a34b663f961d9d1e667b5a6c8c1d0385102a3a3bb9345c9530410e54e0c89138

Analysis

max time kernel
91s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2023 10:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a34b663f961d9d1e667b5a6c8c1d0385102a3a3bb9345c9530410e54e0c89138.exe
Size

1.0MB
MD5

74fb2f7818f324d637096a75675cfc0e
SHA1

af234d13310de6066a2c0c8601d5167c2b7ab496
SHA256

a34b663f961d9d1e667b5a6c8c1d0385102a3a3bb9345c9530410e54e0c89138
SHA512

87e6d81b1c9bbc777cc137a4b5e75df91acc28835265a967d18a278723b2614563436bbf04151a99139ac953ec93190b7d7ad6c806938a70dce0a80e6bdaa2a0
SSDEEP

12288:c/XEXxg5SJgzykSsjsappPTxKq9TUMZ6lrFDi/TJUL/j/A1dXJ0yOQG6AfIAFyw8:c/XEXjJSbjsWKKhAxET4/jWthOnrtK

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

Processes:

updroots.exeupdroots.exeupdroots.exeupdroots.exe

pid process

2084 updroots.exe
2732 updroots.exe
4300 updroots.exe
2760 updroots.exe

pid	process
2084	updroots.exe
2732	updroots.exe
4300	updroots.exe
2760	updroots.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

a34b663f961d9d1e667b5a6c8c1d0385102a3a3bb9345c9530410e54e0c89138.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	a34b663f961d9d1e667b5a6c8c1d0385102a3a3bb9345c9530410e54e0c89138.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 64 IoCs

