Malware Analysis Report

2024-10-18 22:58

Sample ID 221110-yhh46afcbm
Target 7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d
SHA256 7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d
Tags
joker infostealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d

Threat Level: Known bad

The file 7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d was found to be: Known bad.

Malicious Activity Summary

joker infostealer trojan

joker

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Modifies registry class

Modifies system certificate store

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-11-10 19:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-11-10 19:47

Reported

2022-11-10 19:49

Platform

win7-20220812-en

Max time kernel

145s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe"

Signatures

joker

infostealer trojan joker

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\2dama.com C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.2dama.com\ = "126" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\2dama.com\NumberOfSubdomains = "1" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "63" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.2dama.com C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.2dama.com\ = "63" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\2dama.com\Total = "63" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "126" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\2dama.com\Total = "126" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.GHSProtocol C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\ProgID C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\ProgID\ = "7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.GHSProtocol" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F} C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\ = "Embedded Async Pluggable Protocol" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.GHSProtocol\Clsid C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.GHSProtocol\Clsid\ = "{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.GHSProtocol\ = "Embedded Async Pluggable Protocol" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 0f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c61800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6190000000100000010000000f044424c506513d62804c04f719403f9030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a405040000000100000010000000e829e65d7c4307d6fbc13c179e037a3620000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 190000000100000010000000f044424c506513d62804c04f719403f9040000000100000010000000e829e65d7c4307d6fbc13c179e037a36030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a4051800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c60f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce20000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a405140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c6040000000100000010000000e829e65d7c4307d6fbc13c179e037a360f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce190000000100000010000000f044424c506513d62804c04f719403f91800000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c61800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6190000000100000010000000f044424c506513d62804c04f719403f90f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce040000000100000010000000e829e65d7c4307d6fbc13c179e037a36030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a40520000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 040000000100000010000000e829e65d7c4307d6fbc13c179e037a36030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a4050f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce190000000100000010000000f044424c506513d62804c04f719403f91800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c620000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 1800000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c6030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a405040000000100000010000000e829e65d7c4307d6fbc13c179e037a36190000000100000010000000f044424c506513d62804c04f719403f920000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe

"C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x554

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.2dama.com udp
US 147.255.233.71:80 www.2dama.com tcp
US 147.255.233.71:80 www.2dama.com tcp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 mitao5.tv udp
HK 154.198.231.227:8443 mitao5.tv tcp
HK 103.235.46.191:443 hm.baidu.com tcp
HK 103.235.46.191:443 hm.baidu.com tcp
HK 154.198.231.227:8443 mitao5.tv tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
NL 104.109.143.75:80 apps.identrust.com tcp
NL 104.109.143.91:80 apps.identrust.com tcp
US 8.8.8.8:53 cdn.staticfile.org udp
US 8.8.8.8:53 n0499.com udp
US 8.8.8.8:53 n0600.com udp
US 8.8.8.8:53 539397377.com udp
US 8.8.8.8:53 223969ufy.com udp
US 8.8.8.8:53 u0081.com udp
US 8.8.8.8:53 613711567.com udp
US 8.8.8.8:53 kvexx.com udp
US 8.8.8.8:53 297892531.com udp
US 8.8.8.8:53 vcawmm.com udp
US 8.8.8.8:53 kvezz.com udp
US 8.8.8.8:53 kzeaa.com udp
US 8.8.8.8:53 kzerr.com udp
US 8.8.8.8:53 kveww.com udp
US 8.8.8.8:53 kvemm.com udp
US 8.8.8.8:53 kzeii.com udp
US 8.8.8.8:53 p.qlogo.cn udp
US 8.8.8.8:53 kzecc.com udp
US 8.8.8.8:53 de88deggtp89.com udp
US 8.8.8.8:53 616182863.com udp
US 8.8.8.8:53 taiwtp1.com udp
US 8.8.8.8:53 img.9275x.com udp
US 8.8.8.8:53 dimg04.c-ctrip.com udp
US 8.8.8.8:53 img.2588u.com udp
US 8.8.8.8:53 kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com udp
US 8.8.8.8:53 img.byznc.xyz udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
NL 47.246.48.206:443 cdn.staticfile.org tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
NL 47.246.48.206:443 cdn.staticfile.org tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
TW 220.128.218.220:443 taiwtp1.com tcp
TW 220.128.218.220:443 taiwtp1.com tcp
HK 47.75.19.145:443 616182863.com tcp
HK 47.75.19.145:443 616182863.com tcp
HK 47.75.19.39:443 kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com tcp
HK 47.75.19.39:443 kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com tcp
US 8.8.8.8:53 ocsp.digicert.cn udp
US 20.18.120.113:443 u0081.com tcp
US 20.18.120.113:443 u0081.com tcp
US 45.154.215.92:443 kzerr.com tcp
US 45.154.215.92:443 kzerr.com tcp
US 8.8.8.8:53 ocsp.digicert.cn udp
NL 47.246.48.205:80 ocsp.digicert.cn tcp
HK 43.154.254.32:443 p.qlogo.cn tcp
US 64.32.13.142:443 kzeii.com tcp
HK 43.154.254.32:443 p.qlogo.cn tcp
US 64.32.13.142:443 kzeii.com tcp
US 66.150.130.123:443 kzecc.com tcp
US 66.150.130.123:443 kzecc.com tcp
US 67.198.205.125:443 kzeaa.com tcp
US 67.198.205.125:443 kzeaa.com tcp
HK 47.75.19.145:443 616182863.com tcp
NL 47.246.48.205:80 ocsp.digicert.cn tcp
HK 47.75.19.145:443 616182863.com tcp
HK 104.208.86.153:443 u0081.com tcp
HK 104.208.86.153:443 u0081.com tcp
JP 20.243.255.199:443 u0081.com tcp
JP 20.243.255.199:443 u0081.com tcp
KR 3.36.126.81:443 img.byznc.xyz tcp
KR 3.36.126.81:443 img.byznc.xyz tcp
US 45.61.212.170:443 vcawmm.com tcp
US 45.61.212.170:443 vcawmm.com tcp
US 64.32.13.142:443 kzeii.com tcp
US 64.32.13.142:443 kzeii.com tcp
US 66.150.130.123:443 kzecc.com tcp
US 66.150.130.123:443 kzecc.com tcp
NL 104.74.225.127:443 dimg04.c-ctrip.com tcp
NL 104.74.225.127:443 dimg04.c-ctrip.com tcp
US 45.154.215.92:443 kzerr.com tcp
US 45.154.215.92:443 kzerr.com tcp
US 45.154.214.219:443 kvemm.com tcp
US 45.154.214.219:443 kvemm.com tcp
HK 47.75.19.145:443 616182863.com tcp
