KernelDumpDecrypt.exe

  • File Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\arm64\KernelDumpDecrypt.exe
  • Description: Windows Kernel Dump File Decryptor

Hashes

Type Hash
MD5 C8A3B58BAD61DDC4515766A1E0C5BCAD
SHA1 972EA895BF8C1A8676033FC8671E261B2C4A1DB6
SHA256 8F700AAFC0571ABF32B1B60A2477EAF9101246352AD526B7353B1920B49C8D3C
SHA384 4615E019137E46E25600308299741223198E1AE355134F25B01CD9EFF5D3A093E87AEDA9786942447A33A2391C2C456C
SHA512 ABBD90D8FBC0675085F9284D4F82B821E5AC7A03E86DBF177DD27C8FC1A2BEB964608BC570B1854B35531ACC91537523269DD92DEB21B87E72706DFE657FE735
SSDEEP 384:4F8s5X4khUry/kWtnv32aQXmom2f0cte91YrNmjSWoXW59JlvCz8rgQ:aYy/jn+aQXmuzAiricqrgQ
IMP 5CB5F28410D9C191B1BB6D8B343687CB
PESHA1 9E581455C830876A81A62AB64CB30664C3540339
PE256 0795CBD744826323532CAE428212735C0A95ECBCCB7D12B4E19DA9196FF61E15

Signature

  • Status: Signature verified.
  • Serial: 33000002B7E8E007A82AEF13150000000002B7
  • Thumbprint: 5A68625F1A516670A744F7EF919500A479D32A5B
  • Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows Kits Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: KernelDumpDecrypt.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit ARM

File Scan

  • VirusTotal Detections: Unknown

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\x64\api-ms-win-core-file-l1-1-0.dll 30
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\x64\api-ms-win-crt-conio-l1-1-0.dll 30
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\x64\api-ms-win-crt-runtime-l1-1-0.dll 32
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\x86\api-ms-win-core-string-l1-1-0.dll 32
C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\api-ms-win-core-console-l1-1-0.dll 35
C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\api-ms-win-core-file-l2-1-0.dll 32
C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\api-ms-win-core-processthreads-l1-1-1.dll 35
C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\api-ms-win-crt-multibyte-l1-1-0.dll 33
C:\Windows\system32\downlevel\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll 29
C:\Windows\system32\downlevel\api-ms-win-core-kernel32-legacy-l1-1-0.dll 30
C:\Windows\system32\downlevel\api-ms-win-core-namedpipe-l1-1-0.dll 32
C:\Windows\system32\downlevel\api-ms-win-eventing-consumer-l1-1-0.dll 30
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Provider-L1-1-0.dll 29
C:\Windows\system32\downlevel\API-MS-Win-security-provider-L1-1-0.dll 29
C:\Windows\SysWOW64\downlevel\api-ms-win-core-wow64-l1-1-0.dll 32

MIT License. Copyright (c) 2020-2021 Strontic.