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

updroots.exeupdroots.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D99B104298594763F0B9A927B79269CB47DD158B\Blob = 030000000100000014000000d99b104298594763f0b9a927b79269cb47dd158b09000000010000004c000000304a06082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080b000000010000004e000000650050004b004900200052006f006f0074002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790020002d00200047003200000053000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07e000000010000000800000000c001b39667d6017f0000000100000018000000301606082b06010505070303060a2b0601040182370a0304200000000100000097050000308205933082037ba003020102021100d6962ec10a159312af8f63bcd444c95b300d06092a864886f70d01010b05003063310b300906035504061302545731233021060355040a0c1a4368756e676877612054656c65636f6d20436f2e2c204c74642e312f302d06035504030c2665504b4920526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3135313131373038323334325a170d3337313233313135353935395a3063310b300906035504061302545731233021060355040a0c1a4368756e676877612054656c65636f6d20436f2e2c204c74642e312f302d06035504030c2665504b4920526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820222300d06092a864886f70d01010105000382020f003082020a0282020100a4591fa02fdfbee0fbe9dcb589fe5a9703c93a77a78e5caff2e31839f5aadd0f46d2680f579ca76360d358ce35c2a7f688c24f7f1b28e9d0a700c4174d6de20fc50e262320abf73a28a24c0a0bcc8ecee6009a5a400dd4501a9bd10d9c94f9dbee5cd0f18a07cd9a2b402c49a45d625fa76bdfee560850f342186c31b05ee59c7392bc0ed20c7dc53857bcbb58db261902ede343848a4e566bdbada131d9cc22679678ff779dcc64c532206aef4e30d52425fd8879af711afed54b1b1588bc1870aabdad380a663046e58985d57624a9a9b3e659600fb4a953c23a9d451ad6aee3775ec46236332f30c4bf95f12d38a575e8d16a932e45874b4aa2dfbf58279aca6219aa5ed4b1804996dd2bec5f8f9be09d9788f58403a3afb3a5732d41bae507b76f6b71f7f7c95aaf6999b32fc84f42eb6c6b716778df0aac4fd74a8500461ad5cdb89fea959d0f7cd1c60585e608de881781f6d5b56eeaa11cd761aae35942899c597eb17c6434dd61232a39b510abfc86a9531ac5eb6ae2804e5991c03889feb35dd6fb91e9d7b07dd97808ccf52bcc2be1a1d69473c1fe51f48c7d0ab59a8ab9f5dae0c9b3d88faa82838d69532dfd0004184aa0da54e1798c89eb7ff582e7a0b9774daef9ba023b8876eb7c5db35a13db7c29166b99d11de44821a20d5e0188e8bef1984d3ec716571c5fe1086f1c4c584356f780658c710ea204674f0203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e04160414725bbaaa7238ee259024b59422fa0988ca8b0afb300e0603551d0f0101ff040403020106300d06092a864886f70d01010b0500038202010006a3f1b67355c6676621e59d5bd6942e4a2260f2540190a1fdb5bfc095bf185f2cf66b350efc31c8ed440e9297dcafdd56cfb51fba729c30c89bb191c07677d40f1a951ae94d1488a1cf6b02a66aeb64454d648ddefceb6cf25309a1855115d04f9e62fa11b9cec8240e726488753423302a3fbc3c39ccccdd0b36bbbd06828f1201c57105d124a1996ccae4f7aaed8ad7a70aadaff0e080bba1b23f5a87647086337b0d1ed7008683439775f53bc148fdb60e43a8026eb83e7f8f4ee25db47d9e30342fa8f1eb2787680d5a0a4d01dbc9145895f29a4d16aa73dbf425881738b7af590909b41f2d0fabf5b82755ee453033b8ed1b8ebc886caff85a2a6be0acb10524a109fca30ff3b02d7b96bab6940715458e29dc580ea905d83b3aa07bcd8ac7668297cfd633e067fca6db402f05e5c58b7a2a7af0b0369b0c18f637e941a1fdb128f96f6bbdeb1f4c63717b50dd29f2ffeef7c7455fe8360ae86c5b22c3e8c0e726dce3a89580e5b93a13db004b1afdae33477e7894e3b15d2bb556b5428b9f81c5fc934c10b5ba0abc7e37e3fa546df504c570b3a904d251d785cd7d6f438f5968e531561171f964290913fed01fbc8b0038b2d0ca3456761039567366c3d149d9be574f3f167d6a78b7a882b85bceae858a0a420c03d117c418f7d85788c682b807b93efda4e92edc6fba9092ee65b05034d307da01970fbce773827b	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1139A49E8484AAF2D90D985EC4741A65DD5D94E2\Blob = 53000000010000004c000000304a3023060d2b0601040181872e0a080c010230123010060a2b0601040182373c0101030200c03023060d2b0601040181872e0a080c010130123010060a2b0601040182373c0101030200c00b000000010000003e00000047004c004f00420041004c0020004300480041004d004200450052005300490047004e00200052004f004f00540020002d00200032003000310036000000090000000100000020000000301e06082b0601050507030206082b0601050507030406082b060105050703010300000001000000140000001139a49e8484aaf2d90d985ec4741a65dd5d94e22000000001000000dc060000308206d8308204c0a00302010202082dd22e5030a65e13300d06092a864886f70d01010b050030820108310b3009060355040613024553310f300d06035504080c064d4144524944310f300d06035504070c064d4144524944313a3038060355040b0c317365652063757272656e742061646472657373206174207777772e63616d65726669726d612e636f6d2f6164647265737331273025060355040b0c1e474c4f42414c204348414d4245525349474e20524f4f54202d203230313631123010060355040513094138323734333238373118301606035504610c0f56415445532d413832373433323837311b3019060355040a0c1241432043414d45524649524d4120532e412e3127302506035504030c1e474c4f42414c204348414d4245525349474e20524f4f54202d2032303136301e170d3136303431343037353030365a170d3430303430383037353030365a30820108310b3009060355040613024553310f300d06035504080c064d4144524944310f300d06035504070c064d4144524944313a3038060355040b0c317365652063757272656e742061646472657373206174207777772e63616d65726669726d612e636f6d2f6164647265737331273025060355040b0c1e474c4f42414c204348414d4245525349474e20524f4f54202d203230313631123010060355040513094138323734333238373118301606035504610c0f56415445532d413832373433323837311b3019060355040a0c1241432043414d45524649524d4120532e412e3127302506035504030c1e474c4f42414c204348414d4245525349474e20524f4f54202d203230313630820222300d06092a864886f70d01010105000382020f003082020a0282020100d06be79e222b53761555af4c4ac06d6bfbf9844405a17d60ce05ec9e9873fa5b840731f7ff3d6bc77e560662a55c9696d3f15e597eeb311cbf77573054ef1ec5ccc4b2eadbe68ad0f42884c8b0482d2c966dfb22a8358ebede701510f966414616a043643f8d4af38031cf93807e9adba5af8f6c2cfd0eef1c79dc0fa26e845c22890e442e48a89473ec3932911ce214bd7d65e672fe5be754752f7d0ee2c6ca692e5ea20ed5e885de3f6b7fa582b0467d5d9e71ba14b4ebedc7c214640c586e4f9536613645603666184b951a3e58ac8b261e25e6fa9500fbad129efa1261be1adea67ce9abffd794897242fcbb4511ec3f70fc19c49aea976eace438043be13f012871a3e2ae4364781699025abfd7c4efb5b7d5c358814186e4b28c00a5889898eb09e758316831deede24935f3d2b357dcc4429ffd3cefd0f52b396e61ae7ae1c77a3d6d17306c02ac89d65a849c29c09e108eb8203633ca802b687f36756515f8c3daff71a2fced9b77dc19faf1c8b605f4e57092a9c8ddb8b01a555b91dcb8e59ab503c0adb6aef1997b4bb5890ede640b647e54eea7c38a9819c5fc3c1308453edf9ffbc77db1a08236143dc063000166c4e4f0993b1e51785db9173c589315afa8f52520198d233d123c42eb2f5d428ef230a8255ae6faf74f6dbe2658f58f7ff78af8b36ec31bf2318536718efd3bd6e63035cb258d658957a833950203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e04160414e89bcd7e86629b7a4d8c00973985cf1c7890703a300e0603551d0f0101ff040403020106300d06092a864886f70d01010b050003820201007bfd2ac3cb1b29021009adeb2eb32b6dd94ba0db3598f58f02a7d3420b43ab83b57747884685ddd1b61e7d981b8c71beaac8f0efc66a2d569852e89689fbd5ea00dffee622caa7b93e654475c38abf8b7789c36a57fabcc8e110def1da8527f1ed07ffd5c242d4a2612fdf8871e334e667649bc67a19eb39eff3ea04a874694c80b5fcadbd0d08f4c8ef282782cadde8f3ba5767a2ea29c199e17666f9f6785d9c3ef0f6cfa11934d3f13c33a1cc8232b648e3833e0fbf6795c1a299784243f7034d13576fdd71dd16f3fb79381b629aa4cd5e50de1120908a2298abda467a4c34d148ddd96665625405d97499677457b13a2e18b0aeac9f3f2eeb1fb29ccd8ef8db788ed406cfa393316b7fed5272b78bcf286fc9f9544f01d43a86e82efae1d02584e316fc8c8d24e364cc2a8cb260539f59924509945ba8108532cb77f28e958a4472cf6e17de44bd0aaefd26b63d79663d4dbc7e32435ddbe065b52869ba7c9e324a8fea7ab03d165dfd3efa1b04f8103578ccedc1d92dbf6bd2efe99fc05b8feabe7ad131e7063dad84abec3bf112c77ff1f8462f097897c0273db13f71238b1aa75ce616250e264db90e56a752a43809af4905fe7fce3fc2fce6e44a9427e553c48834eb0257bcce8e2bad77537240bb851655192f837695a37639a8b2f47da4db00427aa07b8e1906e497cd5b3d3ab45cc0691f3266bf089f849b2265	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\FE45659B79035B98A161B5512EACDA580948224D\Blob = 030000000100000014000000fe45659b79035b98a161b5512eacda580948224d090000000100000040000000303e06082b0601050507030206082b06010505070303060a2b0601040182370a030c06082b0601050507030406082b0601050507030106082b060105050703080b0000000100000070000000480065006c006c0065006e00690063002000410063006100640065006d0069006300200061006e006400200052006500730065006100720063006800200049006e0073007400690074007500740069006f006e007300200052006f006f007400430041002000320030003100310000007e00000001000000080000000080c82b6886d7017f000000010000000c000000300a06082b060105050703032000000001000000350400003082043130820319a003020102020100300d06092a864886f70d0101050500308195310b300906035504061302475231443042060355040a133b48656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e7320436572742e20417574686f726974793140303e0603550403133748656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e7320526f6f7443412032303131301e170d3131313230363133343935325a170d3331313230313133343935325a308195310b300906035504061302475231443042060355040a133b48656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e7320436572742e20417574686f726974793140303e0603550403133748656c6c656e69632041636164656d696320616e6420526573656172636820496e737469747574696f6e7320526f6f744341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100a95300e32ea6f68efa60d82d953ef82c2a544ecdb9846194584f8f3d8be443f375898d51e4c337d28a884d791eb712dd43784a8a92e6d748d50fa43a294435b807f6681d55cd3851f08c243185af83c97de977afed1a7b9d17f9b39d38500fa65a799180af37aea6d331fbb526099d3c5aef51c52bdf965deb321e02da7049ec6e0cc89a378df7f136604b262c829ed078f30d0f63a45130e1f92b271207d8eabd186298b059377dbeeef32051425a83ef93ba6915f1629d9f993982a1b7742e8bd4c50b7b2ff0c80ada3d790a9a931ca528727391439aa7d14d8584b9a9748f1440c7dcdeac41646cb4199b02636d24648f44b225eace5d740c63325c8d87e50203010001a38189308186300f0603551d130101ff040530030101ff300b0603551d0f040403020106301d0603551d0e04160414a69142fd13614a239e08a429e5d8130423ee412530470603551d1e0440303ea03c300582032e6772300582032e6575300682042e656475300682042e6f7267300581032e6772300581032e6575300681042e656475300681042e6f7267300d06092a864886f70d010105050003820101001fef7941e17b6e3fb28c8637424a4e1c371e8d66ba2481c94f120f21c0039786256d5dd32229a86ca20da9eb3d065b993ac7ccc39a347fab0ec84e1ce1fae4dccd0dbebf24fe6ce76bc20dc8069e4e8d6128a66afde5f662ea183c4ea0539db23a9ceba59c9116b64d82e00c0548a96cf5ccf8cb9d49b4f002a5fd7003ed8a21a5ae138649c33373be873b748b1745264c169183fe677dcd4d6367faf303129678068db167ed8e3fbe9f4f02f5b3092ff34c87df2acb957c01ccac367abfa2737af78fc1b59aa114b28f339f0def22dc667b84bd4517063d3ccab977348fcaeacf3f313ee388e3804925c897b59d9a994db03cf84a009b64dd9f394bd127d7b8	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\93F7F48B1261943F6A78210C52E626DFBFBBE260\Blob = 03000000010000001400000093f7f48b1261943f6a78210c52e626dfbfbbe260090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b060105050703080b000000010000002000000043004100200044004100540045005600200049004e00540020003000320000007e0000000100000008000000000063f58926d7017f0000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030820000000010000000c04000030820408308202f0a00302010202106a460a83f0baab9d5cd9484bb83f3359300d06092a864886f70d0101050500303a310b30090603550406130244453111300f060355040a0c0844415445562065473118301606035504030c0f434120444154455620494e54203032301e170d3131303830323036353934345a170d3139303830323038353934345a303a310b30090603550406130244453111300f060355040a0c0844415445562065473118301606035504030c0f434120444154455620494e5420303230820122300d06092a864886f70d01010105000382010f003082010a0282010100f03fd26c19b994af387a9cea5bc2ca5d01e92990366512649f0ef50648d508f2310d38f8a9f1e3dd4b19fa3b8df252c93610265432a290461faa9c9e1cbc2f85fff465d9002f4b151d061636098035c8acf86e412db498c1fce880dc6326d9ea729c553d2601f75be1a48b21c8103876a4446cb9447055e1b0923a89af33947cf4c10e9f12b68c8e087b5df740cb16de7461c8640bfedb2a81d36e549a7d4beb43b4530df087028b2fa25ca5d9a88a1b24348ae3dc5ff66429c4e8657e133469d170cb56076da89f6f856cd2879a3de6092f316dae068d34b73ccaff92d126a5ba859b33b2b7e0ca0a35bbd1c48a93a3f9924bd7b603878918568f0074b111850203010001a382010830820104300e0603551d0f0101ff04040302010630710603551d23046a30688014297591765209c4d608ecc52573e932db0253c35ba13ea43c303a310b30090603550406130244453111300f060355040a0c0844415445562065473118301606035504030c0f434120444154455620494e5420303282106a460a83f0baab9d5cd9484bb83f3359301d0603551d0e04160414297591765209c4d608ecc52573e932db0253c35b30120603551d130101ff040830060101ff020100304c0603551d20044530433041060604008f7a01023037303506082b060105050702011629687474703a2f2f7777772e64617465762e64652f7a6572746966696b61742d706f6c6963792d696e74300d06092a864886f70d010105050003820101003d75c999e477f5f39e3a6a27955a772b74d09ce0d2913d29fa8b320c36eb98123ace022502c2279724143535c0d6f155d9ec3a2a176a34c8de0da87a0b85847495621ac213bb61bac3f4b6990971ada9ba4f6f76c681916f246407c3ec196d4e6ec66755b2c46200ff750a90d24cb7609be61f552ad968953c60fe74bf6f582755fdde08fd7614e8f1d0452e0750f324dba99b3bc4bd0dc967bae74a1637a5ed18a89382885a2854adb1022f3543c1a24ed1b6028e06b97cb5a5e4ff97cd641b46009d145610e2d5be8532092b875076fa869aac56b69aa996a48937fc0b6e488cc60454f35e9613ee7274669afb5a323e38b1a63a2990278a8975e5476359bf	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5F3AFC0A8B64F686673474DF7EA9A2FEF9FA7A51\Blob = 