9cb4b2fa-67fb-4415-a064-7da7bc47e105

wamsdk.sys :inline

Description

Vulnerable WatchDog Antimalware driver used by Silver Fox APT group to load unsigned drivers and execute malicious code in kernel mode

  • UUID: 9cb4b2fa-67fb-4415-a064-7da7bc47e105
  • Created: 2025-08-28
  • Author: The Haag

DownloadBlock

This download link contains the vulnerable driver!

Commands

sc.exe create wamsdk binPath=C:\windows\temp\wamsdk.sys type=kernel && sc.exe start wamsdk
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://research.checkpoint.com/2025/silver-fox-apt-vulnerable-drivers/

    • Known Vulnerable Samples

    PropertyValue
    Filenamewamsdk.sys
    Creation Timestamp2025-07-01 12:21:01
    MD5b6b51508ad6f462c45fe102c85d246c8
    SHA196f0dbf52aed0afd43e44500116b04b674f7358e
    SHA2565af1dae21425dda8311a2044209c308525135e1733eeff5dd20649946c6e054c
    Authentihash MD56c8a730f2594eb45982dfa4a659efa4e
    Authentihash SHA1f3a83a9ef523438b63ddfb2ac322e40a7726d64e
    Authentihash SHA2561c271dfdb905e1fbbb26a62869eef75882684b99095b55e768d433c684365560
    RichPEHeaderHash MD51c6486366a94481b79ddfb0f1369c9ae
    RichPEHeaderHash SHA15f52febd554912a805323653f9fc85b8289a93ef
    RichPEHeaderHash SHA256722db4ae55d7ebf38a09df4fc92addbf6847ae6b5db77179e46bf7f538cc56dc
    CompanyWatchDogDevelopment.com, LLC.
    DescriptionWatchDog Antimalware Driver
    Productwamsdk
    OriginalFilenamewamsdk.sys

