4d7b2615d41093053a9939a07ebd2b440ca925a6accef615826db29ed3576a79

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
19/07/2023, 08:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Symantec_Agent_Silent_Setup_Online_x64.exe
Size

2.3MB
MD5

7698efc0125b4b5facf28206d86fa006
SHA1

071d9144f9698f2739e856743a1503af62870f8d
SHA256

4d7b2615d41093053a9939a07ebd2b440ca925a6accef615826db29ed3576a79
SHA512

c2c957f5bf1fe4177eb44d30c343a73375c747761d50cf51b61884a256349ef0b9d2da258e24d87eb2fa90f0f9efd000440f0a4ae67be0a95691b9937043a138
SSDEEP

49152:lUTTF+4/0ky15tSD3HGsC+Gt+7k5i9GaG3UTXN+J3yj1YZ7CrqdiJmuGUPIlW:lYTcky15tSisC+Gt+76d3UTN+Ryj1YZY

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Symantec_Agent_Silent_Setup_Online_x64.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Symantec_Agent_setup.dat

Executes dropped EXE 1 IoCs

pid	Process
2476	Symantec_Agent_setup.dat

Loads dropped DLL 1 IoCs

pid	Process
2216	Symantec_Agent_Silent_Setup_Online_x64.exe

Modifies system certificate store 2 TTPs 28 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 040000000100000010000000e4a68ac854ac5242460afd72481b2a441400000001000000140000004e2254201895e6e36ee60ffafab912ed06178f39030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a419000000010000001000000014c3bd3549ee225aece13734ad8ca0b82000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6	Symantec_Agent_setup.dat
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 0f00000001000000200000004b4eb4b074298b828b5c003095a10b4523fb951c0c88348b09c53e5baba408a319000000010000001000000014c3bd3549ee225aece13734ad8ca0b8030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a41400000001000000140000004e2254201895e6e36ee60ffafab912ed06178f39040000000100000010000000e4a68ac854ac5242460afd72481b2a442000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6	Symantec_Agent_setup.dat
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a42000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6	Symantec_Agent_Silent_Setup_Online_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 19000000010000001000000014c3bd3549ee225aece13734ad8ca0b8030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a41400000001000000140000004e2254201895e6e36ee60ffafab912ed06178f392000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6	Symantec_Agent_Silent_Setup_Online_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	Symantec_Agent_Silent_Setup_Online_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\495847A93187CFB8C71F840CB7B41497AD95C64F	Symantec_Agent_Silent_Setup_Online_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\495847A93187CFB8C71F840CB7B41497AD95C64F\Blob = 140000000100000014000000cf99a9ea7b26f44bc98e8fd7f00526efe3d2a79d030000000100000014000000495847a93187cfb8c71f840cb7b41497ad95c64f20000000010000000e0600003082060a308204f2a00302010202105200e5aa2556fc1a86ed96c9d44b33c7300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3130303230383030303030305a170d3230303230373233353935395a3081b4310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313b3039060355040b13325465726d73206f66207573652061742068747470733a2f2f7777772e766572697369676e2e636f6d2f727061202863293130312e302c06035504031325566572695369676e20436c617373203320436f6465205369676e696e67203230313020434130820122300d06092a864886f70d01010105000382010f003082010a0282010100f5234b5ea5d78abb32e9d457f7efe4c7267ead1998fea89d7d94f6366b10d77581307f04687fcb2b751ecd1d088cdf6994a737a39c7b80