65458077-861e-4423-b446-2a9c7afe44b5

tdevflt.sys :inline

Description

This ABYSSWORKER-related malicious kernel driver presents as Palo Alto Networks tdevflt.sys / Cortex XDR PnP Device Filter Driver. Public DragonForce reporting lists the sample in a BYOVD tradecraft set alongside known vulnerable process-killer drivers.

  • UUID: 65458077-861e-4423-b446-2a9c7afe44b5
  • Created: 2026-06-16
  • Author: Michael Haag
  • Acknowledgement: Symantec Threat Hunter Team |

Download

This download link contains the malicious driver!

Block tdevflt.sys across your endpoints

Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.

Start Blocking for Free

Commands

sc.exe create tdevflt binPath=C:\windows\temp\tdevflt.sys type=kernel && sc.exe start tdevflt
Use CasePrivilegesOperating System
Malicious kernel driver used with BYOVD-style defense evasion tradecraft.kernelWindows 10, Windows 11

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://www.security.com/threat-intelligence/dragonforce-msteams-backdoor
  • https://www.elastic.co/security-labs/abyssworker

    • Known Vulnerable Samples

    PropertyValue
    Filenametdevflt.sys
    Creation Timestamp2025-03-19 06:37:44
    MD50aaae94aeed94870f755487e8ec17259
    SHA1a86c445b9d233b6316a66842c5224265feda8ba7
    SHA2568284c8676cc22c4b2e66826ac16986da7ddecba1f2776b16771be17bfdc45dc2
    Authentihash MD550e90bfdf8fa6faf9053edaf307feb9e
    Authentihash SHA131137aa5b90d11eb8f3f1b043af4d24ed22ccd37
    Authentihash SHA256fd69888d8a21fe3a7a4a7b099734fe254e8bf8f6d77c5b7b28788138b6c6a396
    RichPEHeaderHash MD5
    RichPEHeaderHash SHA1
    RichPEHeaderHash SHA256
    CompanyPalo Alto Networks, Inc.
    DescriptionCortex XDR PnP Device Filter Driver
    ProductCortex XDR™ Advanced Endpoint Protection
    OriginalFilenametdevflt.sys