    Download

    Certificates

    Expand
    Certificate 01ee5f169dff97352b6465d66a
    FieldValue
    ToBeSigned (TBS) MD551c3959a45cecf3d21a3effb05762573
    ToBeSigned (TBS) SHA1ecfcd25fd0525448a74875ba271566bc0bfbf061
    ToBeSigned (TBS) SHA256de1da11668f0a8d5e13346ed3ab2755f5d25bebffcfd1d0bde5b9f87bc292c91
    SubjectCN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA , R3
    ValidFrom2018-09-19 00:00:00
    ValidTo2028-01-28 12:00:00
    Signature2370e9cfe2bef559ae94426fc44333aacd3f3ab96417f262064b48f140880617a1feabd15f3cc633f2f38edd1f1d3ecc1a6099820bacc7fc7e9a872aa57d0fa657eeac3b6a85d6debd4063f8ada6c888b012fcf641df0f09971e38ea539fbe05f43eead39f501276be098bc20b487d1e2e51f68d53d3ab1f401b8a8eed7dfb4f7956705f0cd38e1bb3a7700d372b9795abdae0126b1c40cec5c77eedc26258ec77ed7322c28af5864388adea136efdd8fe422fb97d5ead18ef9490ca3d27ab26949975c7cbd37bf7ca4cd3af5121925b847d2b9f153f74cb51e89e830e166f1be746ce23bdf9e4a28bd2396baa791c912ce261242d8e2a487090c41ec5e8e070
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber01ee5f169dff97352b6465d66a
    Version3
    Certificate 7803184245708a41cf6f01b8eeb4a954
    FieldValue
    ToBeSigned (TBS) MD5a33260428269bc902bc1cd280e4b1837
    ToBeSigned (TBS) SHA1254209ca172cffcc67bd2a88996556d2f09538f0
    ToBeSigned (TBS) SHA256a67411358594f2cf016741a63fd49f36de917f86531b3e3a43eb6a421c654868
    SubjectCN=GlobalSign Code Signing Root R45,O=GlobalSign nv,sa,C=BE
    ValidFrom2020-07-28 00:00:00
    ValidTo2029-03-18 00:00:00
    Signatureacf7cc158b3079a81d0b28881909d71c7ffe86bd7b5a336e0d670e7b62d9e1185cb0bd135d1d23ae39507637aa44fd5f01235986564cccadbc64131430a420a8e03fe89c72dc7ef3d80c23baa82daa3cf6ec9f87310765f539a7518275e1f22f97f6d1e165968364fea11d51fbb5249bf5d27769bc852c5cfa5877d1aea7b10be2d677bba9b4344aa96f3df4f30d955de6f97a45b02517312edbf70f68e6831fa9f7e5d49d988cd3614b2fc3287e7ade930eb47da00a6d92c4b4663f7da758eeacf7ecc30801ab38fc0a1ca9c597b288c8090219f65c9a1af14d6c30d4b306ab0060480d78abcf17ad9293622077756cbdc832b4dc4debd9dfc1909629bdc17f
    SignatureAlgorithmOID1.2.840.113549.1.1.12
    IsCertificateAuthorityTrue
    SerialNumber7803184245708a41cf6f01b8eeb4a954
    Version3
    Certificate 77bd0e05b7590bb61d4761531e3f75ed
    FieldValue
    ToBeSigned (TBS) MD565fd1dac1f115d9507f4e1840c8cb36a
    ToBeSigned (TBS) SHA1c7cf5607e19b22fe60c055e71d9b555d70f71f66
    ToBeSigned (TBS) SHA256d9c7db0b704f07089440c56e69a0f31d730edf77cfbf7514630e8b5390a270fe
    SubjectCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv,sa,C=BE
    ValidFrom2020-07-28 00:00:00
    ValidTo2030-07-28 00:00:00
    Signature2575a009c939bab7a139892f189fabd6eb1d4be8947c0d07689b1c9def71b6176a6b024fb33f864587cc659b4ce35806022266d56102c5638fd4a2f1b65e250b7796e9cd7140338829eceef3a26dbc4db53e064bc97333ca08142d3d4ce8b0ba75a6742da4583a6c1349f8a5150a149685b16a68342542af9656f410fa247df12b72c116e16bebe6a998c73e5af4d0189dfd74978677462a3d237d28738aaeef2b1b9abf6c53a7149e3c8771c05e8ec8fbd32a9233ea574d5e075ecac118ac812d1a21fa6ecf97617bdf717a3aca63f7d530443732febb4385dcbafca6ca33192b776ddbcb05f07e5f752ea2b6bf35aa3663c9ce64d9bdfcbc2cf3495600c8122bc627bb37af57efc4cf1e29c4f4e22dce2a61cf57edf50a40e2f518d61ee9902fcad3875f938a481a111de537859f2e66629a5e814e95ac555743dc538b257e3c610f8a0bbaf53fa6d78ef704565e21bb9fd76a7180bf96de7203d8d8222bf327164f38e851400cae92efbe3d7df780c64c36578495a7841548300e5227088d8ea2bd22c719c9a6ca0ea87a36db6aba615f112495a4e28e68ee19a949995ed0b434bdd6f940c710973152393529118724d3c4fba963cb7748d5fa62fc24e0047a4ed0e46edece9e385026f4217165d70925d4c907007ab8c7f377e8c5d4e255d0d31ef67f52e2498db911720c88442633660144dfe4330e21de62894807daf5
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber77bd0e05b7590bb61d4761531e3f75ed
    Version3
    Certificate 5afb3e5f1aa892a7208555fd
    FieldValue
    ToBeSigned (TBS) MD5a08ca309304d94dcb2cd457e03b08a0b
    ToBeSigned (TBS) SHA1c41342b3db72cbbb6d95f5203d42ea7a27830c57
    ToBeSigned (TBS) SHA2566987c0813f5f70bb063f4f9f5ec22747164f1bdd86ecfc3f9ff456843d42b0a1
    SubjectCN=WATCHDOGDEVELOPMENT.COM, LLC,O=WATCHDOGDEVELOPMENT.COM, LLC,L=Dover,ST=Delaware,C=US,1.3.6.1.4.1.311.60.2.1.2=Delaware,1.3.6.1.4.1.311.60.2.1.3=US,2.5.4.5=6061961,2.5.4.15=Private Organization
    ValidFrom2025-05-23 11:33:23
    ValidTo2028-06-24 19:57:48