e099e1ee374d5fce3b14ee86d4d0f52735bc250b38a78c639d17a308a5abb0fbcd6a62824cd521da1bd9f1e3843b8a2a4f855b90014fc9a776107f27037cbeae7e7dc1ddf905bc1b489c69e7c0a43c3c41003edf96e5c5e49471d65501c700264a403cb5a126a90ca76d808e90257bcfbf3f1ceb2f96fae58777c6b556b27a3b5430531bdf6234ff1ed1f45a932885e54c174e7e5bfda493997fdfcdefa475efef15f647e7f81972d82e341aa6b4a74c7ebdbb4f0c3d57f130d6a6368ed68076d7192ea5cd7e342d890203010001a38201fe308201fa30120603551d130101ff040830060101ff02010030700603551d20046930673065060b6086480186f845010717033056302806082b06010505070201161c68747470733a2f2f7777772e766572697369676e2e636f6d2f637073302a06082b06010505070202301e1a1c68747470733a2f2f7777772e766572697369676e2e636f6d2f727061300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e67696630340603551d1f042d302b3029a027a0258623687474703a2f2f63726c2e766572697369676e2e636f6d2f706361332d67352e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e766572697369676e2e636f6d301d0603551d250416301406082b0601050507030206082b0601050507030330280603551d110421301fa41d301b3119301706035504031310566572695369676e4d504b492d322d38301d0603551d0e04160414cf99a9ea7b26f44bc98e8fd7f00526efe3d2a79d301f0603551d230418301680147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d010105050003820101005622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3	Symantec_Agent_Silent_Setup_Online_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D6AEE31631F7ABC56B9DE8ABECCC4108A626B104	Symantec_Agent_Silent_Setup_Online_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Symantec_Agent_Silent_Setup_Online_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	Symantec_Agent_Silent_Setup_Online_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\495847A93187CFB8C71F840CB7B41497AD95C64F\Blob = 030000000100000014000000495847a93187cfb8c71f840cb7b41497ad95c64f20000000010000000e0600003082060a308204f2a00302010202105200e5aa2556fc1a86ed96c9d44b33c7300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3130303230383030303030305a170d3230303230373233353935395a3081b4310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313b3039060355040b13325465726d73206f66207573652061742068747470733a2f2f7777772e766572697369676e2e636f6d2f727061202863293130312e302c06035504031325566572695369676e20436c617373203320436f6465205369676e696e67203230313020434130820122300d06092a864886f70d01010105000382010f003082010a0282010100f5234b5ea5d78abb32e9d457f7efe4c7267ead1998fea89d7d94f6366b10d77581307f04687fcb2b751ecd1d088cdf6994a737a39c7b80e099e1ee374d5fce3b14ee86d4d0f52735bc250b38a78c639d17a308a5abb0fbcd6a62824cd521da1bd9f1e3843b8a2a4f855b90014fc9a776107f27037cbeae7e7dc1ddf905bc1b489c69e7c0a43c3c41003edf96e5c5e49471d65501c700264a403cb5a126a90ca76d808e90257bcfbf3f1ceb2f96fae58777c6b556b27a3b5430531bdf6234ff1ed1f45a932885e54c174e7e5bfda493997fdfcdefa475efef15f647e7f81972d82e341aa6b4a74c7ebdbb4f0c3d57f130d6a6368ed68076d7192ea5cd7e342d890203010001a38201fe308201fa30120603551d130101ff040830060101ff02010030700603551d20046930673065060b6086480186f845010717033056302806082b06010505070201161c68747470733a2f2f7777772e766572697369676e2e636f6d2f637073302a06082b06010505070202301e1a1c68747470733a2f2f7777772e766572697369676e2e636f6d2f727061300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e67696630340603551d1f042d302b3029a027a0258623687474703a2f2f63726c2e766572697369676e2e636f6d2f706361332d67352e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e766572697369676e2e636f6d301d0603551d250416301406082b0601050507030206082b0601050507030330280603551d110421301fa41d301b3119301706035504031310566572695369676e4d504b492d322d38301d0603551d0e04160414cf99a9ea7b26f44bc98e8fd7f00526efe3d2a79d301f0603551d230418301680147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d010105050003820101005622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3	