0300000001000000140000005f3afc0a8b64f686673474df7ea9a2fef9fa7a5109000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b00000001000000260000005300770069007300730063006f006d00200052006f006f0074002000430041002000310000007e000000010000000800000000c00c0f7f39d30168000000010000000800000000800c13c1b9d4012000000001000000dd050000308205d9308203c1a00302010202105c0b855c0be75941df57cc3f7f9da836300d06092a864886f70d01010505003064310b30090603550406130263683111300f060355040a13085377697373636f6d31253023060355040b131c4469676974616c204365727469666963617465205365727669636573311b3019060355040313125377697373636f6d20526f6f742043412031301e170d3035303831383132303632305a170d3235303831383232303632305a3064310b30090603550406130263683111300f060355040a13085377697373636f6d31253023060355040b131c4469676974616c204365727469666963617465205365727669636573311b3019060355040313125377697373636f6d20526f6f74204341203130820222300d06092a864886f70d01010105000382020f003082020a0282020100d0b9b0a80cd9bb3f21f81bd533938016652075b23d9b606d46c88c316f17c3fa9a6c56ed3cc59157c3cdab9649902a194b1ea36d57ddf12b622875455eaad65bfa0b25d8a116f91cc42ee6952a67ccd0296e3c8534386149b1009fd63a715f4d6dce5fb9a9e4897f6a52faca9bf2dca9f99d99473f4e295fb4a68d5d7b0b99110303fee7dbdba3ff1da5cd901e011f35b07f00db906fc67e7bd1ee7a7aa7aa0c576fa46dc5133bb0a5d9ed321cb45e678b54dc7387e5d3177c6650725dd41a58c1d9cfd889026fa749b4365dd0a4de072cb675b72891d697be28f5981eea5b26c9bdb09773daae9126eb68c1f93915d6674b0a6d4fcbcfb0e442718c5379e7eee1db1da06e1d8c1a77355c161e2b531f348bd16cfcf267077af5adedd69aaba1b14be1cc375ffd7fcd4daeb81f9c43f92a58554345bc96cd700efcc9e366ba4e8d3b81cb15647bb994e85d335285712e4f8ea2061151c9e3cba16e3108640cc2d23cf536e8d7d00e78232091c9242a65295b22f721ce835ea4f3de4bd3688f46755c83096e296bc4708cf59dd7202fff46d22b38c22f751c3d7edaa5ef1e60856942d3ccf863fe1e433985a6b6634110b3731ebcd3faca7d1647e2a7d5d0a38a0a089662566e34dbd902b93075e304d2e78fc2b011400aacd57102628b31beddc623583142432d74f9c69ea68a0fe9febf83e6435724baef4634aad7120138ed0203010001a38186308183300e0603551d0f0101ff040403020186301d0603551d2104163014301206076085740153000106076085740153000130120603551d130101ff040830060101ff020107301f0603551d2304183016801403252fde6f82013a5c2cdc2ba169b567d48cd3fd301d0603551d0e0416041403252fde6f82013a5c2cdc2ba169b567d48cd3fd300d06092a864886f70d010105050003820201003510cbeca6040d0d0fcdc0dbaba8f288970cdf932f4d7c4056317aeba40f60cd7af3bec3278e033ea4dd12ef7e1e74063c3f31f21c7b913121b4f0d06c97d4e997b224561e56c335bd88050f5b101a64e1c78230f932ad9e502ce77805d031b15a988a754e905c6a142ae052478260e61eda81b1fb140b5af19fd295ba3ed01bd6151da3be86d5db0fc04964bb2e50194bd224f8dd1e0756d038a0957020768cd7dd1ede9f71c423ef83135ca324154d29403c6ac4a9d8b7a644a50df4e09d771e407026fcdad936e479e4b53fbc9b65bebb1196cfdbc628393a08ce475b535ac599fe5da9ddef4cd4c6a5ad02e68c07121e6f03d16fa0a3f329bd12c750a2b07f88a999779ab1c0a5392e5c7c69e22cb0ea376aa4e15ae1f550e583efa5bb2a88e78cdbfd6d5e9719a87e66756b71eabfb1c76fa0f48ea4ec34515b8c260370a177d50112570035db23de0e8a2899fdb1106f4bff382d604e2c9ceb67b5ad49ee4b1facaffb0d905a6660705daacd78d424eec841a09301929c6a9efcb924c5b315827ebeae952bebb1c0dae301600b5e69ac845661be7117fe1d130ffec68745e9fe32a01a0d13a4945571a5168bbaca89b0b2c7fc8fd854b593629dcecf59fb3d18ce2acb3515825dff54225b7152fbb7c9fe609b004164f0aa2aecb64243ce896681c88b9f39540325d316358e84d05ffa301af59a6cf40e53f93a5bd11c	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7E04DE896A3E666D00E687D33FFAD93BE83D349E	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE3F40BD5093D39B6C60F6DABC076201008976C9	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\FDE7C6FDB32BB8E63939840D6AE052C3D8B73B87	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A2BEE4AD032713ADCE0A0E9B19B6B85FC24ECA8D\Blob = 030000000100000014000000a2bee4ad032713adce0a0e9b19b6b85fc24eca8d09000000010000000c000000300a06082b060105050703020b000000010000005400000047006c006f00620061006c005300690067006e00200043006c00690065006e0074002000410075007400680065006e007400690063006100740069006f006e00200052006f006f0074002000450034003500000020000000010000003802000030820234308201bba00302010202107653febab21dd827e96916a2eb81be58300a06082a8648ce3d040303305c310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613132303006035504031329476c6f62616c5369676e20436c69656e742041757468656e7469636174696f6e20526f6f7420453435301e170d3230303331383030303030305a170d3435303331383030303030305a305c310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613132303006035504031329476c6f62616c5369676e20436c69656e742041757468656e7469636174696f6e20526f6f74204534353076301006072a8648ce3d020106052b8104002203620004ccccb43abb1a4df89d91c47781ed167f03117fb8e970844896410983605df424932a321e5e07fb47a4872a24d8578c5cd9a8df11787fb644d5ddafd501d926345f7d31c8c1eee3d6b9fe8f930270a26f603b1973b58b740a7b9d4217bc2d3ea7a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b583d670068ac69d868277d5a905653613f1c648300a06082a8648ce3d0403030367003064023066a5d17f7d3409160e0efbee7787814a9dd88087a06468cb5fb67458accbb298e29212892d1d3db15468f892f18d4e4a02301455327b766674916b24d45a94e2e56a80f67a7dcd42f3587863c1e9027b54dd1c01159dcbbf0418554024fa22f2d95e	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3753D295FC6D8BC39B375650BFFC821AED504E1A\Blob = 0300000001000000140000003753d295fc6d8bc39b375650bffc821aed504e1a090000000100000036000000303406082b06010505070302060a2b0601040182370a030c06082b0601050507030406082b0601050507030906082b060105050703087a000000010000000c000000300a06082b060105050703090b000000010000002c0000005a0045005400450053002000540053005000200052004f004f005400200043004100200030003000310000007e00000001000000080000000000042beb77d5017f000000010000000c000000300a06082b060105050703092000000001000000f0050000308205ec308203d4a003020102020802541aa950d7ce1f300d06092a864886f70d01010b05003061310b300906035504061302424531243022060355040a0c1b5a45544553205341202856415442452d3034303834323536323629310c300a06035504051303303031311e301c06035504030c155a455445532054535020524f4f5420434120303031301e170d3136303532303133323333385a170d3336303532303133323333385a3061310b300906035504061302424531243022060355040a0c1b5a45544553205341202856415442452d3034303834323536323629310c300a06035504051303303031311e301c06035504030c155a455445532054535020524f4f542043412030303130820222300d06092a864886f70d01010105000382020f003082020a0282020100abf9960e84287635812a563f02edd5f170910e4097225cbb96e69a1e0e3c2b993c2f6b3461ab07cc4a2615659e0b28cc00380f5bf6ac464cc55c22888e23d656285e75e2c44f52e33904733939e64ff7f3a9b220ea0c27d2c7f474733bec24ce616c1a95dbdc5542b1169431f9a67c8c14f838a27da0b5399cd7d65f952f857351bfaca9881c1cc9326c3800c3a2b02bd68fb286caba39386c6783ca4787578b9d56a47f764d481516b3c0978ac20cfa64b02043568c6a87c32d21173e5ee008aa1ab7aa843d56232b8331e3d302d9120305c239af6f53561703ab231c7af0bc0a1795972681ef78203de6dff4dabe8e5f5fd11efd997cf7216d5cb7049662c3d36e1dcaf7efa6459353df267be4d444d76d7fb054997eb627e2c3be4a674205ae6a4af2ee97065d679e81be5fe8005a544ab64cd9152e08f6421a25193e2b817b5adc19f46a2702dd8f940297ece29607b456e6e42eefdd2c168508fa1cf700967e0ee4a0fa298090b644537d3b7515ef5946e1cadcd8971b904943972e580572b45d31067d39e174ff1a4c4d9532e88da5aff43c7bff201ccbf0b0f732f3e612c5a1d7e49219e94967c03c7f9bb882de04f11557d6b0091e393a6ba6e2f8a69f217099a8b0597912ba4846e6f572ccccd40fb3b74cc3a3df2e9778c85f7b2b2122b53eb21cd96b43518bdb20498eda6a13340b3b4ef56b8e871b4ec64a002b0203010001a381a73081a4301d0603551d0e0416041438bc5c3054dce2bb20efee6f41a0316e5cfd8b75300f0603551d130101ff040530030101ff301f0603551d2304183016801438bc5c3054dce2bb20efee6f41a0316e5cfd8b7530410603551d20043a303830360604551d2000302e302c06082b06010505070201162068747470733a2f2f7265706f7369746f72792e7473702e7a657465732e636f6d300e0603551d0f0101ff040403020106300d06092a864886f70d01010b050003820201009c310a1ddecaa4a052b0962ae0fc2ce5a176dc14386586b32ed5a597f37360ae46687587b133c8128dd929a3ea1fbd6efeba275081e1716cceab309c269a517170671fd144a71434cd46dd2be30e65bdc64e436853b2b8b13df0643d0787b1f98732047a96e442bb3028c79a5d2b6bc7500a21b68622f612ad2e15f0bb53a930ca2deb02a194676311d8b7e6f3a70b061f9279a1f2ab537b3fa348084cfb440003ffc900c26cc24ac586c4b3ea595c0e7de53fb6a94f92e311045db777c635c3b23173da77d73f7f1019ad0022dd43c8e0127e44983851d238c8b6431a4c515d9c3a8bc83c79b8dcb01eebdde5e69e449be9503dcb11bc55fec7746565080da4aa773d1c13b69c9f152af94ee13482703673d234198455f30dc04f8dff56169a5b6512f032419c1b58bfbdaf321076d72d0fc53771e61afd31e6b436186cfb4bf5aa35b06c502de75b224ae0fa9d392041c62e0025e491df9b38d3059b9cfd046891b80e825cd835f762dcc960058b95cc3f7ceb8fc6fd9a9fa96f3201549a64a4dde5c5455eea55ede143cbade21e6e0a9e8e32e4e3aebc01d053040e9d424d36fb99e51ae907d453f045074213c76b213e84b7f7c58957531ff8f34e515bfe6732c359f69119880d806ce1de450a46997a3fcc3ef0206cf8bccfae772cfb6ef50b11768b99ceae8e3391780aa50c24b3530f6b11e9b3b01d64012e941d21d5	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\559BBA7B0FFE80D6D3829B1FD07AA4D322194790\Blob = 090000000100000040000000303e06082b0601050507030206082b06010505070303060a2b0601040182370a030c06082b0601050507030406082b0601050507030106082b060105050703080b000000010000001c0000004300410045004400490043004f004d00200052004f004f00540000007e00000001000000080000000080c82b6886d7017f000000010000000c000000300a06082b06010505070303030000000100000014000000559bba7b0ffe80d6d3829b1fd07aa4d3221947902000000001000000550500003082055130820339a003020102020800fb712658ad99e5300d06092a864886f70d01010b050030363116301406035504030c0d4341454449434f4d20526f6f74310f300d060355040a0c06454449434f4d310b3009060355040613024553301e170d3134303532313131303633355a170d3334303532313130323030305a30363116301406035504030c0d4341454449434f4d20526f6f74310f300d060355040a0c06454449434f4d310b300906035504061302455330820222300d06092a864886f70d01010105000382020f003082020a0282020100db80cae84974c7d3382ef1c52362fc368c2f1e7e390be906f4559ba5982994ed86473283f3c5927a05d729023e16c3287f3564297a79bba1e21e61148de700d0dca254658adf69b971477f38381646a7693111354ce12a7fff6d4f953de35d484d1953085a6b21d51230699790af2dc1f57f415f49368f4db81e1a955fda0f6f5c1535c411bc5f859bbdad3b555ebbdfcebbaf5c9960dd1f691a494821f9090acf72a7f0f2dee57819be12ddcd877941ce2f45d70b911011041e129df238035f1669aea00adac0f9eba00d180f795e919de41f149c3413190244ba51c3ee79b26014a3afbc482d283868014364ca0e868362d08a19a627f12b7b4b29215b9acc684210c84b4f0f23b2887cc45c6e1770c577af95c025a4220ad37cf9d872c8d02dbda7e8d22d8b4ca16e0afcb44033bb9a6bfca4eac9fee0348843ccc6bc3f75d2a5a9affa97b93eb7ce54a04dc05d2ec128d8635472b8ac5af53afb2061063af4a02b38abcc830c49d46e3e6d0f3e732f36e6f34fb3c000d145495b8cf6a3981d847f990ac3ea0a3cc3d324784867f51b3b0e1d0e43b10475c1a039768bf6d902a51de19e5b07bb36574a214df98969b46c0fd7afa0152499e7f8d75394ec12bfa4a5d7edee8e357777dca67f205492d663d6729e4d2ab68f73f319a1c4b01fe634a30b003e97492761aaaa04413338b55051cc3615db1fffbdca488348a7b30203010001a3633061301d0603551d0e0416041414cd2a597863ab6119e8b83da1e05ac075e7f9cb300f0603551d130101ff040530030101ff301f0603551d2304183016801414cd2a597863ab6119e8b83da1e05ac075e7f9cb300e0603551d0f0101ff040403020106300d06092a864886f70d01010b050003820201003d091900b691026cec0ef7e1e262b0bf330dfd5512f4089af72b2daef79c47d81f060113b58ee7b2820b3d845943d407d82b5c107a242cca8de8d5a3399c31ccebe03ae1d5bfcfc7877b60ff4739d7a344d608265bcf5a54ec88d38e0f793cc8a34fa6c28e27f0de12ae5e19ade722568a5832e0f906d0a92ab4359b0c86265100944750fca5c42561f958f045702e49767f11d66fb5f92905e10dc34e581faf1dec37d04af9060681d3dba096b80e913079e650df88b80ba95cd407f4c9a8cc7d8f9363096400052a686643bba2bbfe95aef9c4a50a88624878257c2a3f1164a6d32220479d32d6f2e3c8a46174e782c244baa0d15d5fbcf1440e834f1c5085c4e9e76cfce6b855e1a21a80b79044a78422974722deab3837cfb5f21c3e4270bb75b665286bcb7f8235aaf6f32078287307963070a52a715ca179a416b9463d5eb400498589d30edf81ae588d58d6e1c544782e1c20bba24797bf76143ba9288f9f0b75d2a13ced2bc78e90a17aa2993062fc851d35733bf3b559221bcd08b10c9d756adb853b0e879f324f920001014c49688280416cf9fd71bd8bf4780a60a39eb1521dc08ae39ec5bf2b196a98a7b1de15509faa94258fa98082a772ba49640927612b6ebc2328335d9e6ef0b9bd20328cdda00b99bbb4840424752996f7a7a517b85105eb74ad517996fcbbfbdf092d089244cec0d2b318c71422bf21f1	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8DDEB82046B6227C79246A3EAD7B32C3E88FFCAC	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2BB1F53E550C1DC5F1D4E6B76A464B550602AC21\Blob = 0300000001000000140000002bb1f53e550c1dc5f1d4e6b76a464b550602ac2109000000010000005e000000305c06082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080b000000010000002c000000410074006f0073002000540072007500730074006500640052006f006f0074002000320030003100310000007e00000001000000080000000000cf97a737d6017f000000010000000c000000300a06082b0601050507030920000000010000007b030000308203773082025fa00302010202085c33cb622c5fb332300d06092a864886f70d01010b0500303c311e301c06035504030c1541746f732054727573746564526f6f742032303131310d300b060355040a0c0441746f73310b3009060355040613024445301e170d3131303730373134353833305a170d3330313233313233353935395a303c311e301c06035504030c1541746f732054727573746564526f6f742032303131310d300b060355040a0c0441746f73310b300906035504061302444530820122300d06092a864886f70d01010105000382010f003082010a028201010095853b976f2a3b2e3bcfa6f32935becf18ac3eaad9f84da03e1a47b9bc9adff2fecc3e47e87a96c2248e35f4a90cfc82fd6dc1726227bdea6bebe78acc543e9050cf80d495fbe8b582d414c5b6a9552557dbb150f6b06064597a69cf03b76f0dbeca3e6f7472eaaa302a7362be499161c811fe0e032af76a20dc02150d5e156afce382c1b5c59d64096ca359980727c71b962b6174716c43f1f7358910e09eec55a13722a28704052c477db41cb962296628cab7e193f5a4940399b97085b5e648ea8d50fcd9decc6f070edd0b729d80301607953f280efdc5754f53d6749ab4242e8e0291cf76c59b1e55749c7821b1f02df10b9fc2d596181ff054227a8c070203010001a37d307b301d0603551d0e04160414a7a506b12ca60960eed197e970aebc3b196cdb21300f0603551d130101ff040530030101ff301f0603551d23041830168014a7a506b12ca60960eed197e970aebc3b196cdb2130180603551d200411300f300d060b2b06010401b02d03040101300e0603551d0f0101ff040403020186300d06092a864886f70d01010b05000382010100267734db9448862a419d2c3e069060c48cac0b54b81fb97bd30739e4fa3e7bb23d4eed9f23bd97f36b5cefeefd40a6dfa193a10a86acef20d07901bd78f719d82431340401a6ba159ac327dcd84f0fcc1863ff990f0e916b7516e121fcd826c747b7a6cf5872717ebae14d95473bc9af6da1b4c1ec89f6b40f38b5e264dc25cfa6dbeb9a5c99a1c508defde6dad5d65a450cc4b7c2b514efb411ff0e15b5f5f5dbc6bdeb5aa7f05622a93c6554c615a8bd869ecd8396687a718189e10be1ea111b6808cc699eec9e419e4432267ae2870a713debe45aa4d2dbc5cdc6de607fb9f34f4492ef2ab7183ea719d90b7db1374142b0ba601df2fe0911b0f0877ba79d	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2F783D255218A74A653971B52CA29C45156FE919\Blob = 