    Signature22cb51198a92ed49dd835b1465e9669984b9f4531893e985f811d3092c43c4f902d81f406eb864119ad6be849695bbc1ee10c0d77169362496b63e88796a29d46fb913e4098160f575d76de2a8417e21c5465634c1dcc5d49a56e49d0590469ea454eadc01ab0714e052f21fce49c93db8e395408ee98d81f2a689509560dc8379d3fa30152e1fdbc50c34e1596da8fc807688db45153e6bb8de65ab48cf981d04712a4299a9de3d92d0b7ee7e2701e2371aceb5b461b4a758467e4ecc6f837f08a70a15a3cd87ed8d78011a1ce63c55929d1f63a7d266c5eb4ec3427929fba69ac4e1179676c70897f6416a61ed0063f269783c87c0b89fd7d01e617fdf2e8ab61207a33b14b4e183089c426024b503e38ff4346386f0a1eb821167ec9446ac43e37ea88db8ca850a96ae26ba0f6102bc0a89ded252e60440bb1cc20a862f0263fa23150b2925e57e7f7da625fa8db70e4aa9a6f16d79d6b7d5d12b44c6a34492d4d65544962796ff835ac2cbca323c62d8b4834646b4861a8325cc5c7b6e0a1c622007b7b7e5023891f666bb580d8121c62b635530fade45cf4f1705a048a0ed80718da2a257418654014eb68a8b750a007ee881824a8b130e0e75ea7272506f5e35abb7b15596de2f5fb9970d6ea8869ad1db566136081b302054349d8905797a6d0859f56cb81a79dd77f0c3b4851fa5118d42da2dccae241ca4e98672eb
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber5afb3e5f1aa892a7208555fd
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • ZwClose
    • RtlUpperString
    • ZwOpenProcess
    • ProbeForRead
    • KeAcquireSpinLockRaiseToDpc
    • RtlAppendUnicodeToString
    • PsCreateSystemThread
    • _vsnprintf
    • KeInitializeSpinLock
    • ZwWriteFile
    • KeReleaseSpinLock
    • KeInitializeSemaphore
    • PsThreadType
    • KeReleaseSemaphore
    • ZwDeleteFile
    • strchr
    • PsGetCurrentThreadId
    • ZwQueryInformationFile
    • KeWaitForSingleObject
    • PsTerminateSystemThread
    • PsGetProcessSessionId
    • PsSetCreateProcessNotifyRoutine
    • RtlAppendUnicodeStringToString
    • ZwDeleteValueKey
    • ZwSetValueKey
    • ZwQuerySystemInformation
    • ZwReadFile
    • IoFreeIrp
    • IoGetRelatedDeviceObject
    • ObCloseHandle
    • FsRtlGetFileSize
    • IoGetDeviceAttachmentBaseRef
    • IoFileObjectType
    • KeSetEvent
    • ZwSetInformationFile
    • IoAllocateIrp
    • IoCreateFileSpecifyDeviceObjectHint
    • IofCallDriver
    • KeInitializeEvent
    • RtlIntegerToUnicodeString
    • towupper
    • NtQuerySystemInformation
    • NtBuildNumber
    • NtOpenProcess
    • MmGetSystemRoutineAddress
    • ZwCreateEvent
    • ExGetPreviousMode
    • ZwDeleteKey
    • DbgPrint
    • IoDriverObjectType
    • MmIsDriverVerifying
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • RtlSetDaclSecurityDescriptor
    • PsGetProcessId
    • IoThreadToProcess
    • MmMapLockedPagesSpecifyCache
    • KeGetCurrentIrql
    • ZwWaitForSingleObject
    • PsProcessType
    • KeStackAttachProcess
    • ZwOpenThread
    • ZwTerminateProcess
    • KeUnstackDetachProcess
    • ExInterlockedInsertHeadList
    • CmUnRegisterCallback
    • ExInterlockedRemoveHeadList
    • CmRegisterCallback
    • ZwQueryKey
    • RtlCreateRegistryKey
    • ZwEnumerateKey
    • ZwQueryValueKey
    • ZwOpenKey
    • RtlFreeAnsiString
    • PsRemoveLoadImageNotifyRoutine
    • PsSetLoadImageNotifyRoutine
    • MmSystemRangeStart
    • ProbeForWrite
    • RtlUnicodeStringToAnsiString
    • PsGetProcessSectionBaseAddress
    • strstr
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • IoCreateDevice
    • ObOpenObjectByPointer
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeExports
    • RtlCreateSecurityDescriptor
    • _wcsnicmp
    • wcschr
    • RtlAbsoluteToSelfRelativeSD
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • IoIsWdmVersionAvailable
    • ZwCreateKey
    • RtlFreeUnicodeString
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • wcsstr
    • PsGetProcessImageFileName
    • RtlGetVersion
    • ObReferenceObjectByHandle
    • PsGetCurrentProcessId
    • PsLookupProcessByProcessId
    • RtlCopyUnicodeString
    • RtlInitUnicodeString
    • ZwQueryInformationProcess
    • RtlUpcaseUnicodeString
    • ObfDereferenceObject
    • ZwCreateFile
    • ObQueryNameString
    • FsRtlIsNameInExpression
    • KeDelayExecutionThread
    • ObReferenceObjectByName
    • __C_specific_handler
    • FltSendMessage
    • FltCancelFileOpen
    • FltStartFiltering
    • FltGetStreamHandleContext
    • FltReleaseFileNameInformation
    • FltQueryInformationFile
    • FltFreePoolAlignedWithTag
    • FltGetFileNameInformation
    • FltReadFile
    • FltSetStreamHandleContext
    • FltReleaseContext
    • FltCreateCommunicationPort
    • FltBuildDefaultSecurityDescriptor
    • FltAllocatePoolAlignedWithTag
    • FltParseFileNameInformation
    • FltAllocateContext
    • FltRegisterFilter
    • FltUnregisterFilter
    • FltCloseCommunicationPort