Symantec_Agent_Silent_Setup_Online_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob = 140000000100000014000000b677fa6948479f5312d5c2ea07327607d19707190300000001000000140000003679ca35668772304d30a5fb873b0fa77bb70d540f000000010000002000000017fe16f394ec70a5bb0c6784cab40b1e61025ae9d50ecaa0531d6b4d997bbc592000000001000000bd040000308204b9308203a1a0030201020210401ac46421b31321030ebbe4121ac51d300d06092a864886f70d01010b05003081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f72697479301e170d3038303430323030303030305a170d3337313230313233353935395a3081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c761375eb10134db62d7159bff585a8c2323d6608e91d79098837ae65819388cc5f6e56485b4a271fbedbdb9dacd4d00b4c82d73a5c76971951f393cb244079ce80efa4d4ac421df29618f32226182c5871f6e8c7c5f16205144d1704f57eae31ce3cc79ee58d80ec2b34593c02ce79a172b7b00377a413378e133e2f3101a7f872cbef6f5f742e2e5bf8762895f004bdfc5dde4754432413a1e716e69cb0b754608d1cad22b95d0cffbb9406b648c574dfc13117984ed5e54f6349f0801f3102506174adaf11d7a666b986066a4d9efd22e82f1f0ef09ea44c9156ae2036e33d3ac9f5500c7f6086a94b95fdce033f18460f95b2711b4fc16f2bb566a80258d0203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e04160414b677fa6948479f5312d5c2ea07327607d1970719300d06092a864886f70d01010b050003820101004af8f8b003e62c677be4947763cc6e4cf97d0e0ddcc8b935b9704f63fa24fa6c838c479d3b63f39af976329591b177bcac9abeb1e43121c68195565a0eb1c2d4b1a659acf163cbb84c1d59904aef9016281f5aae10fb8150380c6cccf13dc3f563e3b3e321c92439e9fd156646f41b11d04d73a37d46f93deda85f62d4f13ff8e074572b189d81b4c428da9497a570ebac1dbe0711f0d5dbdde58cf0d532b083e657e28fbfbea1aabf3d1db5d438ead7b05c3a4f6a3f8fc0666c63aae9d9a416f481d195140e7dcd9534d9d28f7073817b9c7ebd9861d845879890c5eb8630c635bff0ffc35588834bef05920671f2b89893b7eccd8261f138e64f97982a5a8d	Symantec_Agent_Silent_Setup_Online_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob = 190000000100000010000000ad6d6ff31b24013151f279e26a8c33240f000000010000002000000017fe16f394ec70a5bb0c6784cab40b1e61025ae9d50ecaa0531d6b4d997bbc590300000001000000140000003679ca35668772304d30a5fb873b0fa77bb70d54140000000100000014000000b677fa6948479f5312d5c2ea07327607d19707192000000001000000bd040000308204b9308203a1a0030201020210401ac46421b31321030ebbe4121ac51d300d06092a864886f70d01010b05003081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f72697479301e170d3038303430323030303030305a170d3337313230313233353935395a3081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c761375eb10134db62d7159bff585a8c2323d6608e91d79098837ae65819388cc5f6e56485b4a271fbedbdb9dacd4d00b4c82d73a5c76971951f393cb244079ce80efa4d4ac421df29618f32226182c5871f6e8c7c5f16205144d1704f57eae31ce3cc79ee58d80ec2b34593c02ce79a172b7b00377a413378e133e2f3101a7f872cbef6f5f742e2e5bf8762895f004bdfc5dde4754432413a1e716e69cb0b754608d1cad22b95d0cffbb9406b648c574dfc13117984ed5e54f6349f0801f3102506174adaf11d7a666b986066a4d9efd22e82f1f0ef09ea44c9156ae2036e33d3ac9f5500c7f6086a94b95fdce033f18460f95b2711b4fc16f2bb566a80258d0203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e04160414b677fa6948479f5312d5c2ea07327607d1970719300d06092a864886