0b000000010000001600000049007a0065006e00700065002e0063006f006d00000009000000010000000c000000300a06082b060105050703010300000001000000140000002f783d255218a74a653971b52ca29c45156fe9192000000001000000f5050000308205f1308203d9a003020102021000b0b75a16485fbfe1cbf58bd719e67d300d06092a864886f70d01010b05003038310b300906035504061302455331143012060355040a0c0b495a454e504520532e412e3113301106035504030c0a497a656e70652e636f6d301e170d3037313231333133303832385a170d3337313231333038323732355a3038310b300906035504061302455331143012060355040a0c0b495a454e504520532e412e3113301106035504030c0a497a656e70652e636f6d30820222300d06092a864886f70d01010105000382020f003082020a0282020100c9d37aca0f1eaca786e816656ab1c21b45327195d9fe105bccafe7a579018f89c3caf25571f777be7794f372a42c44d89e929b143aa1e724900a0a568ec5d82694e1d948e12d3eda0a72dda39915da81a287f47b6e26778958add6eb0cb2417a736e6ddb7a7841e90888127e872e6611636c54fb3c9d72c0bc2effc2b7dd0d76e33ad7f7b468bea2f5e3816ec1466f5d8de04dc65455891a33310ab157b9a38a98c3ec3b34c59541697e75c23c20c561ba5147a0209093a1904bf34e7c8545549ad1052641b0b54d1d33bec403c8257cc170db3bf4092d542748ac2fe1c4ac3ec8cb924c53393723ecd301f9e009444d4d64c0e10d5a8722bcad1ba3fe26b515f3a7fc8419e9eca188b444698483f389d17406a9cc0bd6c2de27855026ca17b8c97a87562c1a011e6cbe13ad10acb524f53891a1d64bdaf1bbd2de47b5f1bc81f6596bcf1953e98d15cb4acba96f44e51b41cfe186a7cad06a9fbc4c8d06335aa285e59035a0625c164ef0e3a2fa031ab42c71b3582cde7b0bdb1a0febde211f06770603b0c9ef99fcc0b94f0b8628fed2b9eae3daa5c3476912e0dbf0f6198bed7b70d702d6ed8718282c04244c77e4488a1ac63b9ad40fcafa75d201405a8d79bf8bcf4bcfaa16c195e4ad4c8a3e1791d4b162e582e58004a4037e8dbfda7fa20f974f0cd30dfbd7d1e5727e1cc877ff5b9a0fb7ae0546e5f1a816ec47a4170203010001a381f63081f33081b00603551d110481a83081a5810f696e666f40697a656e70652e636f6da4819130818e31473045060355040a0c3e495a454e504520532e412e202d20434946204130313333373236302d524d6572632e5669746f7269612d4761737465697a205431303535204636322053383143304106035504090c3a417664612064656c204d65646974657272616e656f2045746f726269646561203134202d203031303130205669746f7269612d4761737465697a300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604141d1c650ea8f2257bb491cfe4b1b1e6bd55746c05300d06092a864886f70d01010b0500038202010078a60c164a9f4c883ac0cb0ea5167d9fb9485f188f0d6236f6cd196bacabd5f6917dae71f33fb30e78859b95a4272147424a7c483af5457cb30c8e5178ac9513dec6fd7db81a904cab9203c7ed4201ce0fd8b1faa292e1606dae7a6b09aac629ee6849673080247a3116395b7ef11c2edd6c09adf231c1824eb9bbf9bebf2a853fc040a33a59fc594b3c2824dbb41575ae0d88ba2e73c0bd5887e542f2eb5eee1e302299cb37d1c4216c81ecbe6d26e61ce442209e47b0ac8359702c35d6af3634b4cd3bf832a8efe37889fb8d452cda9cb87e401c61e73ea2922c4bf2cdfa98b629fff3f27ba91f2ea093572bde8503f96937cb9e786a05b4c5317889ec7aa785e1b97b3cdebe1e7984ce9f700e59c2352e902a31d9e4457a41a42e139b340e667b49ab6497d046c3799d725063a6985b06bd486dd8398370e835f005d1aabce3dbc802ea7cfd82dac25b5235ae983aadba359323a71f48dd354698b21068e4a531c20a582e198110c95075fcea5a16ce11d7eeef50882d61ff3f4273059443d58e3c4e013a19a51f464e77d05de581222187fe947d84d893add6684348b2dbeb7324e7917f54a4b6803e9da33c4c72c257c4a0d4cc3827ced5069ea248d9e99fce827036939a3bdf9621e359b70cda9137f0fd595ab399c8696c4326013563605589033a75d8ba4ad954ffeede80d82dd138d55e2d0b987d3e6cdbfc2688c7	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6F62DEB86C85585AE42E478DB4D76DB367585AE6\Blob = 7f000000010000000c000000300a06082b060105050703037e000000010000000800000000003db65bd9d5010b000000010000004400000041004e004300450052005400200043006500720074006900660069006300610064006f00730020004e006f00740061007200690061006c00650073002000560032000000090000000100000040000000303e06082b0601050507030206082b06010505070303060a2b0601040182370a030c06082b0601050507030406082b0601050507030106082b060105050703080300000001000000140000006f62deb86c85585ae42e478db4d76db367585ae620000000010000001607000030820712308204faa003020102021009bd56052a1316f4684f740ea97d1c48300d06092a864886f70d01010b0500307c310b30090603550406130245533141303f060355040a13384167656e636961204e6f74617269616c2064652043657274696669636163696f6e20532e4c2e552e202d2043494620423833333935393838312a302806035504031321414e4345525420436572746966696361646f73204e6f74617269616c6573205632301e170d3130303532353136353631345a170d3330303532353136353631345a307c310b30090603550406130245533141303f060355040a13384167656e636961204e6f74617269616c2064652043657274696669636163696f6e20532e4c2e552e202d2043494620423833333935393838312a302806035504031321414e4345525420436572746966696361646f73204e6f74617269616c657320563230820222300d06092a864886f70d01010105000382020f003082020a0282020100b2e6b9c61d6a2a2d49c5fcfcd46440d0e0142ef7a0c2ff92f341a6b43fdabe1914919476d315cc5e7f78507adbdac545aacb1c23797390a8bb6701738ece40f91aa9aa87e493920f5c685c5ef006602b58dc3c6d3cc77a306b05aa9286732ad2f21a88c4dbe55a668e75c9423f9b8828401ef5a95c1efac841a130ab0b9cee16a2c12da585faeda00ce87f964a7bbd8f9aa21876d2afddb73d10ab521088ae1debb8327496f4b7aa27f7a5070de394576a542077cd1dbc792de49cb4de5188fe56d63d8ba1cffa521e8c057377d605cf6300518761e350be9997e1fc1e11796b4e6acf9c850a1c962ac0203614c50917623bf4adead5d7fdd0392a78d3d0a2cfc873300947c54e19fdb830d40f80988886c14c417a23c543fd5e12b83e0fb1b781620c7e6fe37b9ac2c24711211fcf9ed130ce83c1104d4077d7b5c24b324042fa9bb0accfeb21d819eb64c56bdd552d8087447c4c3cab0dd812bf34828cb1aac4b86be80e4677d28b061d42fbacbdc9e733b3226f7ed52e03c55f0516867cede39ed116771a46d8c9d08ce45c5c210591f164e4acc537aeb5bd6713ae29e5b342c47009a35d4ceb3720e3f0f573333bc2fc8e5185362acb81db0e8923d9e2e168ba2c44773e1c40baf0678e1887f03dd7e93f475b3542cda704ce487229051ab4d1a2e70d798a966d67522d3b23e6f9829cd6b3795e14de654833fc1d42e82d0203010001a382018e3082018a300f0603551d130101ff040530030101ff308201250603551d200482011c308201183082011406092b060104018193680130820105302506082b060105050702011619687474703a2f2f7777772e616e636572742e636f6d2f6370733081db06082b060105050702023081ce300d1606414e4345525430030201011e81bc004100670065006e0063006900610020004e006f00740061007200690061006c002000640065002000430065007200740069006600690063006100630069006f006e002e00200050006100730065006f002000640065006c00a000470065006e006500720061006c0020004d0061007200740069006e0065007a002000430061006d0070006f007300200034003600200036006100200070006c0061006e007400610020003200380030003100300020004d00610064007200690064300e0603551d0f0101ff040403020186301d0603551d0e04160414f6123aab7b58c18d436f7681d2f2b8d3ef17ea0b301f0603551d23041830168014f6123aab7b58c18d436f7681d2f2b8d3ef17ea0b300d06092a864886f70d01010b050003820201005435d3a265c9d936c553d1b48d723489baa7089fe93510b9b80c06f964aa959628a8c8a380dc56c0bf724d56bf7f5d04d5ad285b4dbdf3c30f15b071da568d405557a67d62a2ad136951aa9450babd003050f5dda44e097a94316bdb7303bdf3da1a0f8c2fb2c937bc54d50b2337f5e45b3766894fb4c705a465dc5930a6132b7e15edec10178952c99ddfa24cedf60f1ea649b00d51b331b15199cbb4d12378d24ba8b41d16a6a0d03e077e653f25ce644e1b2e4b4d82851a65dbeee203f05924058f99ef7982dfee2a3768c36a5001595f9f68dc2c51602b5de0523c3b70b800d337a83e5b1e76085ad4bb7630aef9c8f28ea48f0a757d1a98e1bfd036942f3cc152d369ea1a60378c80db4d6dc69a5d8da06151bb3d0de612a09f6f59567432670afc3706c13ae42b8e841fda210c498843d3a5f5820d7686c32ccc90bbb3b8abc6cbaec017519ed380f724da1cecce1283ce4e36303975f8747690829e3e404c0c14b91a1e486ab031ea887f804140537b384b8790607a4bce67466875778e005d20b0e493376d03df5839e89ac5a4ebec61330885246b4f06e9ad90a536626ce3dd7d091f33bfb7bbf7c97505f75babfa8759af1a67107e84dc8c70d644e910c1d89b2ed1c6406aeae65a0f107d6cfb5587ba4db571039e178f78da553d575e220a6a98f08d08cddd96425a1bcdba6f27b87427a83fe5a0d673c75e2f21	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B865130BEDCA38D27F69929420770BED86EFBC10	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1F24C630CDA418EF2069FFAD4FDD5F463A1B69AA\Blob = 7f000000010000000c000000300a06082b060105050703037e00000001000000080000000080c82b6886d701530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003800000047006c006f00620061006c005300690067006e002000450043004300200052006f006f00740020004300410020002d002000520035000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080300000001000000140000001f24c630cda418ef2069ffad4fdd5f463a1b69aa2000000001000000220200003082021e308201a4a0030201020211605949e0262ebb55f90a778a71f94ad86c300a06082a8648ce3d040303305031243022060355040b131b476c6f62616c5369676e2045434320526f6f74204341202d20523531133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3132313131333030303030305a170d3338303131393033313430375a305031243022060355040b131b476c6f62616c5369676e2045434320526f6f74204341202d20523531133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e3076301006072a8648ce3d020106052b810400220362000447450e96fb7d5dbfe939d121f89f0bb6d57b1e923a48591cf062312dc07a28fe1aa75cb3b6cc97e745d458fad1776d43a2c08765340a1f7addeb3c33a1c59d4da46f4195387fc91e84ebd19e49928794870c3a854a669f9d59934d976106864aa3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604143de629489bea07ca21444a26de6eded283d09f59300a06082a8648ce3d0403030368003065023100e56912c96edbc631ba0941e197f8fbfd9ae27d12c9ed7c64d3cb05258b56d9a0e75e5d4e0b839c5b7629a00926216a62023071d2b58f5cea3be1780985a875923bc85cfd48ef0d7422a808e26ec549cec70cbca76169f1f73be12acbf92bf3669037	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\47BEABC922EAE80E78783462A79F45C254FDE68B	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B6AF43C29B81537DF6EF6BC31F1F60150CEE4866	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 7f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b060105050703077e000000010000000800000000c001b39667d601530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000001e00000045006e007400720075007300740020002800320030003400380029000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\490A7574DE870A47FE58EEF6C76BEBC60B124099\Blob = 030000000100000014000000490a7574de870a47fe58eef6c76bebc60b124099090000000100000054000000305206082b06010505070302060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080b00000001000000300000004200750079007000610073007300200043006c0061007300730020003200200052006f006f00740020004300410000007e00000001000000080000000000cf97a737d6017f000000010000000c000000300a06082b0601050507030920000000010000005d0500003082055930820341a003020102020102300d06092a864886f70d01010b0500304e310b3009060355040613024e4f311d301b060355040a0c14427579706173732041532d3938333136333332373120301e06035504030c174275797061737320436c617373203220526f6f74204341301e170d3130313032363038333830335a170d3430313032363038333830335a304e310b3009060355040613024e4f311d301b060355040a0c14427579706173732041532d3938333136333332373120301e06035504030c174275797061737320436c617373203220526f6f7420434130820222300d06092a864886f70d01010105000382020f003082020a0282020100d7c75ef7c107d477fb4321f4f4f569e4ee3201dba3861fe4590dbae7758352ebea1c611548bb1d07ca8caeb0dc969deac36092868228739c5606ff4b64f00c2a3749b5e5cf0c7ceef14abb733065f3d52f83b67ee3e7f59eab60f9d3f19d92748ae41c96ac5b80e9b5f43187a351fcc77ea16f8e5377d497c15533923e182f75d4ad8649cb95af54066cd806138d5bffe1261959c024ba8171799044506824945fb8b311f1294161a341cb2336d5c1f13250104e7ff48693ec84d38ebc4bbf5c014e073ddc148a940aa4ea73fb0b51e8130718fa0ef12bd154157d3ce1f7b4194267625e77e0a255ecb6d96917d53aaf44ed4ac59ee47a277ce575d7aacb25e7df6b0adb0f4d934ea8a0cd7b2ef259016ab70db807817e8b381b38e60a57993dee21e8a3f50c16dd8bec348e9c2a1c0015178d6883d2709f1808cd1168d5c96b52cdc4468fdcb5f3d857731ee9943904bfd3de38deb453ec691ca27ec48fe41b70adf2a2f9fbf7166466699f4951a2e2151867064a7fd56cb54db333e061eb5dbee9980f32d71d4b3c2e5a01529109f2dfea8dd8064063aa11e4fec3379e14523ff4e2ccf26193d1fd676bd752aebf68ab4043a057355378f053f861420764c6d76f9b4c380d63ac62af368ba2730a0df521bd74aa4dea720349dbc75f1d6263c7fddd91ec33eef56db46e3068dec8d626b0755e7bb4072098a17632b84d6c4f0203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e04160414c98077e0629282f5469cf3baf74cc3deb8a3ad39300e0603551d0f0101ff040403020106300d06092a864886f70d01010b05000382020100535f21f5bab03a52392c92b06c00c9efce20ef06f2969ee9a4747f7a16fcb7f5b6fb151b3faba6c0725d10b171eebc4fe3adac036d2e712eafc4e3ada3bd0c11a7b4ff4ab27b10101fa75741b2c0aef42c59d6471088f321512930ca6086af46ab1ded3a5bb094de44e34108a2c1ec1dd6fd4fb6d647d0140bcae6cab57b777e411f5e83c7b68c3996b03f9681416f6090e2e8f9fb2271d97db33d46bfb484af901c0f8f126aafefee1e7aae024a8a172b76feac5489242c4f3fb6b2a74e8ca89197fb29c67b5c2db9cb66b6b7a85b125185b5097e627870fea96a60b61d0e790cfdcaea248072c3973ff277ab43220ac7ebb60c84822c806b418a08c0eba56bdf9912cb8ad55e800c91e026083648c5fa381135ff25832df27abfdafd8efea5cb452c1fc48853ae770ed99a76c58e2c1da3bad5ec32aec0aaacf7d17a4debd407e248f7228eb0a49f6ace8eb2b260f4a322d023eb945a7a69dd0fbf4057ac6b5950d9a399e16efe8d0179272315de929d7b094d5ae74b48305a18e60a6de68fe0d2bbe6df7c6e2182c168394db498586662cc4a905ec3fa2704b179157499ccbead20de26601ceb5651a6a3eae4a33fa7ff61dcf15a4d6c322343eeaca8eeee4a12093c5d71c2be79fac287681d0bfd5c69cc06d09a7d54992ac9391a19af4b2a43f3635d5a58e22fe31de4a9d6d00ad09ebfd78109f1c9c7260dac981656a0	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0456F23D1E9C43AECB0D807F1C0647551A05F456\Blob = 0300000001000000140000000456f23d1e9c43aecb0d807f1c0647551a05f456090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b00000001000000540000004e004c00420020004e006f007600610020004c006a00750062006c006a0061006e0073006b0061002000420061006e006b006100200064002e0064002e0020004c006a00750062006c006a0061006e00610000007e000000010000000800000000003db65bd9d5016800000001000000080000000080caa7fe16d8012000000001000000bb030000308203b73082029fa00302010202043ec3868e300d06092a864886f70d0101050500301d310b3009060355040613025349310e300c060355040a130541434e4c42301e170d3033303531353131353234355a170d3233303531353132323234355a301d310b3009060355040613025349310e300c060355040a130541434e4c4230820122300d06092a864886f70d01010105000382010f003082010a0282010100bf76753d0c7c403a665f4d8cfbdd3c2efe7d9464ed4ad44948a1ee9171b279c88e2b1faaf032b428b2a3c2754fa4e9a61af6a266612327612c6e17900bfade1e71520229049979acc0b0c066989811376410cf9cbc3b421c295c5590f67a224e56af3768bf743a6c3cc698cc6021bfe20827e4d92bbce38495d7d42460fc7e2d2f9d21eb9d91c6bba4d1ebc912ada3e8c8b57f554beb990254c4811c0cae39e46a7a05d84e70a0fa0377b3aed8b81492fb417713356ab7a2ca884bad2d51bc769a6cbb40bde7244c22a6e6fd4e087b9d0b10d612d2a6c6a16432f401739681e248b0c128633d3be767ac6ec514f51713a29c1f2b57f01527755dddb134d693110203010001a381fe3081fb301106096086480186f8420101040403020007303f0603551d1f043830363034a032a030a42e302c310b3009060355040613025349310e300c060355040a130541434e4c42310d300b0603550403130443524c31302b0603551d1004243022800f32303033303531353131353234355a810f32303233303531353132323234355a300b0603551d0f040403020106301f0603551d23041830168014ccbbbb86d66ff8beb4472277b3b6add70159964d301d0603551d0e04160414ccbbbb86d66ff8beb4472277b3b6add70159964d300c0603551d13040530030101ff301d06092a864886f67d0741000410300e1b0856362e303a342e3003020490300d06092a864886f70d010105050003820101001167cbcb9a6b2021dd6f6983d53f0dba9315974e7076265ce89e24e737fe3c50f4d4f92a2f0c13a15d04bcd0b0e9c203178505613dc0a7aa764cc3b83a83a986cf03f9770e2bb23d761b65d16a716071dbbbb87a8ef2f92183f8574ca8c7dd65c6eeef6fb3b699bbb4c3d0ab5fb2a07edd74212cc35aeb8da1cad8f0c817ed76ba84636e5bb9b5ca6dd7fc3439802fba4fdf8dd8fc18c43c8a352f778296ad209218b2e736f4ae3274b847d1d80fd82ccb6ac20075f92cf8420ecbfe7393a98fe1c7ae2137f3cab90cb4e7897e711c563420c3f134b9554bd35352f1072d2b3e5b19409f10edd32933c5af0f105687da3bc8b1ed38d919fb4bf0502da4cdd458	