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
  "Certificates": [
    {
      "CertificateType": "CA",
      "IsCA": true,
      "IsCertificateAuthority": true,
      "IsCodeSigning": false,
      "SerialNumber": "01ee5f169dff97352b6465d66a",
      "Signature": "2370e9cfe2bef559ae94426fc44333aacd3f3ab96417f262064b48f140880617a1feabd15f3cc633f2f38edd1f1d3ecc1a6099820bacc7fc7e9a872aa57d0fa657eeac3b6a85d6debd4063f8ada6c888b012fcf641df0f09971e38ea539fbe05f43eead39f501276be098bc20b487d1e2e51f68d53d3ab1f401b8a8eed7dfb4f7956705f0cd38e1bb3a7700d372b9795abdae0126b1c40cec5c77eedc26258ec77ed7322c28af5864388adea136efdd8fe422fb97d5ead18ef9490ca3d27ab26949975c7cbd37bf7ca4cd3af5121925b847d2b9f153f74cb51e89e830e166f1be746ce23bdf9e4a28bd2396baa791c912ce261242d8e2a487090c41ec5e8e070",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA , R3",
      "TBS": {
        "MD5": "51c3959a45cecf3d21a3effb05762573",
        "SHA1": "ecfcd25fd0525448a74875ba271566bc0bfbf061",
        "SHA256": "de1da11668f0a8d5e13346ed3ab2755f5d25bebffcfd1d0bde5b9f87bc292c91",
        "SHA384": "f0eab75baf1f24a53d63bd795cd07292a312f603513c8cb0f40fe5acbdb477ed72607d309fad21471a16f6223fb3a838"
      },
      "ValidFrom": "2018-09-19 00:00:00",
      "ValidTo": "2028-01-28 12:00:00",
      "Version": 3
    },
    {
      "CertificateType": "CA",
      "IsCA": true,
      "IsCertificateAuthority": true,
      "IsCodeSigning": true,
      "SerialNumber": "7803184245708a41cf6f01b8eeb4a954",
      "Signature": "acf7cc158b3079a81d0b28881909d71c7ffe86bd7b5a336e0d670e7b62d9e1185cb0bd135d1d23ae39507637aa44fd5f01235986564cccadbc64131430a420a8e03fe89c72dc7ef3d80c23baa82daa3cf6ec9f87310765f539a7518275e1f22f97f6d1e165968364fea11d51fbb5249bf5d27769bc852c5cfa5877d1aea7b10be2d677bba9b4344aa96f3df4f30d955de6f97a45b02517312edbf70f68e6831fa9f7e5d49d988cd3614b2fc3287e7ade930eb47da00a6d92c4b4663f7da758eeacf7ecc30801ab38fc0a1ca9c597b288c8090219f65c9a1af14d6c30d4b306ab0060480d78abcf17ad9293622077756cbdc832b4dc4debd9dfc1909629bdc17f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
      "Subject": "CN=GlobalSign Code Signing Root R45,O=GlobalSign nv,sa,C=BE",
      "TBS": {
        "MD5": "a33260428269bc902bc1cd280e4b1837",
        "SHA1": "254209ca172cffcc67bd2a88996556d2f09538f0",
        "SHA256": "a67411358594f2cf016741a63fd49f36de917f86531b3e3a43eb6a421c654868",
        "SHA384": "fec727af43d1569995cea26e8eb97167165842a5b185304425a92c03b71254c5d51222837515f33e60cb8ed2e8c625ba"
      },
      "ValidFrom": "2020-07-28 00:00:00",
      "ValidTo": "2029-03-18 00:00:00",
      "Version": 3
    },
    {
      "CertificateType": "CA",
      "IsCA": true,
      "IsCertificateAuthority": true,
      "IsCodeSigning": true,
      "SerialNumber": "77bd0e05b7590bb61d4761531e3f75ed",
      "Signature": "2575a009c939bab7a139892f189fabd6eb1d4be8947c0d07689b1c9def71b6176a6b024fb33f864587cc659b4ce35806022266d56102c5638fd4a2f1b65e250b7796e9cd7140338829eceef3a26dbc4db53e064bc97333ca08142d3d4ce8b0ba75a6742da4583a6c1349f8a5150a149685b16a68342542af9656f410fa247df12b72c116e16bebe6a998c73e5af4d0189dfd74978677462a3d237d28738aaeef2b1b9abf6c53a7149e3c8771c05e8ec8fbd32a9233ea574d5e075ecac118ac812d1a21fa6ecf97617bdf717a3aca63f7d530443732febb4385dcbafca6ca33192b776ddbcb05f07e5f752ea2b6bf35aa3663c9ce64d9bdfcbc2cf3495600c8122bc627bb37af57efc4cf1e29c4f4e22dce2a61cf57edf50a40e2f518d61ee9902fcad3875f938a481a111de537859f2e66629a5e814e95ac555743dc538b257e3c610f8a0bbaf53fa6d78ef704565e21bb9fd76a7180bf96de7203d8d8222bf327164f38e851400cae92efbe3d7df780c64c36578495a7841548300e5227088d8ea2bd22c719c9a6ca0ea87a36db6aba615f112495a4e28e68ee19a949995ed0b434bdd6f940c710973152393529118724d3c4fba963cb7748d5fa62fc24e0047a4ed0e46edece9e385026f4217165d70925d4c907007ab8c7f377e8c5d4e255d0d31ef67f52e2498db911720c88442633660144dfe4330e21de62894807daf5",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv,sa,C=BE",