f70d01010b050003820101004af8f8b003e62c677be4947763cc6e4cf97d0e0ddcc8b935b9704f63fa24fa6c838c479d3b63f39af976329591b177bcac9abeb1e43121c68195565a0eb1c2d4b1a659acf163cbb84c1d59904aef9016281f5aae10fb8150380c6cccf13dc3f563e3b3e321c92439e9fd156646f41b11d04d73a37d46f93deda85f62d4f13ff8e074572b189d81b4c428da9497a570ebac1dbe0711f0d5dbdde58cf0d532b083e657e28fbfbea1aabf3d1db5d438ead7b05c3a4f6a3f8fc0666c63aae9d9a416f481d195140e7dcd9534d9d28f7073817b9c7ebd9861d845879890c5eb8630c635bff0ffc35588834bef05920671f2b89893b7eccd8261f138e64f97982a5a8d	Symantec_Agent_Silent_Setup_Online_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D6AEE31631F7ABC56B9DE8ABECCC4108A626B104\Blob = 190000000100000010000000c3e08af0e5fa8ddccec00533c45bc3cf030000000100000014000000d6aee31631f7abc56b9de8abeccc4108a626b104140000000100000014000000246e2b2dd06a925151256901aa9a47a689e7402020000000010000008f0400003082048b30820373a00302010202100c8ee0c90d6a89158804061ee241f9af300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3238303830313132303030305a3044310b300906035504061302555331153013060355040a130c446967694365727420496e63311e301c06035504031315446967694365727420476c6f62616c20434120473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d3487cbef305865d5bd52f854e4be086ad15ac61cf5baf3e6a0a47fb9a7691600b8a6bcdcfdc577e60980be454d956ed21cc02b65a815f976aee022f2327b86dd4b0e70602780b1f5ca99936febbac1b05fa57cd81104067d6308b5835d49661bed08c7a979f1af922e6142fa9c6e8011fabf8260fac8e4d2c32391d819b8d1c65b21cdb61a8892f60e7ebc24a18c46f2ae9109209ed17d1002be67def0489144e33a1b20f97879fb3a0cd2fbc2cecb88368313d1fd54a9010190b8195d6297651f93676d0b7097a384ad76f8cbf137c39edbaae90fc95f77b7809365e74931e25f0ffd4adae686bc6ff0fd535f1556e4849f8f8b8ef88f8f15e1177aadf02b30203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d307b0603551d1f047430723037a035a0338631687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c3037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c303d0603551d200436303430320604551d2000302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f435053301d0603551d0e04160414246e2b2dd06a925151256901aa9a47a689e74020301f0603551d230418301680144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b050003820101000b398491f997ebaa81af84e95a3892fce26c59bf36c845a7310311e106c0ac32c75a5529da4f4002f5a1deb0eddec0f8f6759d76b987fe41807acf5de300c65b02e69b7862c9dcb8629a77ed8908d74bc5fd43d5622327c404596d713f235bead9f2e724276ff49580db962ce4548bcfea19d97f5599517a0e2d183d785852bc6368570bdd44b3574a60e6c870705b87286ad73b4e524519af24069248111a8baeac181257ac03cbb8f4bdca260ea7c1dde333efc055300d95594e9c033606f8c08f14999c4d2a9ec1e17d3baf72a745ba1396294e19d01a9806f4379417ada318ba3eb0010c95d6293520357df51060e4f768621eec19e124f28711ace90880	Symantec_Agent_Silent_Setup_Online_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331332000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	Symantec_Agent_Silent_Setup_Online_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\495847A93187CFB8C71F840CB7B41497AD95C64F\Blob = 