e5:a8:ed:60:78:
                    5e:7b:60:83:fd:57:0b:5d:41:0d:63:54:60:d6:43:
                    21:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.113733.1.7.23.3
                  CPS: https://www.verisign.com/cps
                  User Notice:
                    Explicit Text: https://www.verisign.com/rpa

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            1.3.6.1.5.5.7.1.12: 
                0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication, Code Signing
            Authority Information Access: 
                OCSP - URI:http://ocsp.verisign.com

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.verisign.com/pca3.crl

            X509v3 Subject Alternative Name: 
                DirName:/CN=Class3CA2048-1-55
            X509v3 Subject Key Identifier: 
                97:D0:6B:A8:26:70:C8:A1:3F:94:1F:08:2D:C4:35:9B:A4:A1:1E:F2
    Signature Algorithm: sha1WithRSAEncryption
         8b:03:c0:dd:94:d8:41:a2:61:69:b0:15:a8:78:c7:30:c6:90:
         3c:7e:42:f7:24:b6:e4:83:73:17:04:7f:04:10:9c:a1:e2:fa:
         81:2f:eb:c0:ca:44:e7:72:e0:50:b6:55:10:20:83:6e:96:92:
         e4:9a:51:6a:b4:37:31:dc:a5:2d:eb:8c:00:c7:1d:4f:e7:4d:
         32:ba:85:f8:4e:be:fa:67:55:65:f0:6a:be:7a:ca:64:38:1a:
         10:10:78:45:76:31:f3:86:7a:03:0f:60:c2:b3:5d:9d:f6:8b:
         66:76:82:1b:59:e1:83:e5:bd:49:a5:38:56:e5:de:41:77:0e:
         58:0f

pkcs7-signedData

SHA1: nil

1.3.6.1.4.1.311.2.1.4

1.3.6.1.4.1.311.2.1.15

00 3c 00 3c 00 3c 00 4f  00 62 00 73 00 6f 00 6c  |.<.<.<.O.b.s.o.l|
00 65 00 74 00 65 00 3e  00 3e 00 3e              |.e.t.e.>.>.>    |

SHA1

61 2d 09 3b f1 2d 27 cc 93 ca 0a 74 b1 a2 4f 8d |a-.;.-'....t..O.| 36 6f 56 1f |6oV. |