      "TBS": {
        "MD5": "65fd1dac1f115d9507f4e1840c8cb36a",
        "SHA1": "c7cf5607e19b22fe60c055e71d9b555d70f71f66",
        "SHA256": "d9c7db0b704f07089440c56e69a0f31d730edf77cfbf7514630e8b5390a270fe",
        "SHA384": "defe810317bd1215b4d1ee0ec8a5fb38b21d094ef1173cae670956cd899232638e4f9473fd947bd550a4a77300bbb2ab"
      },
      "ValidFrom": "2020-07-28 00:00:00",
      "ValidTo": "2030-07-28 00:00:00",
      "Version": 3
    },
    {
      "CertificateType": "Leaf (Code Signing)",
      "IsCA": false,
      "IsCertificateAuthority": false,
      "IsCodeSigning": true,
      "SerialNumber": "5afb3e5f1aa892a7208555fd",
      "Signature": "22cb51198a92ed49dd835b1465e9669984b9f4531893e985f811d3092c43c4f902d81f406eb864119ad6be849695bbc1ee10c0d77169362496b63e88796a29d46fb913e4098160f575d76de2a8417e21c5465634c1dcc5d49a56e49d0590469ea454eadc01ab0714e052f21fce49c93db8e395408ee98d81f2a689509560dc8379d3fa30152e1fdbc50c34e1596da8fc807688db45153e6bb8de65ab48cf981d04712a4299a9de3d92d0b7ee7e2701e2371aceb5b461b4a758467e4ecc6f837f08a70a15a3cd87ed8d78011a1ce63c55929d1f63a7d266c5eb4ec3427929fba69ac4e1179676c70897f6416a61ed0063f269783c87c0b89fd7d01e617fdf2e8ab61207a33b14b4e183089c426024b503e38ff4346386f0a1eb821167ec9446ac43e37ea88db8ca850a96ae26ba0f6102bc0a89ded252e60440bb1cc20a862f0263fa23150b2925e57e7f7da625fa8db70e4aa9a6f16d79d6b7d5d12b44c6a34492d4d65544962796ff835ac2cbca323c62d8b4834646b4861a8325cc5c7b6e0a1c622007b7b7e5023891f666bb580d8121c62b635530fade45cf4f1705a048a0ed80718da2a257418654014eb68a8b750a007ee881824a8b130e0e75ea7272506f5e35abb7b15596de2f5fb9970d6ea8869ad1db566136081b302054349d8905797a6d0859f56cb81a79dd77f0c3b4851fa5118d42da2dccae241ca4e98672eb",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "CN=WATCHDOGDEVELOPMENT.COM, LLC,O=WATCHDOGDEVELOPMENT.COM, LLC,L=Dover,ST=Delaware,C=US,1.3.6.1.4.1.311.60.2.1.2=Delaware,1.3.6.1.4.1.311.60.2.1.3=US,2.5.4.5=6061961,2.5.4.15=Private Organization",
      "TBS": {
        "MD5": "a08ca309304d94dcb2cd457e03b08a0b",
        "SHA1": "c41342b3db72cbbb6d95f5203d42ea7a27830c57",
        "SHA256": "6987c0813f5f70bb063f4f9f5ec22747164f1bdd86ecfc3f9ff456843d42b0a1",
        "SHA384": "b6aaaa9fb960960d20e95611384d329c2797987f60f5c5b659c4876d979c09e5d4dd953286a7471a2c642ba2460f2bdc"
      },
      "ValidFrom": "2025-05-23 11:33:23",
      "ValidTo": "2028-06-24 19:57:48",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv,sa,C=BE",
      "SerialNumber": "5afb3e5f1aa892a7208555fd",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}
    PropertyValue
    Filenamewamsdk.sys
    Creation Timestamp2025-07-01 12:21:01
    MD568def3004db45cb974e789241472fd59
    SHA13cfad07bdf8006047a78b8234cc6c3c2f35b24ed
    SHA2560be8483c2ea42f1ce4c90e84ac474a4e7017bc6d682e06f96dc1e31922a07b10
    Authentihash MD56c8a730f2594eb45982dfa4a659efa4e
    Authentihash SHA1f3a83a9ef523438b63ddfb2ac322e40a7726d64e
    Authentihash SHA2561c271dfdb905e1fbbb26a62869eef75882684b99095b55e768d433c684365560
    RichPEHeaderHash MD51c6486366a94481b79ddfb0f1369c9ae
    RichPEHeaderHash SHA15f52febd554912a805323653f9fc85b8289a93ef
    RichPEHeaderHash SHA256722db4ae55d7ebf38a09df4fc92addbf6847ae6b5db77179e46bf7f538cc56dc
    CompanyWatchDogDevelopment.com, LLC.
    DescriptionWatchDog Antimalware Driver
    Productwamsdk
    OriginalFilenamewamsdk.sys