1900000001000000100000003c31c095e651fa664cbfb198e9c0c008030000000100000014000000495847a93187cfb8c71f840cb7b41497ad95c64f140000000100000014000000cf99a9ea7b26f44bc98e8fd7f00526efe3d2a79d20000000010000000e0600003082060a308204f2a00302010202105200e5aa2556fc1a86ed96c9d44b33c7300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3130303230383030303030305a170d3230303230373233353935395a3081b4310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313b3039060355040b13325465726d73206f66207573652061742068747470733a2f2f7777772e766572697369676e2e636f6d2f727061202863293130312e302c06035504031325566572695369676e20436c617373203320436f6465205369676e696e67203230313020434130820122300d06092a864886f70d01010105000382010f003082010a0282010100f5234b5ea5d78abb32e9d457f7efe4c7267ead1998fea89d7d94f6366b10d77581307f04687fcb2b751ecd1d088cdf6994a737a39c7b80e099e1ee374d5fce3b14ee86d4d0f52735bc250b38a78c639d17a308a5abb0fbcd6a62824cd521da1bd9f1e3843b8a2a4f855b90014fc9a776107f27037cbeae7e7dc1ddf905bc1b489c69e7c0a43c3c41003edf96e5c5e49471d65501c700264a403cb5a126a90ca76d808e90257bcfbf3f1ceb2f96fae58777c6b556b27a3b5430531bdf6234ff1ed1f45a932885e54c174e7e5bfda493997fdfcdefa475efef15f647e7f81972d82e341aa6b4a74c7ebdbb4f0c3d57f130d6a6368ed68076d7192ea5cd7e342d890203010001a38201fe308201fa30120603551d130101ff040830060101ff02010030700603551d20046930673065060b6086480186f845010717033056302806082b06010505070201161c68747470733a2f2f7777772e766572697369676e2e636f6d2f637073302a06082b06010505070202301e1a1c68747470733a2f2f7777772e766572697369676e2e636f6d2f727061300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e67696630340603551d1f042d302b3029a027a0258623687474703a2f2f63726c2e766572697369676e2e636f6d2f706361332d67352e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e766572697369676e2e636f6d301d0603551d250416301406082b0601050507030206082b0601050507030330280603551d110421301fa41d301b3119301706035504031310566572695369676e4d504b492d322d38301d0603551d0e04160414cf99a9ea7b26f44bc98e8fd7f00526efe3d2a79d301f0603551d230418301680147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d010105050003820101005622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3	Symantec_Agent_Silent_Setup_Online_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Symantec_Agent_Silent_Setup_Online_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D6AEE31631F7ABC56B9DE8ABECCC4108A626B104\Blob = 030000000100000014000000d6aee31631f7abc56b9de8abeccc4108a626b10420000000010000008f0400003082048b30820373a00302010202100c8ee0c90d6a89158804061ee241f9af300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3238303830313132303030305a3044310b300906035504061302555331153013060355040a130c446967694365727420496e63311e301c06035504031315446967694365727420476c6f62616c20434120473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d3487cbef305865d5bd52f854e4be086ad15ac61cf5baf3e6a0a47fb9a7691600b8a6bcdcfdc577e60980be454d956ed21cc02b65a815f976aee022f2327b86dd4b0e70602780b1f5ca99936febbac1b05fa57cd81104067d6308b5835d49661bed08c7a979f1af922e6142fa9c6e8011fabf8260fac8e4d2c32391d819b8d1c65b21cdb61a8892f60e7ebc24a18c46f2ae9109209ed17d1002be67def0489144e33a1b20f97879fb3a0cd2fbc2cecb88368313d1fd54a9010190b8195d6297651f93676d0b7097a384ad76f8cbf137c39edbaae90fc95f77b7809365e74931e25f0ffd4adae686bc6ff0fd535f1556e4849f8f8b8ef88f8f15e1177aadf02b30203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d307b0603551d1f047430723037a035a0338631687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c3037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c303d0603551d200436303430320604551d2000302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f435053301d0603551d0e04160414246e2b2dd06a925151256901aa9a47a689e74020301f0603551d230418301680144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b050003820101000b398491f997ebaa81af84e95a3892fce26c59bf36c845a7310311e106c0ac32c75a5529da4f4002f5a1deb0eddec0f8f6759d76b987fe41807acf5de300c65b02e69b7862c9dcb8629a77ed8908d74bc5fd43d5622327c404596d713f235bead9f2e724276ff49580db962ce4548bcfea19d97f5599517a0e2d183d785852bc6368570bdd44b3574a60e6c870705b87286ad73b4e524519af24069248111a8baeac181257ac03cbb8f4bdca260ea7c1dde333efc055300d95594e9c033606f8c08f14999c4d2a9ec1e17d3baf72a745ba1396294e19d01a9806f4379417ada318ba3eb0010c95d6293520357df51060e4f768621eec19e124f28711ace90880	