Certificates
- Certificate #0
  - 2
    - 79:A2:A5:85:F9:D1:15:42:13:D9:B8:3E:F6:B6:8D:ED
    - RSA-SHA1: nil
    - Issuer
      - C: US
      - O: VeriSign, Inc.
      - CN: VeriSign Time Stamping Services CA
    - 2012-05-01 00:00:00 UTC: 2012-12-31 23:59:59 UTC
    - Subject
      - C: US
      - O: Symantec Corporation
      - CN: Symantec Time Stamping Services Signer - G3
    - #5
      - rsaEncryption: nil
      - A9:59:66:74:DA:3D:8A:7D:7A:D8:FC:F5:80:44:7B:FE:
        47:6A:14:55:4E:50:47:0B:EC:D3:ED:CE:F6:38:F7:4F:
        69:B9:B1:F0:B6:78:82:0A:8C:76:16:67:E2:02:AD:B7:
        0D:A5:8A:F6:03:FC:66:D3:FC:08:2D:CC:B5:73:59:7B:
        89:DC:33:6E:66:5A:5E:52:37:B4:62:D1:92:59:35:14:
        8B:45:AC:59:B2:4D:24:A2:98:94:68:42:72:9F:3A:68:
        E2:6B:8B:9E:22:2D:F4:98:4E:9A:C6:AF:B3:E4:A0:AB:
        3C:28:BF:23:E1:D7:72:A4:F2:10:53:67:AE:77:AF:51: 0x010001
    - X509v3 extensions
      - basicConstraints
        true
        nil
      - crlDistributionPoints: http://crl.verisign.com/tss-ca.crl
      - extendedKeyUsage: true, timeStamping
      - authorityInfoAccess
        OCSP: http://ocsp.verisign.com
      - keyUsage: true, 0x80
      - subjectAltName
        CN: TSA1-3
      - subjectKeyIdentifier:
        b4 b7 f1 89 49 26 60 e7 65 ea 73 ae dc d3 38 cd |....I&`.e.s...8.| bf 57 92 6f |.W.o |
  - RSA-SHA1:
```
1e 98 aa 27 b7 78 b5 08  b5 c9 72 6d b7 df c0 0e  |...'.x....rm....|
98 a6 35 c4 88 c9 d2 f6  6d f1 4b 1a fb d5 f9 2d  |..5.....m.K....-|
99 00 9e d1 e7 9b 8b e1  3f bd 39 80 0c 66 cd 07  |........?.9..f..|
bc 5c 98 54 a6 94 ba 10  d1 4e 8b ab f5 6f 65 cc  |.\.T.....N...oe.|
67 09 a2 80 7c 52 e8 0e  03 d6 6b 7a c6 05 18 ec  |g...|R....kz....|
c8 ac 42 7c 07 2c a7 3d  08 66 dc 00 ed fd 94 1d  |..B|.,.=.f......|
73 f2 72 98 93 b1 11 d6  8f ef 8e ea ac f4 96 51  |s.r............Q|
0c d0 8d df 31 52 4f 5e  af 7d a7 4a 75 e6 4e ce  |....1RO^.}.Ju.N.|
2b 9f 29 2b e7 cf 5d 9f  03 7e 6e 27 7b 23 ad 62  |+.)+..]..~n'{#.b|
29 66 af 92 e8 2c ce bd  9c 7f dc cd 17 3c 43 c2  |)f...,.......
```
- Certificate #1
  - 2
    - 47:BF:19:95:DF:8D:52:46:43:F7:DB:6D:48:0D:31:A4
    - RSA-SHA1: nil
    - Issuer
      - C: ZA
      - ST: Western Cape
      - L: Durbanville
      - O: Thawte
      - OU: Thawte Certification
      - CN: Thawte Timestamping CA
    - 2003-12-04 00:00:00 UTC: 2013-12-03 23:59:59 UTC
    - Subject
      - C: US
      - O: VeriSign, Inc.
      - CN: VeriSign Time Stamping Services CA
    - #5
      - rsaEncryption: nil
      - A9:CA:B2:A4:CC:CD:20:AF:0A:7D:89:AC:87:75:F0:B4:
        4E:F1:DF:C1:0F:BF:67:61:BD:A3:64:1C:DA:BB:F9:CA:
        33:AB:84:30:89:58:7E:8C:DB:6B:DD:36:9E:0F:BF:D1:
        EC:78:F2:77:A6:7E:6F:3C:BF:93:AF:0D:BA:68:F4:6C:
        94:CA:BD:52:2D:AB:48:3D:F5:B6:D5:5D:5F:1B:02:9F:
        FA:2F:6B:1E:A4:F7:A3:9A:A6:1A:C8:02:E1:7F:4C:52:
        E3:0E:60:EC:40:1C:7E:B9:0D:DE:3F:C7:B4:DF:87:BD:
        5F:7A:6A:31:2E:03:99:81:13:A8:47:20:CE:31:73:0D:
        57:2D:CD:78:34:33:95:12:99:12:B9:DE:68:2F:AA:E6:
        E3:C2:8A:8C:2A:C3:8B:21:87:66:BD:83:58:57:6F:75:
        BF:3C:AA:26:87:5D:CA:10:15:3C:9F:84:EA:54:C1:0A:
        6E:C4:FE:C5:4A:DD:B9:07:11:97:22:7C:DB:3E:27:D1:
        1E:78:EC:9F:31:C9:F1:E6:22:19:DB:C4:B3:47:43:9A:
        1A:5F:A0:1E:90:E4:5E:F5:EE:7C:F1:7D:AB:62:01:8F:
        F5:4D:0B:DE:D0:22:56:A8:95:CD:AE:88:76:AE:EE:BA:
        0D:F3:E4:4D:D9:A0:FB:68:A0:AE:14:3B:B3:87:C1:BB: 0x010001
    - X509v3 extensions
      - authorityInfoAccess
        OCSP: http://ocsp.verisign.com
      - basicConstraints
        true
        true: 0
      - crlDistributionPoints: http://crl.verisign.com/ThawteTimestampingCA.crl
      - extendedKeyUsage: timeStamping
      - keyUsage: true, 6
      - subjectAltName
        CN: TSA2048-1-53
  - RSA-SHA1:
```
4a 6b f9 ea 58 c2 44 1c  31 89 79 99 2b 96 bf 82  |Jk..X.D.1.y.+...|
ac 01 d6 1c 4c cd b0 8a  58 6e df 08 29 a3 5e c8  |....L...Xn..).^.|
ca 93 13 e7 04 52 0d ef  47 27 2f 00 38 b0 e4 c9  |.....R..G'/.8...|
93 4e 9a d4 22 62 15 f7  3f 37 21 4f 70 31 80 f1  |.N.."b..?7!Op1..|
8b 38 87 b3 e8 e8 97 00  fe cf 55 96 4e 24 d2 a9  |.8........U.N$..|
27 4e 7a ae b7 61 41 f3  2a ce e7 c9 d9 5e dd bb  |'Nz..aA.*....^..|
2b 85 3e b5 9d b5 d9 e1  57 ff be b4 c5 7e f5 cf  |+.>.....W....~..|
0c 9e f0 97 fe 2b d3 3b  52 1b 1b 38 27 f7 3f 4a  |.....+.;R..8'.?J|
```
- Certificate #2
  - 2
    - 41:12:E6:32:C7:B1:8A:02:9A:3A:1F:AC:80:3A:B8:9F
    - RSA-SHA1: nil
    - Issuer
      - C: US
      - O: VeriSign, Inc.
      - OU: VeriSign Trust Network
      - OU: Terms of use at https://www.verisign.com/rpa (c)09
      - CN: VeriSign Class 3 Code Signing 2009-2 CA
    - 2010-03-04 00:00:00 UTC: 2013-04-18 23:59:59 UTC
    - Subject
      - C: US
      - ST: Texas
      - L: Austin
      - O: Sysinternals
      - OU: Digital ID Class 3 - Microsoft Software Validation v2
      - OU: Headquarters
      - CN: Sysinternals
    - #5
      - rsaEncryption: nil
      - B2:A3:01:89:B8:8F:F5:51:C8:0B:9A:A9:EA:F6:AA:91:
        F5:EA:AE:B9:A7:15:9B:73:2E:18:45:25:17:1F:95:65:
        60:3E:02:C4:93:63:A3:65:B8:E7:96:C1:1D:0A:2D:6B:
        ED:7B:C6:E9:92:A0:E7:AF:E6:69:8B:DA:97:A4:2B:92:
        15:3E:69:EB:D2:82:B3:68:7B:B4:26:6D:44:8D:95:CC:
        2D:5C:5D:2A:82:61:DB:EE:A0:33:E9:8F:FF:DB:BC:9A:
        00:5A:C7:34:E0:9A:79:B1:34:81:E3:89:95:FD:BE:67:
        4A:9F:61:D6:E6:FE:1A:A2:F5:E9:F6:00:97:AB:31:C5: 0x010001
    - X509v3 extensions
      - basicConstraints
        nil
      - keyUsage: true, 0x80
      - crlDistributionPoints: http://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl
      - certificatePolicies
        2.16.840.1.113733.1.7.23.3
        id-qt-cps: https://www.verisign.com/rpa
      - extendedKeyUsage: codeSigning
      - authorityInfoAccess
        #0
        OCSP: http://ocsp.verisign.com
        caIssuers: http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer
      - authorityKeyIdentifier:
        97 d0 6b a8 26 70 c8 a1 3f 94 1f 08 2d c4 35 9b |..k.&p..?...-.5.| a4 a1 1e f2 |.... |
      - nsCertType: 0x10
      - 1.3.6.1.4.1.311.2.1.27
        false: true
  - RSA-SHA1:
```
69 9b 1e 86 26 5a 98 79  a8 22 a8 a6 69 9a 8c 10  |i...&Z.y."..i...|
44 59 51 bf 2b 4f 57 3e  73 a1 d6 1d 4c b8 27 9a  |DYQ.+OW>s...L.'.|
80 69 fc 69 f0 09 28 09  08 b4 91 82 f4 70 1c 79  |.i.i..(......p.y|
28 c3 c2 b6 d5 86 36 5f  50 27 8e f3 5f 08 b6 cd  |(.....6_P'.._...|
f8 20 8a 12 e1 ac 53 1e  f3 54 a0 cc d6 e3 e3 f2  |. ....S..T......|
f4 6c b6 24 ad 8e 38 a4  01 43 79 39 50 d6 c4 da  |.l.$..8..Cy9P...|
6a 9a eb 34 20 d1 6f 7e  db f1 e9 39 44 64 e6 4d  |j..4 .o~...9Dd.M|
d6 8c 3a 22 7d c7 e3 92  17 e3 53 9b 63 0a b8 2a  |..:"}.....S.c..*|
9f fe d2 52 b8 a8 9d 32  c2 d3 73 e5 3b bf c4 d7  |...R...2..s.;...|