    Download

    Certificates

    Expand
    Certificate 47974d7873a5bcab0d2fb370192fce5e
    FieldValue
    ToBeSigned (TBS) MD5e3a93dc2a8a8a668fdbb286bfe9afab5
    ToBeSigned (TBS) SHA195795d2aa2a554a423bc8c6e5b0a016d14887d35
    ToBeSigned (TBS) SHA256d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
    SubjectC=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47974d7873a5bcab0d2fb370192fce5e
    Version3
    Certificate 552b41be12d940437df45d488738cc51
    FieldValue
    ToBeSigned (TBS) MD54ce1a301e4985597b995c5002818c656
    ToBeSigned (TBS) SHA1d3d7fb983b43941fe8bc220886a864fb0fd7eae6
    ToBeSigned (TBS) SHA256cc9e447627151329ab572064941a0750855200766f81ae14e0d3a63d5e64a3d7
    SubjectC=CN, ST=上海市, L=上海市, O=Shanghai easy kradar Information Consulting Co. Ltd., CN=Shanghai easy kradar Information Consulting Co. Ltd.
    ValidFrom2015-01-29 00:00:00
    ValidTo2016-01-29 23:59:59
    Signaturea99dc1d328480bf243aac22c545525fc6bd5f8b0b561520a0f384aac04c6e7c061eab088efd29299951dbb0d20c1666e103371b2613cfe488d9fa27be465525afebf55cafa5ea88f0520a75e3619b0dcb103b1428c448e7e0b1a8814d144d772f28eb61124753feb5c28f6002f128f7b11ee7b995f4df759f56a5f11edf76ba5f31af7a4277b0b32be2828d664c254ff73ab2484ed35960e5c8cfc3f340001a318f17b8feb1d564b502e1982e97adba80cb5aa5d218f3a730ddc272d339f92f2b23d471c3d3cf2a30ac537c156a6bbac2cc66c427a71d417d850357f530529420f417a2ec40cad86ba6e7b295c0db0c7234b558b58fe54d95cefe4ae8abb6c7a
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber552b41be12d940437df45d488738cc51
    Version3
    Certificate 611fb0a400000000001d
    FieldValue
    ToBeSigned (TBS) MD5a3f222107d4e1085e73b5b589c2f480b
    ToBeSigned (TBS) SHA1b94aa26cd77c48d91a53ac44506cbd255e1d362c
    ToBeSigned (TBS) SHA256a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
    SubjectC=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
    ValidFrom2011-02-22 19:31:57
    ValidTo2021-02-22 19:41:57
    Signature2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611fb0a400000000001d
    Version3
    Certificate 1eb132d57e7968960df26e854eb0dda6
    FieldValue
    ToBeSigned (TBS) MD55ab6e3eff526144c0498d28f2e8744cc
    ToBeSigned (TBS) SHA17ab94f2c92d6886a876615876fb3c7d996cc0ea3
    ToBeSigned (TBS) SHA256ff83ab76196af2d3172c0be1ab23720770de769bed8daf815a059ca46df241af
    SubjectC=CN, O=JemmyLoveJenny PKI Service, OU=timestamp.pki.jemmylovejenny.tk, CN=Fake TimeStamp Responder
    ValidFrom2000-01-01 00:00:00
    ValidTo2099-12-31 23:59:59
    Signature21ce1a74cffdc5be464c890b9ae11fe6f037b1145a8a3be179136f33eb4e74650c0d22055a26096e231fdc9be25bcfbe8d8d590d84d2443e19d0d8bb163e7d492162ba8f1ee020445d0338d6cf96bc7543da921f04874ae92a524585895d0f358b045c941ab49b34f287579f7d7aaa70122b519c8bb604c7f072ea20fb5e1b1c2c048f4c7e42dc6ee7caab6de80627c32632d0ea2756277ca3c98c2fa58a9d07364017c29844e99cac28cefc4d4bca807da970d2bdf548cec8844b5f72541940835e827c447773ed5b4e8114c2cf04d39bc2f2dc8c2ba8a6e67687e76b7805971e8b87096474fcac24da030e8d591f9edae5644199a235280d05761143af1292
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber1eb132d57e7968960df26e854eb0dda6
    Version3
    Certificate 1eb132d57e796896
    FieldValue
    ToBeSigned (TBS) MD5953110dc4528bb8653d24128ec59f13b
    ToBeSigned (TBS) SHA13a111b3ec6c092f7181132509479ba73bc3c828f
    ToBeSigned (TBS) SHA2563434a95dfbfdb4b2cdff9d76632bcfc1d8c9a2b805596ed3f8af1c97f61643b1
    SubjectC=CN, O=JemmyLoveJenny PKI Service, OU=pki.jemmylovejenny.tk, CN=JemmyLoveJenny SHA1 TimeStamping Services CA
    ValidFrom2000-01-01 00:00:00
    ValidTo2099-12-31 23:59:59
    Signature7a25039f8882f1960adb0b6781366e4e15e38a1b13b332e864e5b39e93128f9400648246af7f78526380ebc32a670c0d7184c0172442e5bdbb7873dac548349bbb5681f1f0b2e5fb7230153f95caaa5d7aeeb64cdc6f4cb9505f4b62b2e61f7b8856c43e91be32fc9918cd4ace9060388c8ef39c745adb7cbe0943353ae6c7e8f9e3a9a26da5fab1e43d7fafc02fa8433e1d9a3f3981c78f70c040e03c74258d5abca8231e3bff819e85f52d422dd507879f4e922b52f4ea358e887d8d3deb4bc81d5b3c42ae13aac56364c929da045225104ed04f3a041c9677cc731acbc153746b1f5e968cb468f52ab576515f967ce0159331e1ac575f27f4faf159ec70c3825d7366eb08f579909cab42adf8fe71c14f71d19326dad89dcd763ed3c4aad601c34aa8fa5ea6f16843d15692198c1c79f92c1d1feadeecae329206d02133c625875839baa3265b8e635a43c192755dfd260f0ffe7f2e320be8713639c0204fde54d92c59cb12c253b837e7fcbb3f1a47d7a1066a9568e1b5d9ddf1dc69da4bb6e5965dc72f35c5e8d78eca195cd7b18e41a12bb4eb4de8fc938b919c509871fcd1f808938bb5de8da978371b64ce5269a983f03d937c28a547ad3defd5d24c032fa67493cd00e9f0f835a3c22948ff71ec8c29eb66906ead31e09c6bd3fe0137bfcec27cd8bcbefed081fb2df4ee70ebe2d7c4b2a19419c2f3d79df8344236
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber1eb132d57e796896
    Version3