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D11478E8E5FB62540593D22C51570D014EAC76D8\Blob = 7e000000010000000800000000408fa439a5d8010b00000001000000580000005400720075007300740046006100630074006f00720079002000530053004c00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079000000090000000100000022000000302006082b06010505070302060a2b0601040182370a030c06082b06010505070301030000000100000014000000d11478e8e5fb62540593d22c51570d014eac76d82000000001000000550600003082065130820439a0030201020210685dcc2639e02366e44a9d64d38e0435300d06092a864886f70d01010b05003081b1310b3009060355040613025a413110300e06035504080c0747617574656e673115301306035504070c0c4a6f68616e6e657362757267311d301b060355040a0c145472757374466163746f727928507479294c746431243022060355040b0c1b5472757374466163746f727920504b49204f7065726174696f6e733134303206035504030c2b5472757374466163746f72792053534c20526f6f7420436572746966696361746520417574686f72697479301e170d3137313230353130353932395a170d3437313132383130353932395a3081b1310b3009060355040613025a413110300e06035504080c0747617574656e673115301306035504070c0c4a6f68616e6e657362757267311d301b060355040a0c145472757374466163746f727928507479294c746431243022060355040b0c1b5472757374466163746f727920504b49204f7065726174696f6e733134303206035504030c2b5472757374466163746f72792053534c20526f6f7420436572746966696361746520417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010095d14728eef054bcebbdd5ab067e25a403aafd607ace37b969da2979776c3d7f8234c25dfe42a40d415a00d283a46a6dc1e5c85162fa6bd5c647dc386e11908c6815cfe9ba58e69a8b8581102dcfe75349e9a337220cbc74b2b6255211cfa2213c89a0d7a41d23106b1d593b37f45d363840b57542af2d1a07bc8d6314d84af82299efc05a496fab923f4beca46a183f512ed320e74f2e83063a5e7f158bcffa352e53b96a1acfa7f83cb9c973173afdad0d58cd9275ea3fffb986f3fed5a0f565ea63d6fa8611b474d5b55884aa2d5d4a17beeca624d7a0bdb7183816676e11855b5f60528bd1cfe542d09c5ef58e85bdf2866ca855dceb1d7afdac28f0c4d2c7a907d75d3e17569446ee9bcac4b08c1a6ad7cf9bcea64c2d80f89df123409a402b38551e3503dd75db31d44e8a276f978e9ccc76991d56ae324c17d919afa8a4cc0bca0275014e3dbc14f4aa3b9bd04fb7e7fe5ac4ced60c7333aca9cd2c8b1d0d21f961e6a176e2aef0744901fc39dfa81392c863895eb510f11d21f6d318fb774c69e26acce079ac4e9b64cfe8e2f322a2879e9e1b240c7166e5e976e464549bcd0df6517dbb9f005a1e74b4d0ab8d1dab08ef2bc2dbbd8361d7c964bc0f6e17c632df0cf3a65eeeec200c2acf7a45507b18d6fb1276e1af591f81da34823645bf92c955a5d6750659879ba483dead78796c3ca88f9dee5cec3ce389a22b0203010001a3633061301d0603551d0e04160414423a5e365adc1baad0a2eaf5f1447f742573e9bd301f0603551d23041830168014423a5e365adc1baad0a2eaf5f1447f742573e9bd300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106300d06092a864886f70d01010b05000382020100063a226a1cfc1b7add68bfd54aa8be0b62d86a674934601c5bb3ed25be360e2057750387e86677ac77d57761946de87471546bf4fcb6f28b8a675f1d04083ffe8120ed8f3cd747765842d16ac731747e344da67b45517013f8464447cf0dda9614c682563e851ae8b2a59f7fcd0f6c8382e21807dc665c8aca5da8842f548c83f0c53c402032e24fe856eb95c2e4c650fe22e8af01522b95ae865695a77b1ec637ee35f6f7fb36d0e02add3032c36d1425c755d26b236f902a0a63967a66e8dd80b279ff93686d0fb11453e5ce7b4cd0c1230b3a83e4cc8efbdc2ed97452e050bdba49f87634161f692bf428861d4c341517da74a870965d3fc21dc7048755a26bb1b2f5355662bbbbf547ec82b4666a1348785463cf5f80ec9846c449c9f4a42b9525c7c0a3db565cbdaaf6b937e2da44e50d4b87799da69d1fad0ffdcee966adf104945548d7ab27966155f936dd35df885635f66ab1935858652ab4a5dd0f4d8b0719bd82aa75b442cc5559dea77228817eacab1bec801c98571219dfb7262931d2fa900d5c1e302f2a862e4563d59ee57c707f02652e19f40146dedcb8579dbe793e547f2e834e72c5cd59613df7a0b693946b5d093026733856fc577887efed38c20d563084899b168e7a08b57f2612c350f51b2ab26f903836e035114cd91e1efbe1b88c45ac60e1f9b5b9ecbfc1097a2925c3e921cbd0ef83ac223c68	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B49082DD450CBE8B5BB166D3E2A40826CDED42CF	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CB44A097857C45FA187ED952086CB9841F2D51B5\Blob = 68000000010000000800000000c00bd133f1d2010b000000010000001c00000043006f006d006d006f006e00200050006f006c006900630079000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308030000000100000014000000cb44a097857c45fa187ed952086cb9841f2d51b52000000001000000a5030000308203a130820289a0030201020210293647aae38aac864a2356f2cab761af300d06092a864886f70d0101050500304e310b300906035504061302757331183016060355040a130f552e532e20476f7665726e6d656e74310d300b060355040b130446424341311630140603550403130d436f6d6d6f6e20506f6c696379301e170d3037313031353135353830305a170d3237313031353136303830305a304e310b300906035504061302757331183016060355040a130f552e532e20476f7665726e6d656e74310d300b060355040b130446424341311630140603550403130d436f6d6d6f6e20506f6c69637930820122300d06092a864886f70d01010105000382010f003082010a0282010100978dbd3327e4ad5bfb78bd2f47476ec778e9939ca4dec91cfd2f1b3938ac4717c07e7729003b031f680fcd4da5ee77b82c626b31f6fa72097d3029067ce77ca33d84188a1dae2c92a81fe85e4f8d8eeb3f1af89c0a679db0674df02ed030dec394b0a0cf2e0a347f5409d336bda449575273e99dfee44879461b5b8d32e4a54864f3220d929d0815bf603c83f747222522ad2971b777ef17c9a2b6945ec83090a414485c56570b414c05d42a4c3fae129b591175700722692d2cd331cc927ecccda47e9447aa9c0908f64baf52e86a4091c555bd40b1c86d57869517e61f73be472e3e8b4c17b9b9251ca55217360859c042be0a2bb456513c1b55c98c9077eb0203010001a37b3079300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604142f5897d8a90598a5561ffbd9ab75ef023c3634c7301206092b060104018237150104050203010001302306092b06010401823715020416041476b76096dd145629ac7585d37063c1bc47861c8b300d06092a864886f70d0101050500038201010060aef348164072a60888c9bc472c244b5da09173ed657890f067907aa5bf0aadb62af99967df83c5771f340938f97e9e41e04860fee2aa5d8788ea88fd5c45b2c96ada7da4adb14fbf1c0d9f1e9ac0d51473382b8a78406e30f762e1cd99fc5169676c11ddb810a368de26a556fd366c37986cfbee7c3c6c6b703ff74837098f0b4281ad4646b80b8306f41b38a07f4fcd0bef838987971c8a3067dcfd54a1037e01cb854cb10b29c3beec7ce13f0f09523c2fa79a48fe37e9110658e136418ac4b6bf8eddce4ab3bc1ac0cdfa1a99d2719bfacfbcf2c454a3883576cc1b2c466f0cb4d1c36176927411ea4b808d1c89118bec5bff17c948fce7e00611e2845e	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\039EEDB80BE7A03C6953893B20D2D9323A4C2AFD	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\20A8F5FFC43AF4A9BC89881EBF9920FF91E9FD0A\Blob = 7e000000010000000800000000003db65bd9d5010b000000010000002a0000005300410050004f00200043006c0061007300730020003400200052006f006f007400200043004100000009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030803000000010000001400000020a8f5ffc43af4a9bc89881ebf9920ff91e9fd0a20000000010000005c0600003082065830820440a003020102020103300d06092a864886f70d01010505003081ce310b3009060355040613025a41311530130603550408130c5765737465726e2043617065311630140603550407130d536f6d65727365742057657374312a3028060355040a1321536f757468204166726963616e20506f7374204f6666696365204c696d69746564311a3018060355040b13115341504f2054727573742043656e747265311d301b060355040313145341504f20436c617373203420526f6f742043413129302706092a864886f70d010901161a706b6961646d696e40747275737463656e7472652e636f2e7a61301e170d3130303931353030303030305a170d3330303931343030303030305a3081ce310b3009060355040613025a41311530130603550408130c5765737465726e2043617065311630140603550407130d536f6d65727365742057657374312a3028060355040a1321536f757468204166726963616e20506f7374204f6666696365204c696d69746564311a3018060355040b13115341504f2054727573742043656e747265311d301b060355040313145341504f20436c617373203420526f6f742043413129302706092a864886f70d010901161a706b6961646d696e40747275737463656e7472652e636f2e7a6130820222300d06092a864886f70d01010105000382020f003082020a0282020100dbdced489aa0a39fe0118ed9c892753a55c15122ca0b7aa4350dc5e6572d83f02a6f223837316d7c8524a2062f43823d453040251cee584741e6f09e001ef8f42f11bb92b298452dd31f80c9761413c3cc40e6adeb3960fccfc8df2afd8c1251efcf0c64c657e823515de76652ea66bd937f9d7a28f119706e849f3047b7b0396b132ceb4b4d2eaf3fbffd02134a39e73e33c5109151be0f479d4d52fc2cf3e313a20082e1140ccdd29eb3f2e081dabe999253e37d997743e1e14829819ed605573a71dc3e98ad58706f46bb7e3203e2839b5957f7f8b3cd5416ecb6ada11c1a92d1d4299e8fcdb3e87d50f1c282acbabdb47556a0f5455d187d2c8cf17b41cc86b19a844b0a2a5d9b96e1cdfaab162741e79535a6cb8aa796f3a5cc51f92d7d1e43fbdc6db5b938bd05fb58fa2ed3ec5e642daf58014a7c2246d341cb3de4965e494338bb89ebf49c693912035c84bbe58c1eeae066bbc0bf8cfe9e0a4d3d683f4076d632a9ea45b86a07528ecd51f15d28630cd35938fcc9fd82c94520bce6e8cca20ccb7b6439494645f5731c6a9720eb2142f7b42052b74afd75bccb0f0c6711571ff730f1ab90cc5d3c960562d3ca55014b46c580871c72d0735421ead7a39cd3ae7fd453d928fc57dee53f524abbc8262447531c73bacfc6b430cd5e71c756bc493825e6c5100978d9d41d5ccd6eeddb915ca1531456aa8d27a9a68e1b0203010001a33f303d300e0603551d0f0101ff040403020106300c0603551d13040530030101ff301d0603551d0e0416041416842dfb1be7b41e6898d342201a6e7e4f915702300d06092a864886f70d010105050003820201007be30d633a64206dccfc2cb8e9d6abdbd7ab262947a20c56ed75cc95995236cb20fb113417424e7505b0d8e4b8b0842f9819b9fbd0396c720618c95c8a7a7408374869fd22a15dc5d77813f0284241c3c9c3390907d4a1f8372269e4df32556fc27cb993f1b23775ccaed233968c36f701ede364e90b685b10aa0136997ccf9a945dfd1a5961a265157d9e1764d49f539801fd7157d05d4011163f3f44d2afc9fc08327d76f8d543e8dc366807c34ec3969757c67d365edb70adfeaed4889db5a460d6a362be7cf9341efcbbf44a72c5831e4668c30e9783183dd30e0a11357c6995c5ab2af5c839104d0c89302989491b449791f4ea65211b3f0a4372821c6d115de022455f614ca2a6fadfa346bae181606c32b4fce4dc3605e433f7eb8f7749aa8d0aef488ae641977e3bab4387f208600b6fd75966fd2bbb2fce334f72e0b6d7b3535789f03bbc6ee210bf733e628fa508e95367c14ec12e4243a7b2a4f9168b42eedc347f48b390db24e2c8e45335539cea3785cfbf9806354726d7ae6ddd84a963582641f575322e619e4f935252f65a23ebc1a07326252242919191804fff88ce5e73e796c2ed0912f77696a97962904981839f0c3232e25bcadd4834ac878e7195ae4ce47c781da751c3bd11fa02d1958973084622896900cf4f80c14d5b94c4ca9951982f0dbd7d5464d40ada2759a737bb560cd006a272b912b95b	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A79E41380BAB3ED7F5188D9A5209CEFCB3CA6991	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\313B8D0E7E2E4D20AE8668FFE59DB5193CBF7A32	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\182E1F324F89DFBEFE8889F093C2C4A02B677521	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6202BF169AF27FA67ED0CEC66B782B83226126E9\Blob = 0b000000010000001a000000460069006e006100200052006f006f007400200043004100000009000000010000002a000000302806082b0601050507030206082b0601050507030406082b0601050507030106082b060105050703080300000001000000140000006202bf169af27fa67ed0cec66b782b83226126e92000000001000000740500003082057030820358a003020102020d009833c9a8000000005654bc6e300d06092a864886f70d01010b05003043310b3009060355040613024852311d301b060355040a131446696e616e63696a736b61206167656e63696a61311530130603550403130c46696e6120526f6f74204341301e170d3135313132343139303733305a170d3335313132343139333733305a3043310b3009060355040613024852311d301b060355040a131446696e616e63696a736b61206167656e63696a61311530130603550403130c46696e6120526f6f7420434130820222300d06092a864886f70d01010105000382020f003082020a0282020100b473d2d665d302ef583af48282d3a7e08a60b23af5b16538a7240e216b7de9a09d33a274cdae91ba94b5ccc680b571df4871ca754ba7bfff26eb84feb97216c8c27e86d4bfafee6335b9c0e4da054fb8489e2228ff5505236b814eb317112c2a251fe4e1df61c83cf25669d0557d9610b2a87b56905ba65e538b41e3c787c731bd3439ec1921d980c4e80ddbda030c00f4aab58206250cc5d91a629dfd0a4905fc1cbe9346fcce8991ffcdcc5f485fdc38d0756fd22dabcc22127888121fe0d54e77bc2c894d767a889b5d07dab36798d139ce7a46abcff67d572513fa84c40370af0c760cd240247c59df77375950b125464e421d0822097255c442ea6f6f6559d44ee03da3ab707ce6093055766289f36fd20aa6b36e193d96867a6694cdf2cc7af00708b369ae1bff1c7118a244f9dbd60d84108174496162d710f001a645c0b5d052f451863de2f716295afa4a9e274b8e46f1723ea7f5a40ce00b179a22fff97eab358e0184d575937fe675a87a64de623a02471aa023c44c3fd0dc4e33e76cbbfaf618102b34305fc733509902e9b159465565a6baa483188bcde1f1ca18e2d920e6b784871f0b567c4d315426f29956c8a659d68533f290cc285ac86ca4cba64746c49a553984648d77e70a3dc3d012f776a8cc1cb31f58853ac4368dec9aec0ee71cc99f4ffbd07a070cc605b0ab8dba725d4e23d96f0c5cf8a672d10203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301f0603551d23041830168014fe11a26c10eedee203b855824e223c86e43e6b54301d0603551d0e04160414fe11a26c10eedee203b855824e223c86e43e6b54300d06092a864886f70d01010b05000382020100a480862ee7a69d8dff82576372e71a60dfabb2b9b20112673840e6407c58bccc48715b01979c791c1e71d23ba3d8e8a2e21801a545a8e3f4efabbb8a78fcc7887df205609adb70c378d5abf82d338c6ba2f6c903c08a3c66dd9de8eea74e250f14dff80f162e1e17a758c8d905d398a2bc644253fe24c975aa26ee6e32330861a0367dcabb9dbbb5715e06816aff67eea6883fb63fd3174cce04ceb30b7539d1c0e39cb39aa21956288b96a4b39f1649dc842022edef724c5f10aa1f09013b55c8c66cafa7d22e9eedb0cc916d64c3ec18be3a6a4bae012e3f79cd341c38aeb90d610473f79e293ba7b6903ab82c2334c3b80c0651c23e21999f3c1490caa926f540e322e97dce0317ecffbcd1992ec4648f3f2c5960243cb0dbc39508aa0075b29d0b2019b4f76ea9a3bd60f0330fe266bd47f6088a90357d45864ac99ec4cf5fdf71deccc96e39884db94acf037407592bedfcebeed5d2d5396d770dd8d17f2f7e77be61988d2c52713084bea0e6b0b00708c5b474b78bb2d8bad800f219c7f8a1220a6644a81608755e594448453435084af07b250ba64b517f77cd0d3338ab0091664c88c14e2ad43ac0b486de8480ca506f80f94d65800915752d2256e5b591239dee25d818302872db7fc3314e8ed8be43fadb8e9a0599fdf7dc9489a778d89d6be9fef524c7bad2e9440f834b5d9fff24189fd1d584e82149b7db20e7	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6B81446A5CDDF474A0F800FFBE69FD0DB6287516	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\039EEDB80BE7A03C6953893B20D2D9323A4C2AFD\Blob = 