    Download

    Certificates

    Expand
    Certificate 01ee5f169dff97352b6465d66a
    FieldValue
    ToBeSigned (TBS) MD551c3959a45cecf3d21a3effb05762573
    ToBeSigned (TBS) SHA1ecfcd25fd0525448a74875ba271566bc0bfbf061
    ToBeSigned (TBS) SHA256de1da11668f0a8d5e13346ed3ab2755f5d25bebffcfd1d0bde5b9f87bc292c91
    SubjectCN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA , R3
    ValidFrom2018-09-19 00:00:00
    ValidTo2028-01-28 12:00:00
    Signature2370e9cfe2bef559ae94426fc44333aacd3f3ab96417f262064b48f140880617a1feabd15f3cc633f2f38edd1f1d3ecc1a6099820bacc7fc7e9a872aa57d0fa657eeac3b6a85d6debd4063f8ada6c888b012fcf641df0f09971e38ea539fbe05f43eead39f501276be098bc20b487d1e2e51f68d53d3ab1f401b8a8eed7dfb4f7956705f0cd38e1bb3a7700d372b9795abdae0126b1c40cec5c77eedc26258ec77ed7322c28af5864388adea136efdd8fe422fb97d5ead18ef9490ca3d27ab26949975c7cbd37bf7ca4cd3af5121925b847d2b9f153f74cb51e89e830e166f1be746ce23bdf9e4a28bd2396baa791c912ce261242d8e2a487090c41ec5e8e070
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber01ee5f169dff97352b6465d66a
    Version3
    Certificate 7803184245708a41cf6f01b8eeb4a954
    FieldValue
    ToBeSigned (TBS) MD5a33260428269bc902bc1cd280e4b1837
    ToBeSigned (TBS) SHA1254209ca172cffcc67bd2a88996556d2f09538f0
    ToBeSigned (TBS) SHA256a67411358594f2cf016741a63fd49f36de917f86531b3e3a43eb6a421c654868
    SubjectCN=GlobalSign Code Signing Root R45,O=GlobalSign nv,sa,C=BE
    ValidFrom2020-07-28 00:00:00
    ValidTo2029-03-18 00:00:00
    Signatureacf7cc158b3079a81d0b28881909d71c7ffe86bd7b5a336e0d670e7b62d9e1185cb0bd135d1d23ae39507637aa44fd5f01235986564cccadbc64131430a420a8e03fe89c72dc7ef3d80c23baa82daa3cf6ec9f87310765f539a7518275e1f22f97f6d1e165968364fea11d51fbb5249bf5d27769bc852c5cfa5877d1aea7b10be2d677bba9b4344aa96f3df4f30d955de6f97a45b02517312edbf70f68e6831fa9f7e5d49d988cd3614b2fc3287e7ade930eb47da00a6d92c4b4663f7da758eeacf7ecc30801ab38fc0a1ca9c597b288c8090219f65c9a1af14d6c30d4b306ab0060480d78abcf17ad9293622077756cbdc832b4dc4debd9dfc1909629bdc17f
    SignatureAlgorithmOID1.2.840.113549.1.1.12
    IsCertificateAuthorityTrue
    SerialNumber7803184245708a41cf6f01b8eeb4a954
    Version3
    Certificate 77bd0e05b7590bb61d4761531e3f75ed
    FieldValue
    ToBeSigned (TBS) MD565fd1dac1f115d9507f4e1840c8cb36a
    ToBeSigned (TBS) SHA1c7cf5607e19b22fe60c055e71d9b555d70f71f66
    ToBeSigned (TBS) SHA256d9c7db0b704f07089440c56e69a0f31d730edf77cfbf7514630e8b5390a270fe
    SubjectCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv,sa,C=BE
    ValidFrom2020-07-28 00:00:00
    ValidTo2030-07-28 00:00:00
    Signature2575a009c939bab7a139892f189fabd6eb1d4be8947c0d07689b1c9def71b6176a6b024fb33f864587cc659b4ce35806022266d56102c5638fd4a2f1b65e250b7796e9cd7140338829eceef3a26dbc4db53e064bc97333ca08142d3d4ce8b0ba75a6742da4583a6c1349f8a5150a149685b16a68342542af9656f410fa247df12b72c116e16bebe6a998c73e5af4d0189dfd74978677462a3d237d28738aaeef2b1b9abf6c53a7149e3c8771c05e8ec8fbd32a9233ea574d5e075ecac118ac812d1a21fa6ecf97617bdf717a3aca63f7d530443732febb4385dcbafca6ca33192b776ddbcb05f07e5f752ea2b6bf35aa3663c9ce64d9bdfcbc2cf3495600c8122bc627bb37af57efc4cf1e29c4f4e22dce2a61cf57edf50a40e2f518d61ee9902fcad3875f938a481a111de537859f2e66629a5e814e95ac555743dc538b257e3c610f8a0bbaf53fa6d78ef704565e21bb9fd76a7180bf96de7203d8d8222bf327164f38e851400cae92efbe3d7df780c64c36578495a7841548300e5227088d8ea2bd22c719c9a6ca0ea87a36db6aba615f112495a4e28e68ee19a949995ed0b434bdd6f940c710973152393529118724d3c4fba963cb7748d5fa62fc24e0047a4ed0e46edece9e385026f4217165d70925d4c907007ab8c7f377e8c5d4e255d0d31ef67f52e2498db911720c88442633660144dfe4330e21de62894807daf5
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber77bd0e05b7590bb61d4761531e3f75ed
    Version3
    Certificate 5afb3e5f1aa892a7208555fd
    FieldValue
    ToBeSigned (TBS) MD5a08ca309304d94dcb2cd457e03b08a0b
    ToBeSigned (TBS) SHA1c41342b3db72cbbb6d95f5203d42ea7a27830c57
    ToBeSigned (TBS) SHA2566987c0813f5f70bb063f4f9f5ec22747164f1bdd86ecfc3f9ff456843d42b0a1
    SubjectCN=WATCHDOGDEVELOPMENT.COM, LLC,O=WATCHDOGDEVELOPMENT.COM, LLC,L=Dover,ST=Delaware,C=US,1.3.6.1.4.1.311.60.2.1.2=Delaware,1.3.6.1.4.1.311.60.2.1.3=US,2.5.4.5=6061961,2.5.4.15=Private Organization
    ValidFrom2025-05-23 11:33:23
    ValidTo2028-06-24 19:57:48