Symantec_Agent_Silent_Setup_Online_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Symantec_Agent_Silent_Setup_Online_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 1400000001000000140000004e2254201895e6e36ee60ffafab912ed06178f39030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a42000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6	Symantec_Agent_Silent_Setup_Online_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	Symantec_Agent_Silent_Setup_Online_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob = 0f000000010000002000000017fe16f394ec70a5bb0c6784cab40b1e61025ae9d50ecaa0531d6b4d997bbc590300000001000000140000003679ca35668772304d30a5fb873b0fa77bb70d542000000001000000bd040000308204b9308203a1a0030201020210401ac46421b31321030ebbe4121ac51d300d06092a864886f70d01010b05003081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f72697479301e170d3038303430323030303030305a170d3337313230313233353935395a3081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c761375eb10134db62d7159bff585a8c2323d6608e91d79098837ae65819388cc5f6e56485b4a271fbedbdb9dacd4d00b4c82d73a5c76971951f393cb244079ce80efa4d4ac421df29618f32226182c5871f6e8c7c5f16205144d1704f57eae31ce3cc79ee58d80ec2b34593c02ce79a172b7b00377a413378e133e2f3101a7f872cbef6f5f742e2e5bf8762895f004bdfc5dde4754432413a1e716e69cb0b754608d1cad22b95d0cffbb9406b648c574dfc13117984ed5e54f6349f0801f3102506174adaf11d7a666b986066a4d9efd22e82f1f0ef09ea44c9156ae2036e33d3ac9f5500c7f6086a94b95fdce033f18460f95b2711b4fc16f2bb566a80258d0203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e04160414b677fa6948479f5312d5c2ea07327607d1970719300d06092a864886f70d01010b050003820101004af8f8b003e62c677be4947763cc6e4cf97d0e0ddcc8b935b9704f63fa24fa6c838c479d3b63f39af976329591b177bcac9abeb1e43121c68195565a0eb1c2d4b1a659acf163cbb84c1d59904aef9016281f5aae10fb8150380c6cccf13dc3f563e3b3e321c92439e9fd156646f41b11d04d73a37d46f93deda85f62d4f13ff8e074572b189d81b4c428da9497a570ebac1dbe0711f0d5dbdde58cf0d532b083e657e28fbfbea1aabf3d1db5d438ead7b05c3a4f6a3f8fc0666c63aae9d9a416f481d195140e7dcd9534d9d28f7073817b9c7ebd9861d845879890c5eb8630c635bff0ffc35588834bef05920671f2b89893b7eccd8261f138e64f97982a5a8d	Symantec_Agent_Silent_Setup_Online_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D6AEE31631F7ABC56B9DE8ABECCC4108A626B104\Blob = 140000000100000014000000246e2b2dd06a925151256901aa9a47a689e74020030000000100000014000000d6aee31631f7abc56b9de8abeccc4108a626b10420000000010000008f0400003082048b30820373a00302010202100c8ee0c90d6a89158804061ee241f9af300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3238303830313132303030305a3044310b300906035504061302555331153013060355040a130c446967694365727420496e63311e301c06035504031315446967694365727420476c6f62616c20434120473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d3487cbef305865d5bd52f854e4be086ad15ac61cf5baf3e6a0a47fb9a7691600b8a6bcdcfdc577e60980be454d956ed21cc02b65a815f976aee022f2327b86dd4b0e70602780b1f5ca99936febbac1b05fa57cd81104067d6308b5835d49661bed08c7a979f1af922e6142