HK 47.75.19.145:443 616182863.com tcp
HK 47.75.19.145:443 616182863.com tcp
HK 47.75.19.145:443 616182863.com tcp
US 23.224.145.233:80 de88deggtp89.com tcp
US 23.224.145.233:80 de88deggtp89.com tcp
KR 3.36.126.81:443 img.byznc.xyz tcp
KR 3.36.126.81:443 img.byznc.xyz tcp
US 103.170.15.84:443 223969ufy.com tcp
US 103.170.15.84:443 223969ufy.com tcp
KR 3.36.126.81:443 img.byznc.xyz tcp
KR 3.36.126.81:443 img.byznc.xyz tcp
US 8.8.8.8:53 kvhfff.top udp
US 188.114.97.0:443 kvhfff.top tcp
US 188.114.97.0:443 kvhfff.top tcp
US 8.8.8.8:53 kvkbbb.top udp
US 8.8.8.8:53 acoozzh.top udp
US 188.114.97.0:443 kvkbbb.top tcp
US 104.21.33.100:443 acoozzh.top tcp
US 188.114.97.0:443 kvkbbb.top tcp
US 8.8.8.8:53 tx2.a.yximgs.com udp
US 8.8.8.8:53 kvheee.top udp
US 8.8.8.8:53 kvhttt.top udp
US 8.8.8.8:53 ali2.a.yximgs.com udp
US 104.21.234.198:443 kvheee.top tcp
NL 47.246.48.228:443 ali2.a.yximgs.com tcp
US 8.8.8.8:53 kvhjjj.top udp
US 188.114.96.0:443 kvhttt.top tcp
US 188.114.96.0:443 kvhttt.top tcp
US 8.8.8.8:53 static.yximgs.com udp
US 104.21.234.217:443 kvhjjj.top tcp
US 8.8.8.8:53 kvkooo.top udp
US 104.21.234.217:443 kvhjjj.top tcp
US 8.8.8.8:53 kvkccc.top udp
US 104.21.9.78:443 kvkooo.top tcp
US 104.21.9.78:443 kvkooo.top tcp
NL 104.109.143.28:443 static.yximgs.com tcp
NL 104.109.143.28:443 static.yximgs.com tcp
US 8.8.8.8:53 k68tkg.com udp
US 8.8.8.8:53 yaoji666.oss-cn-hongkong.aliyuncs.com udp
US 8.8.8.8:53 65211351892.com udp
US 8.8.8.8:53 u1055.com udp
US 8.8.8.8:53 vecukb.com udp
US 8.8.8.8:53 253669vqx.com udp
US 8.8.8.8:53 n0533.com udp
US 8.8.8.8:53 537882736.com udp
US 8.8.8.8:53 3338635.com udp
US 8.8.8.8:53 dl66d.com udp
US 8.8.8.8:53 upffxs6.com udp
US 103.170.15.70:443 vecukb.com tcp
HK 47.75.19.16:443 yaoji666.oss-cn-hongkong.aliyuncs.com tcp
HK 47.75.19.16:443 yaoji666.oss-cn-hongkong.aliyuncs.com tcp
JP 185.135.77.234:443 dl66d.com tcp
NL 101.33.29.233:443 tx2.a.yximgs.com tcp
NL 101.33.29.233:443 tx2.a.yximgs.com tcp
US 172.67.170.228:443 kvkccc.top tcp
US 104.21.234.198:443 kvheee.top tcp
US 103.170.15.70:443 vecukb.com tcp
HK 20.239.194.128:443 n0533.com tcp
HK 20.239.194.128:443 n0533.com tcp
US 104.21.33.100:443 acoozzh.top tcp
US 103.170.15.88:443 3338635.com tcp
US 103.170.15.88:443 3338635.com tcp
JP 185.135.77.234:443 dl66d.com tcp
HK 47.75.19.145:443 537882736.com tcp
HK 47.75.19.145:443 537882736.com tcp
US 172.67.170.228:443 kvkccc.top tcp
US 45.61.212.47:443 upffxs6.com tcp
US 45.61.212.47:443 upffxs6.com tcp
US 103.170.15.55:443 vecukb.com tcp
US 103.170.15.55:443 vecukb.com tcp
US 45.61.212.123:443 upffxs6.com tcp
US 45.61.212.123:443 upffxs6.com tcp
US 103.170.15.55:443 vecukb.com tcp
US 103.170.15.55:443 vecukb.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 45.61.212.216:443 65211351892.com tcp
US 45.61.212.216:443 65211351892.com tcp
NL 23.2.164.159:80 x2.c.lencr.org tcp
US 8.8.8.8:53 e1.o.lencr.org udp
US 8.8.8.8:53 e1.o.lencr.org udp
NL 104.109.143.99:80 e1.o.lencr.org tcp
NL 104.109.143.99:80 e1.o.lencr.org tcp
NL 104.109.143.71:80 e1.o.lencr.org tcp
NL 104.109.143.99:80 e1.o.lencr.org tcp
NL 104.109.143.99:80 e1.o.lencr.org tcp
NL 104.109.143.99:80 e1.o.lencr.org tcp
NL 104.109.143.99:80 e1.o.lencr.org tcp
US 8.8.8.8:53 yinyongbao3.app udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp

Files

memory/1836-54-0x0000000075771000-0x0000000075773000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-11-10 19:47

Reported

2022-11-10 19:49

Platform

win10v2004-20220812-en

Max time kernel

76s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe"

Signatures

joker

infostealer trojan joker

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "63" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2dama.com\Total = "63" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DOMStorage\2dama.com C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2dama.com\ = "63" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "126" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.2dama.com C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2dama.com\ = "126" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2dama.com\Total = "126" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2dama.com C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2dama.com\NumberOfSubdomains = "1" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.GHSProtocol C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.GHSProtocol\ = "Embedded Async Pluggable Protocol" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\ProgID C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F} C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\ = "Embedded Async Pluggable Protocol" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.GHSProtocol\Clsid C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.GHSProtocol\Clsid\ = "{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\ProgID\ = "7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.GHSProtocol" C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 5c0000000100000004000000000800000f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c61800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a405040000000100000010000000e829e65d7c4307d6fbc13c179e037a36190000000100000010000000f044424c506513d62804c04f719403f920000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 1800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6190000000100000010000000f044424c506513d62804c04f719403f9040000000100000010000000e829e65d7c4307d6fbc13c179e037a36030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a405140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c60f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce5c00000001000000040000000008000020000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a405140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c6040000000100000010000000e829e65d7c4307d6fbc13c179e037a360f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce190000000100000010000000f044424c506513d62804c04f719403f95c0000000100000004000000000800001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c61800000001000000100000002fe1f70bb05d7c92335bc5e05b984da65c000000010000000400000000080000190000000100000010000000f044424c506513d62804c04f719403f90f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce040000000100000010000000e829e65d7c4307d6fbc13c179e037a36030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a40520000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 040000000100000010000000e829e65d7c4307d6fbc13c179e037a36030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a4050f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce190000000100000010000000f044424c506513d62804c04f719403f95c0000000100000004000000000800001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c620000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 0f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c61800000001000000100000002fe1f70bb05d7c92335bc5e05b984da65c000000010000000400000000080000190000000100000010000000f044424c506513d62804c04f719403f9030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a405040000000100000010000000e829e65d7c4307d6fbc13c179e037a3620000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 190000000100000010000000f044424c506513d62804c04f719403f9040000000100000010000000e829e65d7c4307d6fbc13c179e037a36030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a4055c0000000100000004000000000800001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c60f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce20000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe

"C:\Users\Admin\AppData\Local\Temp\7f0014cc61000faf80241d367baed6d2b53301a0c037c90b8d851542b1c8616d.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.2dama.com udp
US 147.255.233.71:80 www.2dama.com tcp
US 147.255.233.71:80 www.2dama.com tcp
US 8.8.8.8:53 hm.baidu.com udp
HK 103.235.46.191:443 hm.baidu.com tcp
HK 103.235.46.191:443 hm.baidu.com tcp
US 8.8.8.8:53 mitao5.tv udp
HK 154.198.231.227:8443 mitao5.tv tcp
HK 154.198.231.227:8443 mitao5.tv tcp
US 8.8.8.8:53 cdn.staticfile.org udp
NL 47.246.48.206:443 cdn.staticfile.org tcp
NL 47.246.48.206:443 cdn.staticfile.org tcp
US 8.8.8.8:53 n0499.com udp
US 8.8.8.8:53 n0600.com udp
US 8.8.8.8:53 u0081.com udp
US 8.8.8.8:53 ocsp.digicert.cn udp
US 8.8.8.8:53 vcawmm.com udp
NL 47.246.48.205:80 ocsp.digicert.cn tcp
US 8.8.8.8:53 539397377.com udp
HK 104.208.86.153:443 u0081.com tcp
US 8.8.8.8:53 223969ufy.com udp
US 103.170.15.84:443 223969ufy.com tcp
US 8.8.8.8:53 297892531.com udp
US 8.8.8.8:53 613711567.com udp
US 8.8.8.8:53 kvexx.com udp
US 8.8.8.8:53 kvezz.com udp
JP 20.243.255.199:443 u0081.com tcp
US 8.8.8.8:53 kzeaa.com udp
US 8.8.8.8:53 kzerr.com udp
US 8.8.8.8:53 kveww.com udp
US 8.8.8.8:53 kzeii.com udp
US 8.8.8.8:53 kvemm.com udp
US 8.8.8.8:53 kzecc.com udp
US 8.8.8.8:53 616182863.com udp
US 8.8.8.8:53 p.qlogo.cn udp
US 8.8.8.8:53 taiwtp1.com udp
TW 220.128.218.220:443 taiwtp1.com tcp
US 8.8.8.8:53 de88deggtp89.com udp
HK 47.75.19.145:443 616182863.com tcp
US 8.8.8.8:53 dimg04.c-ctrip.com udp
US 8.8.8.8:53 img.9275x.com udp
US 8.8.8.8:53 img.2588u.com udp
US 8.8.8.8:53 img.byznc.xyz udp
US 8.8.8.8:53 kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com udp
HK 104.208.86.153:443 u0081.com tcp
JP 20.243.255.199:443 u0081.com tcp
US 103.170.15.84:443 223969ufy.com tcp
HK 47.75.19.145:443 616182863.com tcp
HK 20.239.194.128:443 u0081.com tcp
HK 20.239.194.128:443 u0081.com tcp
TW 220.128.218.220:443 taiwtp1.com tcp
HK 47.75.19.145:443 616182863.com tcp
HK 47.75.19.145:443 616182863.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
HK 47.75.19.39:443 kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com tcp
HK 47.75.19.39:443 kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com tcp
US 104.16.87.20:443 cdn.jsdelivr.net tcp
US 104.16.87.20:443 cdn.jsdelivr.net tcp
US 66.150.130.123:443 kzeaa.com tcp
US 66.150.130.123:443 kzeaa.com tcp
US 64.32.13.142:443 kvemm.com tcp
US 64.32.13.142:443 kvemm.com tcp
US 64.32.13.142:443 kvemm.com tcp
US 64.32.13.142:443 kvemm.com tcp
US 104.143.94.110:443 kzerr.com tcp
US 104.143.94.110:443 kzerr.com tcp
HK 47.75.19.145:443 616182863.com tcp
HK 47.75.19.145:443 616182863.com tcp
US 64.32.13.142:443 kvemm.com tcp
US 64.32.13.142:443 kvemm.com tcp
US 64.32.13.142:443 kvemm.com tcp
US 64.32.13.142:443 kvemm.com tcp
US 8.8.8.8:53 k68tkg.com udp
US 8.8.8.8:53 yaoji666.oss-cn-hongkong.aliyuncs.com udp
US 45.154.215.92:443 kzecc.com tcp
US 45.154.215.92:443 kzecc.com tcp
HK 47.75.19.16:443 yaoji666.oss-cn-hongkong.aliyuncs.com tcp
HK 47.75.19.16:443 yaoji666.oss-cn-hongkong.aliyuncs.com tcp
US 64.32.13.142:443 kvemm.com tcp
US 64.32.13.142:443 kvemm.com tcp
US 8.8.8.8:53 65211351892.com udp
US 103.170.15.97:443 65211351892.com tcp