    Signature22cb51198a92ed49dd835b1465e9669984b9f4531893e985f811d3092c43c4f902d81f406eb864119ad6be849695bbc1ee10c0d77169362496b63e88796a29d46fb913e4098160f575d76de2a8417e21c5465634c1dcc5d49a56e49d0590469ea454eadc01ab0714e052f21fce49c93db8e395408ee98d81f2a689509560dc8379d3fa30152e1fdbc50c34e1596da8fc807688db45153e6bb8de65ab48cf981d04712a4299a9de3d92d0b7ee7e2701e2371aceb5b461b4a758467e4ecc6f837f08a70a15a3cd87ed8d78011a1ce63c55929d1f63a7d266c5eb4ec3427929fba69ac4e1179676c70897f6416a61ed0063f269783c87c0b89fd7d01e617fdf2e8ab61207a33b14b4e183089c426024b503e38ff4346386f0a1eb821167ec9446ac43e37ea88db8ca850a96ae26ba0f6102bc0a89ded252e60440bb1cc20a862f0263fa23150b2925e57e7f7da625fa8db70e4aa9a6f16d79d6b7d5d12b44c6a34492d4d65544962796ff835ac2cbca323c62d8b4834646b4861a8325cc5c7b6e0a1c622007b7b7e5023891f666bb580d8121c62b635530fade45cf4f1705a048a0ed80718da2a257418654014eb68a8b750a007ee881824a8b130e0e75ea7272506f5e35abb7b15596de2f5fb9970d6ea8869ad1db566136081b302054349d8905797a6d0859f56cb81a79dd77f0c3b4851fa5118d42da2dccae241ca4e98672eb
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber5afb3e5f1aa892a7208555fd
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • ZwClose
    • RtlUpperString
    • ZwOpenProcess
    • ProbeForRead
    • KeAcquireSpinLockRaiseToDpc
    • RtlAppendUnicodeToString
    • PsCreateSystemThread
    • _vsnprintf
    • KeInitializeSpinLock
    • ZwWriteFile
    • KeReleaseSpinLock
    • KeInitializeSemaphore
    • PsThreadType
    • KeReleaseSemaphore
    • ZwDeleteFile
    • strchr
    • PsGetCurrentThreadId
    • ZwQueryInformationFile
    • KeWaitForSingleObject
    • PsTerminateSystemThread
    • PsGetProcessSessionId
    • PsSetCreateProcessNotifyRoutine
    • RtlAppendUnicodeStringToString
    • ZwDeleteValueKey
    • ZwSetValueKey
    • ZwQuerySystemInformation
    • ZwReadFile
    • IoFreeIrp
    • IoGetRelatedDeviceObject
    • ObCloseHandle
    • FsRtlGetFileSize
    • IoGetDeviceAttachmentBaseRef
    • IoFileObjectType
    • KeSetEvent
    • ZwSetInformationFile
    • IoAllocateIrp
    • IoCreateFileSpecifyDeviceObjectHint
    • IofCallDriver
    • KeInitializeEvent
    • RtlIntegerToUnicodeString
    • towupper
    • NtQuerySystemInformation
    • NtBuildNumber
    • NtOpenProcess
    • MmGetSystemRoutineAddress
    • ZwCreateEvent
    • ExGetPreviousMode
    • ZwDeleteKey
    • DbgPrint
    • IoDriverObjectType
    • MmIsDriverVerifying
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • RtlSetDaclSecurityDescriptor
    • PsGetProcessId
    • IoThreadToProcess
    • MmMapLockedPagesSpecifyCache
    • KeGetCurrentIrql
    • ZwWaitForSingleObject
    • PsProcessType
    • KeStackAttachProcess
    • ZwOpenThread
    • ZwTerminateProcess
    • KeUnstackDetachProcess
    • ExInterlockedInsertHeadList
    • CmUnRegisterCallback
    • ExInterlockedRemoveHeadList
    • CmRegisterCallback
    • ZwQueryKey
    • RtlCreateRegistryKey
    • ZwEnumerateKey
    • ZwQueryValueKey
    • ZwOpenKey
    • RtlFreeAnsiString
    • PsRemoveLoadImageNotifyRoutine
    • PsSetLoadImageNotifyRoutine
    • MmSystemRangeStart
    • ProbeForWrite
    • RtlUnicodeStringToAnsiString
    • PsGetProcessSectionBaseAddress
    • strstr
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • IoCreateDevice
    • ObOpenObjectByPointer
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeExports
    • RtlCreateSecurityDescriptor
    • _wcsnicmp
    • wcschr
    • RtlAbsoluteToSelfRelativeSD
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • IoIsWdmVersionAvailable
    • ZwCreateKey
    • RtlFreeUnicodeString
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • wcsstr
    • PsGetProcessImageFileName
    • RtlGetVersion
    • ObReferenceObjectByHandle
    • PsGetCurrentProcessId
    • PsLookupProcessByProcessId
    • RtlCopyUnicodeString
    • RtlInitUnicodeString
    • ZwQueryInformationProcess
    • RtlUpcaseUnicodeString
    • ObfDereferenceObject
    • ZwCreateFile
    • ObQueryNameString
    • FsRtlIsNameInExpression
    • KeDelayExecutionThread
    • ObReferenceObjectByName
    • __C_specific_handler
    • FltSendMessage
    • FltCancelFileOpen
    • FltStartFiltering
    • FltGetStreamHandleContext
    • FltReleaseFileNameInformation
    • FltQueryInformationFile
    • FltFreePoolAlignedWithTag
    • FltGetFileNameInformation
    • FltReadFile
    • FltSetStreamHandleContext
    • FltReleaseContext
    • FltCreateCommunicationPort
    • FltBuildDefaultSecurityDescriptor
    • FltAllocatePoolAlignedWithTag
    • FltParseFileNameInformation
    • FltAllocateContext
    • FltRegisterFilter
    • FltUnregisterFilter
    • FltCloseCommunicationPort