fa9c6e8011fabf8260fac8e4d2c32391d819b8d1c65b21cdb61a8892f60e7ebc24a18c46f2ae9109209ed17d1002be67def0489144e33a1b20f97879fb3a0cd2fbc2cecb88368313d1fd54a9010190b8195d6297651f93676d0b7097a384ad76f8cbf137c39edbaae90fc95f77b7809365e74931e25f0ffd4adae686bc6ff0fd535f1556e4849f8f8b8ef88f8f15e1177aadf02b30203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d307b0603551d1f047430723037a035a0338631687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c3037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c303d0603551d200436303430320604551d2000302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f435053301d0603551d0e04160414246e2b2dd06a925151256901aa9a47a689e74020301f0603551d230418301680144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b050003820101000b398491f997ebaa81af84e95a3892fce26c59bf36c845a7310311e106c0ac32c75a5529da4f4002f5a1deb0eddec0f8f6759d76b987fe41807acf5de300c65b02e69b7862c9dcb8629a77ed8908d74bc5fd43d5622327c404596d713f235bead9f2e724276ff49580db962ce4548bcfea19d97f5599517a0e2d183d785852bc6368570bdd44b3574a60e6c870705b87286ad73b4e524519af24069248111a8baeac181257ac03cbb8f4bdca260ea7c1dde333efc055300d95594e9c033606f8c08f14999c4d2a9ec1e17d3baf72a745ba1396294e19d01a9806f4379417ada318ba3eb0010c95d6293520357df51060e4f768621eec19e124f28711ace90880	Symantec_Agent_Silent_Setup_Online_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	Symantec_Agent_Silent_Setup_Online_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54	Symantec_Agent_Silent_Setup_Online_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob = 0300000001000000140000003679ca35668772304d30a5fb873b0fa77bb70d542000000001000000bd040000308204b9308203a1a0030201020210401ac46421b31321030ebbe4121ac51d300d06092a864886f70d01010b05003081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f72697479301e170d3038303430323030303030305a170d3337313230313233353935395a3081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c761375eb10134db62d7159bff585a8c2323d6608e91d79098837ae65819388cc5f6e56485b4a271fbedbdb9dacd4d00b4c82d73a5c76971951f393cb244079ce80efa4d4ac421df29618f32226182c5871f6e8c7c5f16205144d1704f57eae31ce3cc79ee58d80ec2b34593c02ce79a172b7b00377a413378e133e2f3101a7f872cbef6f5f742e2e5bf8762895f004bdfc5dde4754432413a1e716e69cb0b754608d1cad22b95d0cffbb9406b648c574dfc13117984ed5e54f6349f0801f3102506174adaf11d7a666b986066a4d9efd22e82f1f0ef09ea44c9156ae2036e33d3ac9f5500c7f6086a94b95fdce033f18460f95b2711b4fc16f2bb566a80258d0203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e04160414b677fa6948479f5312d5c2ea07327607d1970719300d06092a864886f70d01010b050003820101004af8f8b003e62c677be4947763cc6e4cf97d0e0ddcc8b935b9704f63fa24fa6c838c479d3b63f39af976329591b177bcac9abeb1e43121c68195565a0eb1c2d4b1a659acf163cbb84c1d59904aef9016281f5aae10fb8150380c6cccf13dc3f563e3b3e321c92439e9fd156646f41b11d04d73a37d46f93deda85f62d4f13ff8e074572b189d81b4c428da9497a570ebac1dbe0711f0d5dbdde58cf0d532b083e657e28fbfbea1aabf3d1db5d438ead7b05c3a4f6a3f8fc0666c63aae9d9a416f481d195140e7dcd9534d9d28f7073817b9c7ebd9861d845879890c5eb8630c635bff0ffc35588834bef05920671f2b89893b7eccd8261f138e64f97982a5a8d	Symantec_Agent_Silent_Setup_Online_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4	Symantec_Agent_setup.dat
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4	Symantec_Agent_Silent_Setup_Online_x64.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2216	Symantec_Agent_Silent_Setup_Online_x64.exe
2476	Symantec_Agent_setup.dat