7f0000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703087e000000010000000800000000c0032f2df8d601530000000100000040000000303e301f06092b06010401f022010630123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000005c000000470065006f005400720075007300740020005000720069006d006100720079002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790020002d002000470033000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308030000000100000014000000039eedb80be7a03c6953893b20d2d9323a4c2afd200000000100000002040000308203fe308202e6a003020102021015ac6e9419b2794b41f627a9c3180f1f300d06092a864886f70d01010b0500308198310b300906035504061302555331163014060355040a130d47656f547275737420496e632e31393037060355040b133028632920323030382047656f547275737420496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313630340603550403132d47656f5472757374205072696d6172792043657274696669636174696f6e20417574686f72697479202d204733301e170d3038303430323030303030305a170d3337313230313233353935395a308198310b300906035504061302555331163014060355040a130d47656f547275737420496e632e31393037060355040b133028632920323030382047656f547275737420496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313630340603550403132d47656f5472757374205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473330820122300d06092a864886f70d01010105000382010f003082010a0282010100dce25e62581d3357393233faebcb878ca7d44add0688ea648e3198a538901e98cf2e632bf046bc44b289a1c0280c497021959f64c0a6931202652686c6a589f0fad784a070af4f1a973f0644d5c9eb72107de43128fb1c61e628074473922269a703886c9d63c852da9827e7084c703eb4c912c1c567835d33f30311ec6ad053e2d1ba36609480bb61636c5b177edf40941eab0dc221287088ffd6266c6c6004254e557e7defbf9448deb71ddd708d055f88a59bf2c2eeead140416d62381d5606c50347512019fc7b100b0e62ae7655bf5f77be3e4901533d98250376245a1db4db89ea79e5b6b33b3fba4c28417f06ac6a8ec1d0f6051d7de64286e3a5d5470203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c479ca8ea14e031d1cdc6bdb315b943e3f307f2d300d06092a864886f70d01010b050003820101002dc513cf56807b7a78bd9fae2c99e7efdadf945e0969a7e76e688cbd72be47a90e9712b84af164d339df2534d4c1cd4e81f00f04c424b33496c6a6aa30df686173d7f98e8589ef0e5e95284a2a278f108e2e7c86c4029eda0c77650e440d92fdfdb31636fa110d1d8c0e07896a2956f772f4dd159c77356657ab1353d88ec140c5d713165a72c7b76901c47ab18301687d8d41a19418c1255cfcf0fe8302877c0d0dcf2e085c4a400d3eec8161e624dbcae00e2d07b23e56dc8df5418507489b0c0bcb493f7decb7fdcb8d67891aabedbb1ea3000808172a825c315d468a2d0f869b74d945fbd440b17aaa682d86b29922e1c12bc79cf8f35fa88212eb19112d	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2DE16A5677BACA39E1D68C30DCB14ABE22A6179B	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B49082DD450CBE8B5BB166D3E2A40826CDED42CF\Blob = 53000000010000001f000000301d301b060567810c010130123010060a2b0601040182373c0101030200c00b0000000100000064000000540072007500730074007700610076006500200047006c006f00620061006c002000450043004300200050003200350036002000430065007200740069006600690063006100740069006f006e00200041007500740068006f0072006900740079000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308030000000100000014000000b49082dd450cbe8b5bb166d3e2a40826cded42cf2000000001000000640200003082026030820207a003020102020c0d6a5f083f285c3e5195df5d300a06082a8648ce3d040302308191310b30090603550406130255533111300f06035504081308496c6c696e6f69733110300e060355040713074368696361676f3121301f060355040a131854727573747761766520486f6c64696e67732c20496e632e313a30380603550403133154727573747761766520476c6f62616c2045434320503235362043657274696669636174696f6e20417574686f72697479301e170d3137303832333139333531305a170d3432303832333139333531305a308191310b30090603550406130255533111300f06035504081308496c6c696e6f69733110300e060355040713074368696361676f3121301f060355040a131854727573747761766520486f6c64696e67732c20496e632e313a30380603550403133154727573747761766520476c6f62616c2045434320503235362043657274696669636174696f6e20417574686f726974793059301306072a8648ce3d020106082a8648ce3d030107034200047efb6ce623e3733208ca60e6539cba748d18b078905280dd38c04a1dd1a8cc93a4970638ca0d1562c68e012a659daadf34912e81c1e4339231c4fd093aa63fada3433041300f0603551d130101ff040530030101ff300f0603551d0f0101ff04050303070600301d0603551d0e04160414a34106ac906dd14aeb75a54a1099b3b1a18b4af7300a06082a8648ce3d0403020347003044022007e654da0ea05ab2ae119f87c5b6ff69de25bef8a0b708f344ce2adf08210c3702202d2603a005bd6bd1f65cf865cc866db39c3448638409c58d771ae2cc9ce1747b	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\30D4246F07FFDB91898A0BE9496611EB8C5E46E5	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7A221E3DDE1B06AC9EC84770168E3CE5F76B06F4	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2D0D5214FF9EAD9924017420476E6C852727F543\Blob = 0b00000001000000220000004300650072007400690067006e006100200052006f006f007400200043004100000009000000010000004c000000304a06082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080300000001000000140000002d0d5214ff9ead9924017420476e6c852727f54320000000010000005f0600003082065b30820443a003020102021100cae91b89f155030da3e6416dc4e3a6e1300d06092a864886f70d01010b0500305a310b300906035504061302465231123010060355040a0c094468696d796f746973311c301a060355040b0c13303030322034383134363330383130303033363119301706035504030c104365727469676e6120526f6f74204341301e170d3133313030313038333232375a170d3333313030313038333232375a305a310b300906035504061302465231123010060355040a0c094468696d796f746973311c301a060355040b0c13303030322034383134363330383130303033363119301706035504030c104365727469676e6120526f6f7420434130820222300d06092a864886f70d01010105000382020f003082020a0282020100cd1839651a59b1ea64160e8c9424957c83d3c53926dc0cef16578dd7d8aca3427f82caedcd5bdb0eb72ded450817b2d9b3cbd617527228db8e4e9e8ab60bf99e849a4d76de22295cd2b3d2063e3039a974a392561ca16f4c0a206d9f237ab4c6da2ce41d2cdcb328d013f24c4e0249a154409ee6e505a02d84c8ff986cd0eb8a1a84081eb76823ee23d570ce6d516910eea17ac2d12231c28285d2f25576507c257ac9845c0bacdd424e2be782a22489cb90b2d0ee23ba664cbb62a4f9535a647b7c98faa3489e0f95aea718f46aec2e0345aff074f82acd7a5dd1be44263229f1f1f56ccc7e02210b9f6fa43fbe9d53e2cf7da92c7c581a97e13d3737186628d240c5518a8cc32dce53882458643016c5aae0d60aa640df78f6f5047c691384bcd1d1a706cf01f768c0a857bb3a61ad048c93e3adfcf0db446d59dc4959aeac9a993630417b76332287a3c292866ef970eeae8787951bc47abd31f3d4d2e599ffbe48ec75f578161da670c17f3c1ba192fbcfc83cd6c5930a8ff5553a7695ce59988a099577329a83ba2c043a97bdd42fbed76c9ba2ca7d6d26c955d5cfc3795208099907242d64256ba621699b6add744d6b977a41bdab17f99017488f36f92dd5c5dbeeaa854541facd3a45b168e6364c9b9057ec23b98708c2c409f197862a284de274c0dac48cdbdfe2a11759ce24597431da7ffd306dd9dce16ae1fc5f0203010001a382011a30820116300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414188756e06e77ee24353c4e739a1fd6e1e2797e2b301f0603551d23041830168014188756e06e77ee24353c4e739a1fd6e1e2797e2b30440603551d20043d303b30390604551d20003031302f06082b06010505070201162368747470733a2f2f777777772e6365727469676e612e66722f6175746f72697465732f306d0603551d1f04663064302fa02da02b8629687474703a2f2f63726c2e6365727469676e612e66722f6365727469676e61726f6f7463612e63726c3031a02fa02d862b687474703a2f2f63726c2e6468696d796f7469732e636f6d2f6365727469676e61726f6f7463612e63726c300d06092a864886f70d01010b0500038202010094b89e4ff0e3950822e7cd6841f71c55d57c00e22d3a895d68382f51220b4a8dcbe9bb5d3ebb5c3db128fee4535513cfa1901b021d5f6646093328e10d249770d3101fea645796bb5ddae7c48c4f4c64461d5c87e359de42d19ba87ea689dd8f1cc93082ed3b9ccdc0e919e06ad8027537abf734282891f2040a4f35e3602601fad0118cf9116aeeaf3dc350d38f5f33793c86a87345908c20b672731723be0765e578920dba01c0eb8c1c66bfac867701940d9ce6e9398d1fa6518c990c3977e1b49bfa1c67576f6a6a8ea92b4c57797a5722cfcd5f63468d5c593a86f8324762a3670d1891dcfba66bf548617323598e02a7bc44eaf4499df15458f960afda18a42f2845dc7aa088865df33be7ff293580fc644394e6e31c6fbead0e2a63992bc97e85f671e8060395fede8f481c5ad492e82beee731dbba046a8798e7c55fef7da722f701d84df989d00e9a0559a49e98d96f2bca70be64c255a3f4e9afc39229dc881624993c8d2698b65bb7ccceb73707fd26d9988524ff5923039aed9d9da8e45e38ced7520d6fd23f6db1056b49ce8a914673f4f62ff0a873770e65aca18d6652697e4b680cc71e372783a58cc702e414cd4901b073b3fdc6903a6fd26ced3beeec91bea2435d8b004a66254470de400ff87c15f7a2ce3cd75e138c81171817d1bdf177103ad46539c127ac572c2554ffa2da4f8a61395eae3d4a8cbd	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\27EED22AFD58A2C64A855E3680AF898BF36CE503	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\23E833233E7D0CC92B7C4279AC19C2F474D604CA\Blob = 03000000010000001400000023e833233e7d0cc92b7c4279ac19c2f474d604ca090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b000000010000004600000053006b006100690074006d0065006e0069006e0069006f00200073006500720074006900660069006b006100760069006d006f002000630065006e00740072006100730000007e000000010000000800000000c00c0f7f39d3016800000001000000080000000040d10ffc47d50120000000010000002e0600003082062a30820412a003020102021034b9129facc79255425cde57ffe3c005300d06092a864886f70d01010505003074310b3009060355040613024c54312b3029060355040a1322536b6169746d656e696e696f20736572746966696b6176696d6f2063656e747261733120301e060355040b131743657274696669636174696f6e20417574686f72697479311630140603550403130d53534320526f6f742043412043301e170d3036313232373132323633305a170d3236313232323132313133305a3074310b3009060355040613024c54312b3029060355040a1322536b6169746d656e696e696f20736572746966696b6176696d6f2063656e747261733120301e060355040b131743657274696669636174696f6e20417574686f72697479311630140603550403130d53534320526f6f74204341204330820222300d06092a864886f70d01010105000382020f003082020a0282020100a14522fa8ccca96f04b3f468321669114f79df43bd5160701a98dd7878969862f7704b81a8e01d0489f48feb6ee9f0ff81d82e7daf1720f122eff03f454740b4cbb2b8203f3e4a6850ff9a06d797c5b78a162e71d247735d18652fef3933e8b655af26ad0280e963d72170073eccbe5f89c0f8ce1d256ec3fc7f563961d18ec2267ae778020a59dd5523b0f835a7e2abf3ab2fd7b58b0a2a72542b6d79bcf2d9e943f9cff18e6612f797592ad9d794dcf894b345a3af162db380ca3dcee8a6c70a9474fc379ae93f0c37162043c94770bb8c85fc988929cb87197e195310898075ae13f1bfa45d3005297ca8f7b65e07301588ae4d15a0cacdd7ffaba306570fa7e389691cd61ad1d427df96c6385caf77fe15ab44417dd398bba82018af8b6dd45ac2d8968d48f507317e61f4619b5281408e4a2704b207d3021094f3fbddb17b70b8b4c881f50007a68d88054dc48f96ced4b6c0c1668c2aac684ac946dc0de62ea879287d774370167e1c1a3aa6794f134089b132bb0946110d74bc27e5d8ed2dfa5029dc25ca9710e7a9a2612e3a89a64461be4f5e9209eddc2ea6ef53bb6125d827a5144629852600d8f9f905d57b163142430517919c4a6040246db56d7a79fb9c9a63c39869e57762232a51890f6cb2fdc3cad8f41a4394d07d0be1583e1ac874849bf7ac82ae514592d20659e1b3c1dea51f932279d8cdc4796023950203010001a381b73081b4300f0603551d130101ff040530030101ff303d0603551d20043630343032060b2b0601040181af650102003023302106082b060105050702011615687474703a2f2f7777772e7373632e6c742f63707330330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e7373632e6c742f726f6f742d632f636163726c2e63726c300e0603551d0f0101ff040403020106301d0603551d0e04160414880773f6f1bc521a5a1d3d9162ed5dac9d0be5b7300d06092a864886f70d010105050003820201001f90715098d5d934d2968418c2ac4602201ccb39b1b7af05a4d758f391517d8e81279ce892b1e71c9f3a8b1052734cc2c7421dd0ebde2aca22517d8c747a1afcbca4f373c86623c42e431047e08a6957ee2ff20052b03092aad6d415c557cb607af40e8dfe1e0963748fe0febe50d9013956ba504cf6e3459abb5276de7e9dfb8dc254313ec7b13c3edfe34ffddd9b24697cede871b64206c71fc55ffb2075dbc1fde96ca22a90d486fdcd0dffe0058a58613d9fc4992feddb7cc40d9898559c74a2175edbaa11e4370c24ff2067d125db9a89a06588319104715f20945833361d32de6fd76708a9a03bfddba45025961ea95f8917a59799519569dbc4f18ff46f302b59f3ac7587337d06dde1c16bd6c4c95e70447a6ac79c773b16fefe75be9f2cd1c003ee117975eca95b1c7a85b5285020a91a1de67b8c3318ffc1edc876651f1df04c3ba7dbeacd56d894573fe048a97f8c334bbdf40c65148082f43577d8041070ce0f6cc159cb99ad81eede3d48d07a882f4093d79cba7984188075dfd05adf51773e588969754731e46a16705404ecbd5c795363d2e25ebd4d25da11b60faae92caef5d1a98d0256cbfcb024ea8cba70ff32d0b7c6042a63d5ca4691d5997209075e2803ab121c25b36c3a5965b4746d2d2d19726ffde79811871e7323bf35f19bb6c3d9cc3b507c72e8cf5ec098cc2e03fd1f2fca745cb11cd1ec69	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F9DD19266B2043F1FE4B3DCB0190AFF11F31A69D	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8250BED5A214433A66377CBC10EF83F669DA3A67	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 53000000010000001f000000301d301b060567810c010130123010060a2b0601040182373c0101030200c00b000000010000002200000041006d0061007a006f006e00200052006f006f007400200043004100200031000000090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0B7199A1C7F3ADDF7BA7EAB8EB574AE80D60DDDE	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF717EAA4AD94EC9558499602D48DE5FBCF03A25	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\C418F64D46D1DF003D2730137243A91211C675FB	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F373B387065A28848AF2F34ACE192BDDC78E9CAC	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8A2FAF5753B1B0E6A104EC5B6A69716DF61CE284	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF646DCB7B0FD3A96AEE88C64E2D676711FF9D5F	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1CBCA5DB2D52A7F693B674DE5F05A1D0C957DF0\Blob = 53000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000180000005300650063007400690067006f0020004500430043000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308030000000100000014000000d1cbca5db2d52a7f693b674de5f05a1d0c957df02000000001000000930200003082028f30820215a00302010202105c8b99c55a94c5d27156decd8980cc26300a06082a8648ce3d040303308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374204543432043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374204543432043657274696669636174696f6e20417574686f726974793076301006072a8648ce3d020106052b81040022036200041aac545aa9f96823e77ad5246f53c65ad84babc6d5b6d1e67371aedd9cd60c61fddba08903b80514ec57ceee5d3fe221b3cef7d48a79e0a3837e2d97d061c4f199dc259163ab7f30a3b470e2c7a1339cf3bf2e5c53b15fb37d327f8a34e37979a3423040301d0603551d0e041604143ae10986d4cf19c29676744976dce035c663639a300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300a06082a8648ce3d040303036800306502303667a11608dce49700411d4ebee16301cf3baa421164a09d94390211795c7b1dfa64b9ee1642b3bf8ac209c4ece4b14d023100e92a61478c524a4b4e1870f6d644d66ef583ba6d58bd24d95648eaefc4a24681886a3a46d1a99b4dc961dad15d576a18	