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
  "Certificates": [
    {
      "CertificateType": "CA",
      "IsCA": true,
      "IsCertificateAuthority": true,
      "IsCodeSigning": false,
      "SerialNumber": "01ee5f169dff97352b6465d66a",
      "Signature": "2370e9cfe2bef559ae94426fc44333aacd3f3ab96417f262064b48f140880617a1feabd15f3cc633f2f38edd1f1d3ecc1a6099820bacc7fc7e9a872aa57d0fa657eeac3b6a85d6debd4063f8ada6c888b012fcf641df0f09971e38ea539fbe05f43eead39f501276be098bc20b487d1e2e51f68d53d3ab1f401b8a8eed7dfb4f7956705f0cd38e1bb3a7700d372b9795abdae0126b1c40cec5c77eedc26258ec77ed7322c28af5864388adea136efdd8fe422fb97d5ead18ef9490ca3d27ab26949975c7cbd37bf7ca4cd3af5121925b847d2b9f153f74cb51e89e830e166f1be746ce23bdf9e4a28bd2396baa791c912ce261242d8e2a487090c41ec5e8e070",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA , R3",
      "TBS": {
        "MD5": "51c3959a45cecf3d21a3effb05762573",
        "SHA1": "ecfcd25fd0525448a74875ba271566bc0bfbf061",
        "SHA256": "de1da11668f0a8d5e13346ed3ab2755f5d25bebffcfd1d0bde5b9f87bc292c91",
        "SHA384": "f0eab75baf1f24a53d63bd795cd07292a312f603513c8cb0f40fe5acbdb477ed72607d309fad21471a16f6223fb3a838"
      },
      "ValidFrom": "2018-09-19 00:00:00",
      "ValidTo": "2028-01-28 12:00:00",
      "Version": 3
    },
    {
      "CertificateType": "CA",
      "IsCA": true,
      "IsCertificateAuthority": true,
      "IsCodeSigning": true,
      "SerialNumber": "7803184245708a41cf6f01b8eeb4a954",
      "Signature": "acf7cc158b3079a81d0b28881909d71c7ffe86bd7b5a336e0d670e7b62d9e1185cb0bd135d1d23ae39507637aa44fd5f01235986564cccadbc64131430a420a8e03fe89c72dc7ef3d80c23baa82daa3cf6ec9f87310765f539a7518275e1f22f97f6d1e165968364fea11d51fbb5249bf5d27769bc852c5cfa5877d1aea7b10be2d677bba9b4344aa96f3df4f30d955de6f97a45b02517312edbf70f68e6831fa9f7e5d49d988cd3614b2fc3287e7ade930eb47da00a6d92c4b4663f7da758eeacf7ecc30801ab38fc0a1ca9c597b288c8090219f65c9a1af14d6c30d4b306ab0060480d78abcf17ad9293622077756cbdc832b4dc4debd9dfc1909629bdc17f",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
      "Subject": "CN=GlobalSign Code Signing Root R45,O=GlobalSign nv,sa,C=BE",
      "TBS": {
        "MD5": "a33260428269bc902bc1cd280e4b1837",
        "SHA1": "254209ca172cffcc67bd2a88996556d2f09538f0",
        "SHA256": "a67411358594f2cf016741a63fd49f36de917f86531b3e3a43eb6a421c654868",
        "SHA384": "fec727af43d1569995cea26e8eb97167165842a5b185304425a92c03b71254c5d51222837515f33e60cb8ed2e8c625ba"
      },
      "ValidFrom": "2020-07-28 00:00:00",
      "ValidTo": "2029-03-18 00:00:00",
      "Version": 3
    },
    {
      "CertificateType": "CA",
      "IsCA": true,
      "IsCertificateAuthority": true,
      "IsCodeSigning": true,
      "SerialNumber": "77bd0e05b7590bb61d4761531e3f75ed",
      "Signature": "2575a009c939bab7a139892f189fabd6eb1d4be8947c0d07689b1c9def71b6176a6b024fb33f864587cc659b4ce35806022266d56102c5638fd4a2f1b65e250b7796e9cd7140338829eceef3a26dbc4db53e064bc97333ca08142d3d4ce8b0ba75a6742da4583a6c1349f8a5150a149685b16a68342542af9656f410fa247df12b72c116e16bebe6a998c73e5af4d0189dfd74978677462a3d237d28738aaeef2b1b9abf6c53a7149e3c8771c05e8ec8fbd32a9233ea574d5e075ecac118ac812d1a21fa6ecf97617bdf717a3aca63f7d530443732febb4385dcbafca6ca33192b776ddbcb05f07e5f752ea2b6bf35aa3663c9ce64d9bdfcbc2cf3495600c8122bc627bb37af57efc4cf1e29c4f4e22dce2a61cf57edf50a40e2f518d61ee9902fcad3875f938a481a111de537859f2e66629a5e814e95ac555743dc538b257e3c610f8a0bbaf53fa6d78ef704565e21bb9fd76a7180bf96de7203d8d8222bf327164f38e851400cae92efbe3d7df780c64c36578495a7841548300e5227088d8ea2bd22c719c9a6ca0ea87a36db6aba615f112495a4e28e68ee19a949995ed0b434bdd6f940c710973152393529118724d3c4fba963cb7748d5fa62fc24e0047a4ed0e46edece9e385026f4217165d70925d4c907007ab8c7f377e8c5d4e255d0d31ef67f52e2498db911720c88442633660144dfe4330e21de62894807daf5",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv,sa,C=BE",
      "TBS": {
        "MD5": "65fd1dac1f115d9507f4e1840c8cb36a",
        "SHA1": "c7cf5607e19b22fe60c055e71d9b555d70f71f66",
        "SHA256": "d9c7db0b704f07089440c56e69a0f31d730edf77cfbf7514630e8b5390a270fe",
        "SHA384": "defe810317bd1215b4d1ee0ec8a5fb38b21d094ef1173cae670956cd899232638e4f9473fd947bd550a4a77300bbb2ab"
      },
      "ValidFrom": "2020-07-28 00:00:00",
      "ValidTo": "2030-07-28 00:00:00",
      "Version": 3
    },
    {
      "CertificateType": "Leaf (Code Signing)",
      "IsCA": false,
      "IsCertificateAuthority": false,
      "IsCodeSigning": true,
      "SerialNumber": "5afb3e5f1aa892a7208555fd",
      "Signature": "22cb51198a92ed49dd835b1465e9669984b9f4531893e985f811d3092c43c4f902d81f406eb864119ad6be849695bbc1ee10c0d77169362496b63e88796a29d46fb913e4098160f575d76de2a8417e21c5465634c1dcc5d49a56e49d0590469ea454eadc01ab0714e052f21fce49c93db8e395408ee98d81f2a689509560dc8379d3fa30152e1fdbc50c34e1596da8fc807688db45153e6bb8de65ab48cf981d04712a4299a9de3d92d0b7ee7e2701e2371aceb5b461b4a758467e4ecc6f837f08a70a15a3cd87ed8d78011a1ce63c55929d1f63a7d266c5eb4ec3427929fba69ac4e1179676c70897f6416a61ed0063f269783c87c0b89fd7d01e617fdf2e8ab61207a33b14b4e183089c426024b503e38ff4346386f0a1eb821167ec9446ac43e37ea88db8ca850a96ae26ba0f6102bc0a89ded252e60440bb1cc20a862f0263fa23150b2925e57e7f7da625fa8db70e4aa9a6f16d79d6b7d5d12b44c6a34492d4d65544962796ff835ac2cbca323c62d8b4834646b4861a8325cc5c7b6e0a1c622007b7b7e5023891f666bb580d8121c62b635530fade45cf4f1705a048a0ed80718da2a257418654014eb68a8b750a007ee881824a8b130e0e75ea7272506f5e35abb7b15596de2f5fb9970d6ea8869ad1db566136081b302054349d8905797a6d0859f56cb81a79dd77f0c3b4851fa5118d42da2dccae241ca4e98672eb",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "CN=WATCHDOGDEVELOPMENT.COM, LLC,O=WATCHDOGDEVELOPMENT.COM, LLC,L=Dover,ST=Delaware,C=US,1.3.6.1.4.1.311.60.2.1.2=Delaware,1.3.6.1.4.1.311.60.2.1.3=US,2.5.4.5=6061961,2.5.4.15=Private Organization",
      "TBS": {
        "MD5": "a08ca309304d94dcb2cd457e03b08a0b",
        "SHA1": "c41342b3db72cbbb6d95f5203d42ea7a27830c57",
        "SHA256": "6987c0813f5f70bb063f4f9f5ec22747164f1bdd86ecfc3f9ff456843d42b0a1",
        "SHA384": "b6aaaa9fb960960d20e95611384d329c2797987f60f5c5b659c4876d979c09e5d4dd953286a7471a2c642ba2460f2bdc"
      },
      "ValidFrom": "2025-05-23 11:33:23",
      "ValidTo": "2028-06-24 19:57:48",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv,sa,C=BE",
      "SerialNumber": "5afb3e5f1aa892a7208555fd",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

    source

    last_updated: 2026-02-01