HK 43.129.255.47:443 p.qlogo.cn tcp
HK 43.129.255.47:443 p.qlogo.cn tcp
US 103.170.15.97:443 65211351892.com tcp
KR 3.36.126.81:443 img.byznc.xyz tcp
KR 3.36.126.81:443 img.byznc.xyz tcp
US 8.8.8.8:53 u1055.com udp
KR 3.36.126.81:443 img.byznc.xyz tcp
KR 3.36.126.81:443 img.byznc.xyz tcp
NL 104.74.225.127:443 dimg04.c-ctrip.com tcp
NL 104.74.225.127:443 dimg04.c-ctrip.com tcp
US 103.170.15.70:443 u1055.com tcp
US 103.170.15.70:443 u1055.com tcp
US 8.8.8.8:53 vecukb.com udp
US 8.8.8.8:53 n0533.com udp
US 23.224.145.233:80 de88deggtp89.com tcp
US 23.224.145.233:80 de88deggtp89.com tcp
US 8.8.8.8:53 253669vqx.com udp
US 45.61.212.170:443 vecukb.com tcp
US 45.61.212.170:443 vecukb.com tcp
US 103.170.15.75:443 253669vqx.com tcp
US 103.170.15.70:443 vecukb.com tcp
US 45.61.212.170:443 vecukb.com tcp
KR 3.36.126.81:443 img.byznc.xyz tcp
US 45.61.212.170:443 vecukb.com tcp
KR 3.36.126.81:443 img.byznc.xyz tcp
JP 20.243.255.199:443 n0533.com tcp
HK 47.75.19.145:443 616182863.com tcp
HK 47.75.19.145:443 616182863.com tcp
US 103.170.15.70:443 vecukb.com tcp
JP 20.243.255.199:443 n0533.com tcp
US 8.8.8.8:53 537882736.com udp
US 8.8.8.8:53 3338635.com udp
US 103.170.15.75:443 3338635.com tcp
HK 47.75.19.145:443 537882736.com tcp
HK 47.75.19.145:443 537882736.com tcp
US 8.8.8.8:53 dl66d.com udp
JP 185.135.77.234:443 dl66d.com tcp
JP 185.135.77.234:443 dl66d.com tcp
US 8.8.8.8:53 upffxs6.com udp
US 8.8.8.8:53 kvhuuu.top udp
US 8.8.8.8:53 acoozzh.top udp
US 8.8.8.8:53 kvkjjj.top udp
US 8.8.8.8:53 kvhooo.top udp
US 8.8.8.8:53 kvkddd.top udp
US 8.8.8.8:53 kvkeee.top udp
US 104.21.43.117:443 kvkjjj.top tcp
US 104.21.33.12:443 kvhooo.top tcp
US 8.8.8.8:53 kvkhhh.top udp
US 45.61.212.220:443 3338635.com tcp
US 45.61.212.220:443 3338635.com tcp
US 104.21.33.12:443 kvhooo.top tcp
US 8.8.8.8:53 tx2.a.yximgs.com udp
US 8.8.8.8:53 ali2.a.yximgs.com udp
US 104.21.234.152:443 kvhuuu.top tcp
US 104.21.234.152:443 kvhuuu.top tcp
US 8.8.8.8:53 static.yximgs.com udp
US 104.21.33.100:443 acoozzh.top tcp
US 104.21.233.183:443 kvkddd.top tcp
US 104.21.33.100:443 acoozzh.top tcp
US 104.21.233.183:443 kvkddd.top tcp
US 188.114.96.0:443 kvkhhh.top tcp
US 188.114.96.0:443 kvkhhh.top tcp
US 8.8.8.8:53 kvhfff.top udp
NL 104.109.143.28:443 static.yximgs.com tcp
NL 104.109.143.28:443 static.yximgs.com tcp
US 104.21.43.117:443 kvkjjj.top tcp
GB 43.132.64.83:443 tx2.a.yximgs.com tcp
GB 43.132.64.83:443 tx2.a.yximgs.com tcp
NL 47.246.48.226:443 ali2.a.yximgs.com tcp
NL 47.246.48.226:443 ali2.a.yximgs.com tcp
US 188.114.96.0:443 kvhfff.top tcp
US 188.114.96.0:443 kvhfff.top tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 188.114.96.0:443 kvhfff.top tcp
US 188.114.96.0:443 kvhfff.top tcp
NL 23.2.164.159:80 x2.c.lencr.org tcp
US 103.170.15.81:443 upffxs6.com tcp
US 103.170.15.81:443 upffxs6.com tcp
US 8.8.8.8:53 e1.o.lencr.org udp
NL 104.109.143.71:80 e1.o.lencr.org tcp
NL 104.109.143.71:80 e1.o.lencr.org tcp
NL 104.109.143.71:80 e1.o.lencr.org tcp
US 8.8.8.8:53 yinyongbao3.app udp
US 13.89.178.27:443 tcp
NL 104.80.225.205:443 tcp
US 8.249.91.254:80 tcp
US 8.249.91.254:80 tcp
US 8.249.91.254:80 tcp
US 93.184.221.240:80 tcp

Files

N/A