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AE3B31BF8FD891079CF1DF34CBCE6E70D37FB5B0	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\590D2D7D884F402E617EA562321765CF17D894E9\Blob = 0b000000010000003a00000054002d00540065006c006500530065006300200047006c006f00620061006c0052006f006f007400200043006c00610073007300200032000000090000000100000020000000301e06082b0601050507030206082b0601050507030406082b06010505070301030000000100000014000000590d2d7d884f402e617ea562321765cf17d894e92000000001000000c7030000308203c3308202aba003020102020101300d06092a864886f70d01010b0500308182310b3009060355040613024445312b3029060355040a0c22542d53797374656d7320456e746572707269736520536572766963657320476d6248311f301d060355040b0c16542d53797374656d732054727573742043656e7465723125302306035504030c1c542d54656c6553656320476c6f62616c526f6f7420436c6173732032301e170d3038313030313130343031345a170d3333313030313233353935395a308182310b3009060355040613024445312b3029060355040a0c22542d53797374656d7320456e746572707269736520536572766963657320476d6248311f301d060355040b0c16542d53797374656d732054727573742043656e7465723125302306035504030c1c542d54656c6553656320476c6f62616c526f6f7420436c617373203230820122300d06092a864886f70d01010105000382010f003082010a0282010100aa5fda1b5fe87391e5da5cf4a2e647e5f3685560051d02a4b39b59f31e8aaf34adfc0dc2d94819ee698fc920fc21aa0719edb05cac65c75fed027c7b7c2d1bd6bab980c218821684fa66b008c6542381e4cdb9493ff64f6e374828380fc5bee76870fd39974dd2c7989150aac444b3237d3947e95262d612935eb731964205fb76a71ea3f5c2fce97ac56ca9714feacb78bc60afc7def4d9cbbe7e33a56e9483f034fa21abea8e72a03fa4de305bef864d6a955b4344a810151ce50157c598f1e6062891aa20c5b753265143b20b119558e1c00f76d9c08d7c81f372709e6ffe1a8ed95f35c6b26f347cbe484fe25a39d7d89d789e9f863e035e198b44a2d5c70203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414bf5920360079a0a0226b8cd5f261d2b82ccb824a300d06092a864886f70d01010b050003820101003103a2610b1f74e87236c66df94d9efa22a8e18156cfcdbb9feaab911938afaa7c154df3b6a38da5f48ef644a9a7e82195ad3e00621688f002bafc6123e6339b307a6b36627bad0423845865e2db2b8ae725533762535fbcda016229a2a62771e63a227ec16f1d9570204a0734dfeaff1580e5bad77ad85b757c057a29477e40a8311377cd403bb451477a2e11e34711de9d66d08bd55466fa8355ea7cc229891be96fb3cee20584c92f3e7885626ec95fc178637458c048180c9939eba4cc1ab5795a8d159cd8140df67a0757c72283052d3c9b25263d18b3a9437cc8c8ab648f0ea3bf9c1b9d30dbdad0192eaa3cf1fb338076e4cdad194f05278e13a16ec2	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\010C0695A6981914FFBF5FC6B0B695EA29E912A6	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8782C6C304353BCFD29692D2593E7D44D934FF11	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5922A1E15AEA163521F898396A4646B0441B0FA9\Blob = 7f0000000100000016000000301406082b0601050507030306082b060105050703017e000000010000000800000000408fa439a5d8010b00000001000000400000004f004900530054004500200057004900530065004b0065007900200047006c006f00620061006c00200052006f006f0074002000470041002000430041000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080300000001000000140000005922a1e15aea163521f898396a4646b0441b0fa92000000001000000f5030000308203f1308202d9a0030201020210413d72c7f46b1f81437df1d22854df9a300d06092a864886f70d010105050030818a310b30090603550406130243483110300e060355040a1307574953654b6579311b3019060355040b1312436f7079726967687420286329203230303531223020060355040b13194f4953544520466f756e646174696f6e20456e646f72736564312830260603550403131f4f4953544520574953654b657920476c6f62616c20526f6f74204741204341301e170d3035313231313136303334345a170d3337313231313136303935315a30818a310b30090603550406130243483110300e060355040a1307574953654b6579311b3019060355040b1312436f7079726967687420286329203230303531223020060355040b13194f4953544520466f756e646174696f6e20456e646f72736564312830260603550403131f4f4953544520574953654b657920476c6f62616c20526f6f7420474120434130820122300d06092a864886f70d01010105000382010f003082010a0282010100cb4fb3009b3d36ddf9d1496a6b10491fecd82bb2c6f832812943954c9a1923211545dee3c81c51555bae93e837ff2b6be9d4eabe2adda8512bd766c3615c6002c8f5ce727b3bb8f24e65089acda46a19c101bb73a6d7f6c3ddcdbca48bb59961b801a2a3d44dd4053d91adf8b4087164af70f11c6b7ef6c3779d24737be40c8ce1d936e1998b05990bed453109cac200dbf772a096aa9587d08ec7b661730d76668cdc1bb463a29f7f931330f1a127dbd9ff2c558891a0e04f07b028568c181b97448e89dde0176ee72aef8f390a318482d84014492e7a41e4a7fee364ccc159714b2c21a75b7de01dd12e819bc3d868f7bd961bac70b116140bdb60b92601050203010001a351304f300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b3037eae36bcb079d1dc9426b611be21b2698694301006092b06010401823715010403020100300d06092a864886f70d010105050003820101004ba1ff0b876eb3f9c143b148f328c01d2ec90941fa94001ca4a4ab494f8f3d1eef4d6fbdbca4f6f22630c910ca1d88fb74191f8545bdb06c51f9367edbf54c323a414f5b47cfe80b2db6c4199d74c547c63b6a0fac14db3cf4739ca905df00dc7478faf83560590213187cbcfb4db0206d43bb60307a67335cc599d1f82d395273fb8caa97255c72d9081eab4e3ce381319f03a6fbc0fe298855da84d55003b6e284a3a636aa113a01e1184bd64468b33df9537484b34691469600b7802cb6e1e310e2dba2e7288f019662163e00e31ca5368118a24c5276c011a36ee61dbae35abe3653c53e758f8669295853b59cbb6f9f5cc518ecdd2fe198c9fcbedf0a0d	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703087a000000010000000c000000300a06082b060105050703090b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07e00000001000000080000000000042beb77d5017f000000010000000c000000300a06082b06010505070309200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3A4979B40FA841488200B582FBEEB63AAB9919AE\Blob = 7f0000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703097e000000010000000800000000c001b39667d6010b000000010000001c000000530049002d0054005200550053005400200052006f006f0074000000090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080300000001000000140000003a4979b40fa841488200b582fbeeb63aab9919ae20000000010000008e0400003082048a308202f2a003020102020d0090ae777600000000571dd06f300d06092a864886f70d01010b0500305c310b3009060355040613025349311c301a060355040a131352657075626c696b6120536c6f76656e696a61311730150603550461130e56415453492d3137363539393537311630140603550403130d53492d545255535420526f6f74301e170d3136303432353037333831375a170d3337313232353038303831375a305c310b3009060355040613025349311c301a060355040a131352657075626c696b6120536c6f76656e696a61311730150603550461130e56415453492d3137363539393537311630140603550403130d53492d545255535420526f6f74308201a2300d06092a864886f70d01010105000382018f003082018a0282018100d3cb9c2dc2e03043653124ff4bb038d9a953d735d1dbb74b93b4728df1cb95d2532b749b329aa42f3e0206ddaf7015a1aacf11878a667bcbcc1d70445c8faccae6c35b27b48da38e10bf6e547408708a23e8cac774c4669120dd4be8a58475a59895828b1be120240746ab0c653640678b75eea9d991291bed6f2d45c2d6e26001b1f34e392b3b6f3f85be08f6532b7ba2c945a1448180669a603a1bc4be0ccc30107f1136384ae69ba196539c94cc11c6044ca2554bff80e1af8c1c35fcb99337dff95d3ddceb0d276c44c959662b566fff041bf7f569c35dc318febda7d9642fa29f60d9726c3d3c75f22527982e3ab8c9dd4d75bdabb0226158013728a6209d2e605cfb90bc4643b8fe6dd8c06622246b347822e5b9e258e94838ee4cbd017b6e3e40ead1c20a429367c3262f3f075bcfafe31de83ae265e184913ff56600fdaa334642ec163ed213652f0e0953f6e42a75149c1933169a45e1db57cfcf38d4a7f7ed5843e40e985cc4e0313f94a46f4b4aa2d54a8d26a91d642508350de70203010001a34b3049300f0603551d130101ff040530030101ff300e0603551d0f0101ff04040302010630130603551d23040c300a80084ca3c3685e08026330110603551d0e040a04084ca3c3685e080263300d06092a864886f70d01010b05000382018100262385bb5d41196e92838aee018b0435197fab8fdcd633c1f979965e23f5f0ceddeadb613b5aafdd58e9428940eff9d967117f4df1ede9117bb1410feda4d216b6efc1fd8bf6112b2ceffc0706460ccf020bed3bde8f09b933ab268054444265d7e7afcd500ecac888a1129c2a953b3e543c4873f67c78d49bff93f745e4298463fcfa7e1ae75ce07257b02f781d30c613fd885fb16588da5e9713817bfe1ecf7bbf5730c1709243a699f0559f98c52342bd741c318e12a5d9456a2a5ac858cdbdd6dd3e350b197f031cce070f87459315a16bbd341ce0def5d4b8e5911c4b05b52726bccfd1099816c6e1f1554b3a7b6ddec667b6c1372d9fa88e59c7b7a6c5efdf16e2eddeb2b7f3a236a428323a0a94cb3f5efe6e59edba36b293d6c6c319fef59978eb4747e5ad427aecbc7bc92e414e4d0f040e8a4b3387dcf1767c5a188c9c0a12d7a2b3c28587ae6d3150623221a068165f9435745529d27181084ae1d75daa5401b31b7c59aebeac0ccab84064675b9dea060611d6d030731ee3bc2b	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D8EB6B41519259E0F3E78500C03DB68897C9EEFC\Blob = 030000000100000014000000d8eb6b41519259e0f3e78500c03db68897c9eefc090000000100000040000000303e06082b06010505070302060a2b0601040182370a030c06082b0601050507030406082b0601050507030606082b0601050507030706082b060105050703010b000000010000003a00000047006f007600650072006e006d0065006e00740020006f00660020004e00650074006800650072006c0061006e006400730020004700330000007e000000010000000800000000c0032f2df8d6017f000000010000000c000000300a06082b06010505070301200000000100000078050000308205743082035ca00302010202040098a239300d06092a864886f70d01010b0500305a310b3009060355040613024e4c311e301c060355040a0c15537461617420646572204e656465726c616e64656e312b302906035504030c22537461617420646572204e656465726c616e64656e20526f6f74204341202d204733301e170d3133313131343131323834325a170d3238313131333233303030305a305a310b3009060355040613024e4c311e301c060355040a0c15537461617420646572204e656465726c616e64656e312b302906035504030c22537461617420646572204e656465726c616e64656e20526f6f74204341202d20473330820222300d06092a864886f70d01010105000382020f003082020a0282020100be32a2540f70fb2c5c59eb6cc4a451e8852ab3cc4a34f2b05ff30ec71c3d531e880868d86f3dadc29ecc826707278768713a9f7596224605b0edadc75b9e2ade9cfc3ac695a7f5176718e72f49080c5ccfe6cc34ed78fb50b1dc6b32f0a2feb63ce4ec5a97c73f1e700830a0dcc5b36d6fd0827211abd28168598217b7789260faccde3f84eb8d3833900a7223fa35cc267131d1722892d95b236d66b56d0742eba633ce92dbc0f66c6378cdca4e3db5e5529bf1be3be65460b0661e09ab07fe54891142d1f724ba60781a98f7c911fd16c1351a5475ef43d3e5ae4ecee77bc3c64e61514bab9a454ba11f41bd48531571640b86b3e52ebecea41bc12984a2b5cb0823764322241f1704d46e9cc6fc7f2b661aec8ae5d6cf4df56309b71539d67bacebe37ce94efc7542c8ed58950c0642a29cf7e470b3df726f5a374089d885a4d7f10bde4319d44a582c8c8a399ebf8487f1163b360ce9d3b4ca6c19415209a11db06abf82ef70512132dc05768ccbf764e40350af8c9167abc5f2ee58d8debef7e731cf6cc93b71c1d588b565bcc0e817170712b55cd2ab2093b4e682837036c5cda38dad8beca3c14387e643e234be958b35ed0739daa81d7a9f369e12b00c6512901560d9264044e35660a510d46a3cfd41dc0e5a47b6ef9761754fd9fec7b21dd4ed5d49b3a96acb668413d55ca0dcdf6e7706d17175c8576faf0f775b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e0416041454adfac79257aeca359c2e12fbe4ba5d20dc9457300d06092a864886f70d01010b0500038202010030999d0532c85e0e3b98013a8aa4e707f77af8e79adf504353972a3dca3c47982ee1157bf192f361da90251665c09f545d0e033b5b77029c84b60d985f34dd3b63c2c32881c29c292e29e2c8c301f233ea2aaacc0908f76567c6cddfd3b62ba7bdccd10e705fb823d1cb914e0af4c87ae5d96336c1d4dffc2297f7605dea292f58b2bd58bd8d964f1075bf487b3d5187a13c7422c2fc077f80dcc4acfe6ac17030b0e98e69e22c69819409baddfe4dc0838c9458c04620af9c1f02f83555492f46d4c0f0a096020f33c571f39e237d94b7fd3ad309830621fd603dae32c0d2ee8da6f0e7b4827c0acc70c97980f8fe4cf73584198a31fb0ad9d77f9bf0a29a6bc3054aed41601430d1aa11426ed32302040bc665dddd5277da816bb2a8fa0138b996ea2a6c679789949ebce154d5e46a78ef4abd2b9a3d407ec6c075d26efb6830ecec8b9df949359a1a2cd9b39539d51e92f7a6b9652fe53d6d3a484c08dce4281228be7d355ceae0167e131b6ad73ed79efc2d75b2c114d52303db5b6f0b3e782f0dde338d16b748e7839a810f7bc1434d550417384a51d559a28974d39fbe1e4bd7c66db788246f6091a482855b5641bcd044ab6a13bed12c58b7123358b23763dc13f5941d3f4051f54ff53aedc8c5ebc21e1d16957ac77e4271936e4b15b730dfaaed578548ac1d6add3969e4e17978bece05bfa10cf7807b2167273059	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\535B001672ABBF7B6CC25405AE4D24FE033FD1CC	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F9B5B632455F9CBEEC575F80DCE96E2CC7B278B7\Blob = 030000000100000014000000f9b5b632455f9cbeec575f80dce96e2cc7b278b7090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b000000010000002e000000410066006600690072006d0054007200750073007400200043006f006d006d00650072006300690061006c00000053000000010000002400000030223020060a2b06010401828f09020130123010060a2b0601040182373c0101030200c07e000000010000000800000000c001b39667d6017f0000000100000036000000303406082b06010505070303060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b060105050703072000000001000000500300003082034c30820234a00302010202087777062726a9b17c300d06092a864886f70d01010b05003044310b300906035504061302555331143012060355040a0c0b41666669726d5472757374311f301d06035504030c1641666669726d547275737420436f6d6d65726369616c301e170d3130303132393134303630365a170d3330313233313134303630365a3044310b300906035504061302555331143012060355040a0c0b41666669726d5472757374311f301d06035504030c1641666669726d547275737420436f6d6d65726369616c30820122300d06092a864886f70d01010105000382010f003082010a0282010100f61b4f67072ba115f50622cb1f01b2e373450644492cbb492514d6cec3b7ab2c4fc641329457fa12a75b0ee28f1f1e8619a7aab52db95f0d8ac2af853579322dbb1c6237f2b15b4a3dcacd715fe942be94e8c8def9224864c6e5abc62b6dad05f0fad50bcf9ae5f050a48b3b47a5235b7a7af8333fb8ef9997e320c1d62889cf94fbb945ede3401711d474f00b31e22b266a9b4c57aeac203eba457a05f3bd9b6915ae7d4e2063c435763a0702c937fdc747eee8f1761d7315f297a4b5c87a79d942aa2b7f5cfece264fa3668135af44ba541e1c3032659de63c935e504e7ae33ad46ecc1afbf9d237ae242aab570322280d49757fb728da75bf8ee3dc0e79310203010001a3423040301d0603551d0e041604149d93c6538b5ecaaf3f9f1e0fe59995bc24f6948f300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106300d06092a864886f70d01010b0500038201010058acf4040ecdc00dff0afdd4ba165f29bd7b68995849d2b41d374d7f277d46065d43c6862e3e73b2267d4f93a9b6c42a9aab219714b1de8cd3ab8915d86b24d4f116aed8a45cd47f518eed1801b19363bdbcf861809a9eb1ce4270e2a97d06257d27a1fe6fecb31e24dae34b551a003b35b43bd9d75d30fd811389f2c2062bed67c48ec943b25c6b158902bc62fc4ef2b533aab26fd30aa250e3f63be82e44c2db6638a9335648f16d1b338d0d8c3f60379dd3ca6d7e347e0d9f72768b1b9f72fd5235414502962f1cb29a734921b149474547b4ef6a3411c94d9acc59b7d6029e5a4e65b594ae1bdf29b016f1bf009e073a1764b504b52321990a953b977cef	updroots.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