    Imports

    Expand
    • FLTMGR.SYS
    • ntoskrnl.exe
    • HAL.dll
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • FltGetVolumeInformation
    • wcscat_s
    • HalReturnToFirmware
    • NtQuerySystemInformation
    • ExAllocatePool
    • IoAllocateMdl
    • ExFreePoolWithTag
    • MmProbeAndLockPages
    • MmMapLockedPagesSpecifyCache
    • MmUnlockPages
    • IoFreeMdl
    • KeQueryActiveProcessors
    • KeSetSystemAffinityThread
    • KeRevertToUserAffinityThread
    • DbgPrint
    • KeQueryPerformanceCounter

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .Xmu
    • .`kk
    • .Q){
    • .rsrc
    • .reloc

    Signature

    Expand
    {
  "Certificates": [
    {
      "CertificateType": "CA",
      "IsCA": true,
      "IsCertificateAuthority": true,
      "IsCodeSigning": true,
      "SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
      "Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
      "TBS": {
        "MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
        "SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
        "SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
        "SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
      },
      "ValidFrom": "2010-02-08 00:00:00",
      "ValidTo": "2020-02-07 23:59:59",
      "Version": 3
    },
    {
      "CertificateType": "Leaf (Code Signing)",
      "IsCA": false,
      "IsCertificateAuthority": false,
      "IsCodeSigning": true,
      "SerialNumber": "552b41be12d940437df45d488738cc51",
      "Signature": "a99dc1d328480bf243aac22c545525fc6bd5f8b0b561520a0f384aac04c6e7c061eab088efd29299951dbb0d20c1666e103371b2613cfe488d9fa27be465525afebf55cafa5ea88f0520a75e3619b0dcb103b1428c448e7e0b1a8814d144d772f28eb61124753feb5c28f6002f128f7b11ee7b995f4df759f56a5f11edf76ba5f31af7a4277b0b32be2828d664c254ff73ab2484ed35960e5c8cfc3f340001a318f17b8feb1d564b502e1982e97adba80cb5aa5d218f3a730ddc272d339f92f2b23d471c3d3cf2a30ac537c156a6bbac2cc66c427a71d417d850357f530529420f417a2ec40cad86ba6e7b295c0db0c7234b558b58fe54d95cefe4ae8abb6c7a",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=CN, ST=\u4e0a\u6d77\u5e02, L=\u4e0a\u6d77\u5e02, O=Shanghai easy kradar Information Consulting Co. Ltd., CN=Shanghai easy kradar Information Consulting Co. Ltd.",
      "TBS": {
        "MD5": "4ce1a301e4985597b995c5002818c656",
        "SHA1": "d3d7fb983b43941fe8bc220886a864fb0fd7eae6",
        "SHA256": "cc9e447627151329ab572064941a0750855200766f81ae14e0d3a63d5e64a3d7",
        "SHA384": "2694683f803b72e45ab3d8b49cb2a3e914bfc8942a4e6e1ac2d0251d6f25e9c735d353459da34b19ac334ecf3cc35aad"
      },
      "ValidFrom": "2015-01-29 00:00:00",
      "ValidTo": "2016-01-29 23:59:59",
      "Version": 3
    },
    {
      "CertificateType": "CA",
      "IsCA": true,
      "IsCertificateAuthority": true,
      "IsCodeSigning": false,
      "SerialNumber": "611fb0a400000000001d",
      "Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
      "TBS": {
        "MD5": "a3f222107d4e1085e73b5b589c2f480b",
        "SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
        "SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
        "SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
      },
      "ValidFrom": "2011-02-22 19:31:57",
      "ValidTo": "2021-02-22 19:41:57",
      "Version": 3
    },