11 0f 58 a7 a8 fb 88 fd  b9 d9 18 25 1a d2 a6 e1  |..X........%....|
31 57 25 00 75 97 a4 49  2e e3 9b 51 3e 0d de 05  |1W%.u..I...Q>...|
fe 42 1f e4 ef 18 cf 7b  86 f5 16 5a e7 1a 6f e4  |.B.....{...Z..o.|
09 48 f0 fa 39 e3 a9 d6  81 be 27 6f 20 29 5d 21  |.H..9.....'o )]!|
32 e5 30 43 f5 db 8a 1e  d0 2e bb f7 f3 2b 57 4e  |2.0C.........+WN|
95 cb 60 7a af ac 1b a4  1c 77 15 1a de 19 84 53  |..`z.....w.....S|
2d f7 ac 19 0f b5 7e 17  f7 30 a1 97 05 0c 0e 32  |-.....~..0.....2|
```
- Certificate #3
  - 2
    - 65:52:26:E1:B2:2E:18:E1:59:0F:29:85:AC:22:E7:5C
    - RSA-SHA1: nil
    - Issuer
      - C: US
      - O: VeriSign, Inc.
      - OU: Class 3 Public Primary Certification Authority
    - 2009-05-21 00:00:00 UTC: 2019-05-20 23:59:59 UTC
    - Subject
      - C: US
      - O: VeriSign, Inc.
      - OU: VeriSign Trust Network
      - OU: Terms of use at https://www.verisign.com/rpa (c)09
      - CN: VeriSign Class 3 Code Signing 2009-2 CA
    - #5
      - rsaEncryption: nil
      - BE:67:1D:B4:60:AA:10:49:6F:56:17:7C:66:C9:5E:86:
        0D:D5:F1:AC:A7:71:83:8E:8B:89:F8:88:04:89:15:06:
        BA:2D:84:21:95:E4:D1:9C:50:4C:FB:D2:22:BD:DA:F2:
        B2:35:3B:1E:8F:C3:09:FB:FC:13:2E:5A:BF:89:7C:3D:
        3B:25:1E:F6:F3:58:7B:9C:F4:01:B5:C6:0A:B8:80:CE:
        BE:27:74:61:67:27:4D:6A:E5:EC:81:61:58:79:A3:E0:
        17:10:12:15:27:B0:E1:4D:34:7F:2B:47:20:44:B9:DE:
        66:24:66:8A:CD:4F:BA:1F:C5:38:C8:54:90:E1:72:F6:
        19:66:75:6A:B9:49:68:CF:38:79:0D:AA:30:A8:DB:2C:
        60:48:9E:D7:AA:14:01:A9:83:D7:38:91:30:39:13:96:
        03:3A:7C:40:54:B6:AD:E0:2F:1B:83:DC:A8:11:52:3E:
        02:B3:D7:2B:FD:21:B6:A7:5C:A3:0F:0B:A9:A6:10:50:
        0E:34:2E:4D:A7:CE:C9:5E:25:D4:8C:BC:F3:6E:7C:29:
        BC:01:5D:FC:31:87:5A:D5:8C:85:67:58:88:19:A0:BF:
        35:F0:EA:2B:A3:21:E7:90:F6:83:E5:A8:ED:60:78:5E:
        7B:60:83:FD:57:0B:5D:41:0D:63:54:60:D6:43:21:EF: 0x010001
    - X509v3 extensions
      - basicConstraints
        true
        true: 0
      - certificatePolicies
        2.16.840.1.113733.1.7.23.3
        #0
        id-qt-cps: https://www.verisign.com/cps
        id-qt-unotice: https://www.verisign.com/rpa
      - keyUsage: true, 6
      - 1.3.6.1.5.5.7.1.12
        image/gif
        SHA1:
        8f e5 d3 1a 86 ac 8d 8e 6b c3 cf 80 6a d4 48 18 |........k...j.H.| 2c 7b 19 2e |,{.. |
        http://logo.verisign.com/vslogo.gif
      - extendedKeyUsage
        clientAuth: codeSigning
      - authorityInfoAccess
        OCSP: http://ocsp.verisign.com
      - crlDistributionPoints: http://crl.verisign.com/pca3.crl
      - subjectAltName
        CN: Class3CA2048-1-55
      - subjectKeyIdentifier:
        97 d0 6b a8 26 70 c8 a1 3f 94 1f 08 2d c4 35 9b |..k.&p..?...-.5.| a4 a1 1e f2 |.... |
  - RSA-SHA1:
```
8b 03 c0 dd 94 d8 41 a2  61 69 b0 15 a8 78 c7 30  |......A.ai...x.0|
c6 90 3c 7e 42 f7 24 b6  e4 83 73 17 04 7f 04 10  |..<~B.$...s.....|
9c a1 e2 fa 81 2f eb c0  ca 44 e7 72 e0 50 b6 55  |...../...D.r.P.U|
10 20 83 6e 96 92 e4 9a  51 6a b4 37 31 dc a5 2d  |. .n....Qj.71..-|
eb 8c 00 c7 1d 4f e7 4d  32 ba 85 f8 4e be fa 67  |.....O.M2...N..g|
55 65 f0 6a be 7a ca 64  38 1a 10 10 78 45 76 31  |Ue.j.z.d8...xEv1|
f3 86 7a 03 0f 60 c2 b3  5d 9d f6 8b 66 76 82 1b  |..z..`..]...fv..|
59 e1 83 e5 bd 49 a5 38  56 e5 de 41 77 0e 58 0f  |Y....I.8V..Aw.X.|
```