a34b663f961d9d1e667b5a6c8c1d0385102a3a3bb9345c9530410e54e0c89138.execmd.exe

description	pid	process	target process
PID 5044 wrote to memory of 1692	5044	a34b663f961d9d1e667b5a6c8c1d0385102a3a3bb9345c9530410e54e0c89138.exe	cmd.exe
PID 5044 wrote to memory of 1692	5044	a34b663f961d9d1e667b5a6c8c1d0385102a3a3bb9345c9530410e54e0c89138.exe	cmd.exe
PID 5044 wrote to memory of 1692	5044	a34b663f961d9d1e667b5a6c8c1d0385102a3a3bb9345c9530410e54e0c89138.exe	cmd.exe
PID 1692 wrote to memory of 2084	1692	cmd.exe	updroots.exe
PID 1692 wrote to memory of 2084	1692	cmd.exe	updroots.exe
PID 1692 wrote to memory of 2084	1692	cmd.exe	updroots.exe
PID 1692 wrote to memory of 2732	1692	cmd.exe	updroots.exe
PID 1692 wrote to memory of 2732	1692	cmd.exe	updroots.exe
PID 1692 wrote to memory of 2732	1692	cmd.exe	updroots.exe
PID 1692 wrote to memory of 4300	1692	cmd.exe	updroots.exe
PID 1692 wrote to memory of 4300	1692	cmd.exe	updroots.exe
PID 1692 wrote to memory of 4300	1692	cmd.exe	updroots.exe
PID 1692 wrote to memory of 2760	1692	cmd.exe	updroots.exe
PID 1692 wrote to memory of 2760	1692	cmd.exe	updroots.exe
PID 1692 wrote to memory of 2760	1692	cmd.exe	updroots.exe

C:\Users\Admin\AppData\Local\Temp\a34b663f961d9d1e667b5a6c8c1d0385102a3a3bb9345c9530410e54e0c89138.exe
"C:\Users\Admin\AppData\Local\Temp\a34b663f961d9d1e667b5a6c8c1d0385102a3a3bb9345c9530410e54e0c89138.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:5044

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RootCert\setup.bat" "
2⤵
- Suspicious use of WriteProcessMemory
PID:1692

C:\Users\Admin\AppData\Local\Temp\RootCert\updroots.exe
updroots.exe authroots.sst
3⤵
- Executes dropped EXE
- Modifies system certificate store
PID:2084

C:\Users\Admin\AppData\Local\Temp\RootCert\updroots.exe
updroots.exe updroots.sst
3⤵
- Executes dropped EXE
- Modifies system certificate store
PID:2732

C:\Users\Admin\AppData\Local\Temp\RootCert\updroots.exe
updroots.exe -l roots.sst
3⤵
- Executes dropped EXE
PID:4300

C:\Users\Admin\AppData\Local\Temp\RootCert\updroots.exe
updroots.exe -d delroots.sst
3⤵
- Executes dropped EXE
PID:2760

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RootCert\ADVPACK.DLL
Filesize
129KB

MD5
e98ce891b708859e0ced9d2a0ef5a24b

SHA1
76bedd4599ceb80f8289b1a7ac4f43a0f0ede87d

SHA256
7735dfb067c97033031d45593c320d1229f3acba896c1a4e815a2d1bfd786b11

SHA512
11c6ec18bf8ba8e2b8f4afaa442664c1c89b8026bb1bdba68391f380c0d3a8d35afc3f1a34ffc3643833e28437737dde2c80d3e185ac74c0dba42b54fe53c616

Download Submit
C:\Users\Admin\AppData\Local\Temp\RootCert\authroots.sst
Filesize
35KB

MD5
af0ce68c1428817dd6cfba3cee907a1b

SHA1
0ada11d87dc27151e9982dc69a1a581b6294bf22

SHA256
85a80056d3bd21b531575e37208ac45e673eae38ccda4daf08e1c7aef389f581

SHA512
40a2bdb4aab518b8620f1500f16f042b761c26c8d743c3df5d8925d319e8f26d1d11ecb8c27b53ed667dfc13ec979cfa88f0638c44dd118707255b44c8fb957c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RootCert\delroots.sst
Filesize
179KB

MD5
7c30111da3c87ab35c3ab7ae5121c1dd

SHA1
020b16eaa7b1d889e5a821bc4dda027555fec107

SHA256
c122b9ad6eaaa4b6f4e21c25c7c56be34a999497dfd3fb809b6c636664db1df8

SHA512
eea98fa8f9071047691ac7d74db18991f02e0e559410c7ff629f8e2a34098d325bd35396161a385016ccbca6bb9125ec1e2fbcb5bcdf55613b84123e0f26f092

Download Submit
C:\Users\Admin\AppData\Local\Temp\RootCert\roots.sst
Filesize
5KB

MD5
72544afdfcf3014ddd8231146c52d218

SHA1
edcda01b0e7afe0eec62a618a67801a5e6c674de

SHA256
a95d014bf5876d49aa3d7b7581f4b8650dc7305709ac800fbb4cc1d036c39347

SHA512
3d0f7bc23408f67cf44b2d522ef74b0c83b5bf9dfdeeb7e2658fb6a20776fe38ebbfaf129bd6401af6b61a75db717ddb0064cbe885b7d9c894442b1ee2451cc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RootCert\rootsupd.inf
Filesize
1KB

MD5
62e9fa5b395a827324a21052727f547e

SHA1
1af0fad2790531b8287eb5b1db5b8ddafb6d3571

SHA256
94fe83c96d71ca4e80b7426af32c7e02b784d6492b7b16405114b04f4ffc5464

SHA512
48a93e55e91cde8125714d45fc98180fe7127ef6ce7433ab43d4c09b0d4cea1543f941876e393bf99eac0dcdfae5106821acec86c86babfeaeb0a2f4711a55f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\RootCert\setup.bat
Filesize
165B

MD5
173a16c24d2b4e93fe5f79919ac58631

SHA1
e4548ac1228623cc5b821807ab69328b80f24e30

SHA256
7ea63bc0cc41c2031342c1172a84d22309b8ba07bc5f4eae83e7dccdad8341ca

SHA512
130e1a11715c6bed9378f4f85dc2cf7021c2dc3434ace8585cf75bf9f799c149ce3b440b28a1fd648ee7923a1a5f6d8b542489bc66139bfb152f544c240f6c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\RootCert\updroots.exe
Filesize
5KB

MD5
9c18ae971cbffb096952177f6804ea31

SHA1
bb255dd1bd9bb39cdbb8671af66054432c686828

SHA256
2703c25453b09c40ee81fdc458b8cc24712e387a12d15ff94e12b02921fe98cb

SHA512
21086509bb4ea5afede55d034955de0bdf8b366d5d8d4bfa7a6c68b0f35fbf217ff3e932f87fc1d37f09022805e79ceeecbaf3dbccbd96d7c93029ffe7370e4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RootCert\updroots.exe
Filesize
5KB

MD5
9c18ae971cbffb096952177f6804ea31

SHA1
bb255dd1bd9bb39cdbb8671af66054432c686828

SHA256
2703c25453b09c40ee81fdc458b8cc24712e387a12d15ff94e12b02921fe98cb

SHA512
21086509bb4ea5afede55d034955de0bdf8b366d5d8d4bfa7a6c68b0f35fbf217ff3e932f87fc1d37f09022805e79ceeecbaf3dbccbd96d7c93029ffe7370e4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RootCert\updroots.exe
Filesize
5KB

MD5
9c18ae971cbffb096952177f6804ea31

SHA1
bb255dd1bd9bb39cdbb8671af66054432c686828

SHA256
2703c25453b09c40ee81fdc458b8cc24712e387a12d15ff94e12b02921fe98cb

SHA512
21086509bb4ea5afede55d034955de0bdf8b366d5d8d4bfa7a6c68b0f35fbf217ff3e932f87fc1d37f09022805e79ceeecbaf3dbccbd96d7c93029ffe7370e4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RootCert\updroots.exe
Filesize
5KB

MD5
9c18ae971cbffb096952177f6804ea31

SHA1
bb255dd1bd9bb39cdbb8671af66054432c686828

SHA256
2703c25453b09c40ee81fdc458b8cc24712e387a12d15ff94e12b02921fe98cb

SHA512
21086509bb4ea5afede55d034955de0bdf8b366d5d8d4bfa7a6c68b0f35fbf217ff3e932f87fc1d37f09022805e79ceeecbaf3dbccbd96d7c93029ffe7370e4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RootCert\updroots.exe
Filesize
5KB

MD5
9c18ae971cbffb096952177f6804ea31

SHA1
bb255dd1bd9bb39cdbb8671af66054432c686828

SHA256
2703c25453b09c40ee81fdc458b8cc24712e387a12d15ff94e12b02921fe98cb

SHA512
21086509bb4ea5afede55d034955de0bdf8b366d5d8d4bfa7a6c68b0f35fbf217ff3e932f87fc1d37f09022805e79ceeecbaf3dbccbd96d7c93029ffe7370e4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RootCert\updroots.sst
Filesize
578KB

MD5
79c72d9b5be9bfe6d4eaf09383e7faa0

SHA1
be2df198e4a08df768a374f3fc7419d9317452da

SHA256
685b864c884012cc04465a2bb8994144f9affdcef447d5676ebe96322793af8f

SHA512
d72986becc42caa1b1a3ed1e4c64a36ca3884a8c52cbf797ff1dcaadf358cb79d06470d6b72e7d5150f88dc1fd84d43e30c333a270e0ea0624e185f57ac629e1

Download Submit
memory/1692-132-0x0000000000000000-mapping.dmp

Download
memory/2084-134-0x0000000000000000-mapping.dmp

Download
memory/2732-138-0x0000000000000000-mapping.dmp

Download
memory/2760-144-0x0000000000000000-mapping.dmp

Download
memory/4300-141-0x0000000000000000-mapping.dmp

Download