    {
      "CertificateType": "Intermediate",
      "IsCA": false,
      "IsCertificateAuthority": false,
      "IsCodeSigning": false,
      "SerialNumber": "1eb132d57e7968960df26e854eb0dda6",
      "Signature": "21ce1a74cffdc5be464c890b9ae11fe6f037b1145a8a3be179136f33eb4e74650c0d22055a26096e231fdc9be25bcfbe8d8d590d84d2443e19d0d8bb163e7d492162ba8f1ee020445d0338d6cf96bc7543da921f04874ae92a524585895d0f358b045c941ab49b34f287579f7d7aaa70122b519c8bb604c7f072ea20fb5e1b1c2c048f4c7e42dc6ee7caab6de80627c32632d0ea2756277ca3c98c2fa58a9d07364017c29844e99cac28cefc4d4bca807da970d2bdf548cec8844b5f72541940835e827c447773ed5b4e8114c2cf04d39bc2f2dc8c2ba8a6e67687e76b7805971e8b87096474fcac24da030e8d591f9edae5644199a235280d05761143af1292",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=CN, O=JemmyLoveJenny PKI Service, OU=timestamp.pki.jemmylovejenny.tk, CN=Fake TimeStamp Responder",
      "TBS": {
        "MD5": "5ab6e3eff526144c0498d28f2e8744cc",
        "SHA1": "7ab94f2c92d6886a876615876fb3c7d996cc0ea3",
        "SHA256": "ff83ab76196af2d3172c0be1ab23720770de769bed8daf815a059ca46df241af",
        "SHA384": "9990f7fd996aa8f520b4d64eee4060d0009b6cd517416b7300245df65cb15eb72ab985f520bc02346c544d46ad172ae5"
      },
      "ValidFrom": "2000-01-01 00:00:00",
      "ValidTo": "2099-12-31 23:59:59",
      "Version": 3
    },
    {
      "CertificateType": "CA",
      "IsCA": true,
      "IsCertificateAuthority": true,
      "IsCodeSigning": false,
      "SerialNumber": "1eb132d57e796896",
      "Signature": "7a25039f8882f1960adb0b6781366e4e15e38a1b13b332e864e5b39e93128f9400648246af7f78526380ebc32a670c0d7184c0172442e5bdbb7873dac548349bbb5681f1f0b2e5fb7230153f95caaa5d7aeeb64cdc6f4cb9505f4b62b2e61f7b8856c43e91be32fc9918cd4ace9060388c8ef39c745adb7cbe0943353ae6c7e8f9e3a9a26da5fab1e43d7fafc02fa8433e1d9a3f3981c78f70c040e03c74258d5abca8231e3bff819e85f52d422dd507879f4e922b52f4ea358e887d8d3deb4bc81d5b3c42ae13aac56364c929da045225104ed04f3a041c9677cc731acbc153746b1f5e968cb468f52ab576515f967ce0159331e1ac575f27f4faf159ec70c3825d7366eb08f579909cab42adf8fe71c14f71d19326dad89dcd763ed3c4aad601c34aa8fa5ea6f16843d15692198c1c79f92c1d1feadeecae329206d02133c625875839baa3265b8e635a43c192755dfd260f0ffe7f2e320be8713639c0204fde54d92c59cb12c253b837e7fcbb3f1a47d7a1066a9568e1b5d9ddf1dc69da4bb6e5965dc72f35c5e8d78eca195cd7b18e41a12bb4eb4de8fc938b919c509871fcd1f808938bb5de8da978371b64ce5269a983f03d937c28a547ad3defd5d24c032fa67493cd00e9f0f835a3c22948ff71ec8c29eb66906ead31e09c6bd3fe0137bfcec27cd8bcbefed081fb2df4ee70ebe2d7c4b2a19419c2f3d79df8344236",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=CN, O=JemmyLoveJenny PKI Service, OU=pki.jemmylovejenny.tk, CN=JemmyLoveJenny SHA1 TimeStamping Services CA",
      "TBS": {
        "MD5": "953110dc4528bb8653d24128ec59f13b",
        "SHA1": "3a111b3ec6c092f7181132509479ba73bc3c828f",
        "SHA256": "3434a95dfbfdb4b2cdff9d76632bcfc1d8c9a2b805596ed3f8af1c97f61643b1",
        "SHA384": "41c54e667a7ccaab3d4b6288e8c78789163e4adce5029f5e43de2a25ea9ad07bd3f4679538ebc301477917f46cfb8788"
      },
      "ValidFrom": "2000-01-01 00:00:00",
      "ValidTo": "2099-12-31 23:59:59",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
      "SerialNumber": "552b41be12d940437df45d488738cc51",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

    source

    last_updated: 2026-06-16