Signer

1
unnamed
- #0
  - C: US
  - O: VeriSign, Inc.
  - OU: VeriSign Trust Network
  - OU: Terms of use at https://www.verisign.com/rpa (c)09
  - CN: VeriSign Class 3 Code Signing 2009-2 CA
- 41:12:E6:32:C7:B1:8A:02:9A:3A:1F:AC:80:3A:B8:9F
SHA1: nil

1.3.6.1.4.1.311.2.1.12
- nil
contentType: 1.3.6.1.4.1.311.2.1.4
1.3.6.1.4.1.311.2.1.11: msCodeInd

messageDigest:

33 24 b0 1f d2 c7 06 e5  0e e8 18 ce 79 9a 36 69  |3$..........y.6i|
68 89 ba 4c                                       |h..L            |

rsaEncryption:

88 cb fd 43 82 fd db fe  58 b6 ce 1b 8e 92 10 b8  |...C....X.......|
ce a5 fd 33 2e d5 11 29  f4 f8 08 c0 e7 34 8c 3e  |...3...).....4.>|
7f 4c f2 d2 cd 3c 42 44  1f 40 14 08 72 aa 2c 33  |.L...countersignature1unnamed#0C: US
O: VeriSign, Inc.
CN: VeriSign Time Stamping Services CA
79:A2:A5:85:F9:D1:15:42:13:D9:B8:3E:F6:B6:8D:ED
SHA1: nil
#2contentType: pkcs7-data
signingTime: 2012-06-17 15:20:48 UTC
messageDigest: 61 85 a1 44 aa 83 fa 6c  36 ad 54 0d c9 76 3e be  |a..D...l6.T..v>.|
1c 4d 68 21                                       |.Mh!            |
rsaEncryption: 85 2a f6 70 bd e9 87 36  9f ba eb 40 ee 49 90 f6  |.*.p...6...@.I..|
87 07 b9 53 cf 89 c5 1f  f7 f2 76 41 27 f3 ba ee  |...S......vA'...|
c4 a7 6f 1a 71 5d 17 66  81 bd c2 85 c1 ec a3 36  |..o.q].f.......6|
2d b2 93 2d 85 50 4b 78  07 c3 2f 91 94 7d 76 41  |-..-.PKx../..}vA|
91 c0 ac b8 f8 a4 05 fc  19 69 a8 94 a3 5f 93 a3  |.........i..._..|
c5 dc b3 25 67 75 aa 6b  66 ca 5f 15 e1 12 14 8b  |...%gu.kf._.....|
27 f7 72 72 dc e1 ad da  7b f1 34 9c b0 b1 43 91  |'.rr....{.4...C.|
f3 f0 22 99 43 37 ed 3c  ce 4a 5f 70 43 73 06 72  |..".C7.<.J_pCs.r|