!This program cannot be run in DOS mode.
hfothk
h.rdata
H.data
.pdata
H.idata
bGFIDS
B.rsrc
B.reloc
L$ VWAVH
WAVAWH
A_A^_
WATAUAVAWH
A_A^A]A\_
t$ WATAUAVAWH
0A_A^A]A\_
WAVAWH
@A_A^_
|$ ATAVAWH
A_A^A\
-fffffff
fffffff
fffffff
fffffff
.fffffff
fffffff
fffffff
AQAPRQPH
0XYZAXAY
ffffff
a?,F.f
STF>U\C]K
RSDSnS
WdBoot.pdb
.text$mn
.text$mn$00
.text$mn$21
.rdata$brc
.gehcont
.rdata
.rdata$zzzdbg
.xdata
.data$brc
.pdata
.idata$5
.00cfg
.idata$2
.idata$3
.idata$4
.idata$6
PAGE$x
.gfids
.rsrc$01
.rsrc$02
RtlEqualUnicodeString
RtlUpcaseUnicodeChar
CmUnRegisterCallback
ObfDereferenceObject
ExCreateCallback
RtlInitUnicodeString
RtlCopyUnicodeString
wcsstr
ExNotifyCallback
MmGetSystemRoutineAddress
ZwQueryValueKey
ExFreePoolWithTag
IoWMIRegistrationControl
InitSafeBootMode
InitializeSListHead
CmRegisterCallback
ZwClose
ZwOpenKey
ExpInterlockedFlushSList
ExpInterlockedPushEntrySList
CmCallbackGetKeyObjectID
RtlAnsiStringToUnicodeString
ZwDeleteValueKey
RtlInitAnsiString
ZwSetValueKey
RtlCompareMemory
ntoskrnl.exe
BCryptDestroyKey
BCryptGetProperty
BCryptVerifySignature
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptImportKeyPair
BCryptHashData
BCryptCreateHash
cng.sys
__C_specific_handler
ZwQuerySystemInformation
ExAllocatePoolWithQuotaTag
PsGetVersion
ExAllocatePoolWithTag
UVWAVAWH
@A_A^_^]
t$ WATAUAVAWH
A_A^A]A\_
WATAVH
0A^A\_
x UAVAWH
x UAVAWH
tm9~ thI
tk9Y tfH
USVWATAVAWH
pA_A^A\_^[]
WAVAWH
fD;|$0u
@A_A^_
p WATAUAVAWH
A_A^A]A\_
VWATAVAWH
A_A^A\_^
UVWATAUAVAWH
0A_A^A]A\_^]
\$0uLE3
t$ WAVAWH
UVWAVAWH
A_A^_^]
UVWAVAWH
@A_A^_^]
t$ UWAVH
rE9} w@
|$ UAVAWH
@USVWAUAVAWH
PA_A^A]_^[]
|$ AVH
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20100
230808183421Z
240807183421Z0
Washington1
Redmond1
Microsoft Corporation1>0<
5Microsoft Windows Early Launch Anti-malware Publisher0
Microsoft Corporation1
229895+5013900
Ehttp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl0Z
>http://www.microsoft.com/pki/certs/MicCodSigPCA_2010-07-06.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100706204017Z
250706205017Z0~1
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20100
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
#Vx"&6
7Z>@B1
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 2010
http://www.microsoft.com0
weA0Xd
20231106235413.248Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1'0%
nShield TSS ESN:DC00-05E0-D9471%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
230525191221Z
240201191221Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1'0%
nShield TSS ESN:DC00-05E0-D9471%0#
Microsoft Time-Stamp Service0
28??v}X
$QfgY$0
Nhttp://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl0l
Phttp://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010(1).crt0
~~+M!
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
210930182225Z
300930183225Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
3http://www.microsoft.com/pkiops/Docs/Repository.htm0
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
as.,k{n?,
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1'0%
nShield TSS ESN:DC00-05E0-D9471%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
20231106121836Z
20231107121836Z0t0:
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
<Xsp(6
PWZOM*
ExAllocatePool2
PsGetVersion
WmiTraceMessage
WmiQueryTraceInformation
EtwRegisterClassicProvider
EtwUnregister
\Callback\WdEbNotificationCallback
\Callback\MpEbNotificationCallback
IoRegisterBootDriverCallback
IoUnregisterBootDriverCallback
WdBoot
\Registry\Machine\ELAM
Windows Defender
Microsoft Antimalware Platform
Measured
Signatures
\Registry\Machine\SYSTEM\CurrentControlSet\Control
SystemStartOptions
TESTSIGNING
Microsoft Primitive Provider
ObjectLength
HashDigestLength
RSAPUBLICBLOB
WdFilter.sys
MpFilter.sys
ElamInfo
\Registry\Machine\System\ControlSet
\Registry\Machine\System\CurrentControlSet\
RtlQueryModuleInformation
MSELAMCERTINFOID
MICROSOFTELAMCERTIFICATEINFO
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
Microsoft Corporation
FileDescription
Microsoft antimalware boot driver
InternalName
WdBoot
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
WdBoot.sys
ProductName
Microsoft
Windows
Operating System
FileVersion
4.18.23110.3 (9ebb3643d539a6fc4659898b1df3124d5da4c0a9)
ProductVersion
4.18.23110.3
VarFileInfo
Translation
f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e
1.3.6.1.4.1.311.76.8.1;1.3.6.1.4.1.311.76.11.1
4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146
1.3.6.1.4.1.311.76.8.1;1.3.6.1.4.1.311.76.11.1
Legal_Policy_Statement
Microsof