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2476	Symantec_Agent_setup.dat
2476	Symantec_Agent_setup.dat
2476	Symantec_Agent_setup.dat

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2476	Symantec_Agent_setup.dat
2476	Symantec_Agent_setup.dat
2476	Symantec_Agent_setup.dat

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2476	2216	Symantec_Agent_Silent_Setup_Online_x64.exe	28
PID 2216 wrote to memory of 2476	2216	Symantec_Agent_Silent_Setup_Online_x64.exe	28
PID 2216 wrote to memory of 2476	2216	Symantec_Agent_Silent_Setup_Online_x64.exe	28
PID 2216 wrote to memory of 2476	2216	Symantec_Agent_Silent_Setup_Online_x64.exe	28
PID 2216 wrote to memory of 2476	2216	Symantec_Agent_Silent_Setup_Online_x64.exe	28
PID 2216 wrote to memory of 2476	2216	Symantec_Agent_Silent_Setup_Online_x64.exe	28
PID 2216 wrote to memory of 2476	2216	Symantec_Agent_Silent_Setup_Online_x64.exe	28

C:\Users\Admin\AppData\Local\Temp\Symantec_Agent_Silent_Setup_Online_x64.exe
"C:\Users\Admin\AppData\Local\Temp\Symantec_Agent_Silent_Setup_Online_x64.exe"
1⤵
- Checks whether UAC is enabled
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Users\Public\Downloads\Symantec\{SA1437393-1Q22S3}_x64\Symantec_Agent_Package\Symantec_Agent_setup.dat
  "C:\Users\Public\Downloads\Symantec\{SA1437393-1Q22S3}_x64\Symantec_Agent_Package\Symantec_Agent_setup.dat" /r
  2⤵
  - Checks whether UAC is enabled
  - Executes dropped EXE
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2476

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI

Filesize
157B

MD5
99d40da7573d3401b2025f05bc479425

SHA1
a448941ee2dd5166c0e1f4b1ab60c65e098d8c04

SHA256
580890f1f4dae52e7bec8ca9d211fbe9175f8f348274638cffc533295dbf92e0

SHA512
043062b308ddd80e6c48bd0e6e858cee303917a63abb1fc9f6d791b0757801fbf04b351c6da3397deba549ebf497d8b2732ccd38a7436163a1786af4cb8c0f38

Download Submit
C:\ProgramData\Symantec\FSD\bin\Symantec_Agent_setup.exe

Filesize
2.3MB

MD5
7698efc0125b4b5facf28206d86fa006

SHA1
071d9144f9698f2739e856743a1503af62870f8d

SHA256
4d7b2615d41093053a9939a07ebd2b440ca925a6accef615826db29ed3576a79

SHA512
c2c957f5bf1fe4177eb44d30c343a73375c747761d50cf51b61884a256349ef0b9d2da258e24d87eb2fa90f0f9efd000440f0a4ae67be0a95691b9937043a138

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA5B5.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA606.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpAD40.tmp

Filesize
4KB

MD5
661e8ccf7182f1ad0b3774fef08b633d

SHA1
d571cb2a1263af6251c75ae5fe2249fff3fab72a

SHA256
7124ce12edbe629ab084b603901ba8dec0cb497bca0f74f9e953f9e8e82a3066

SHA512
0ad26d4027e89afd5f388ecd701da4de8b447bde8dd1c4d8582bcad3e52833d92eaabaf1fe235e83bdfc320231927ac2b5420c47e0ecb3a8fc3c2cb3a75fe7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpAD50.tmp

Filesize
1KB

MD5
78ff5e740204e0e244a6d43d7b078f39

SHA1
097008df39ff9f8b23834981bfb31f58e70d92ef

SHA256
c13116656282407ad0eaf70d8eb4981c92e559d1f9174c50fb1d2931fbacf6ec

SHA512
7ecba0fc2dc8056ba73482a143fc22b1e0d83e3e02430010dc5aafeb73d2c62cf960f2bd25d3ce5345b952ba999fbfb9fcac9c3aa86963f1221c3c1d60e12781

Download Submit
C:\Users\Public\Downloads\Symantec\{SA1437393-1Q22S3}_x64\Symantec_Agent_Package\Symantec_Agent_setup.dat

Filesize
2.3MB

MD5
7698efc0125b4b5facf28206d86fa006

SHA1
071d9144f9698f2739e856743a1503af62870f8d

SHA256
4d7b2615d41093053a9939a07ebd2b440ca925a6accef615826db29ed3576a79

SHA512
c2c957f5bf1fe4177eb44d30c343a73375c747761d50cf51b61884a256349ef0b9d2da258e24d87eb2fa90f0f9efd000440f0a4ae67be0a95691b9937043a138

Download Submit
C:\Users\Public\Downloads\Symantec\{SA1437393-1Q22S3}_x64\Symantec_Agent_Package\Symantec_Agent_setup.dat

Filesize
2.3MB

MD5
7698efc0125b4b5facf28206d86fa006

SHA1
071d9144f9698f2739e856743a1503af62870f8d

SHA256
4d7b2615d41093053a9939a07ebd2b440ca925a6accef615826db29ed3576a79

SHA512
c2c957f5bf1fe4177eb44d30c343a73375c747761d50cf51b61884a256349ef0b9d2da258e24d87eb2fa90f0f9efd000440f0a4ae67be0a95691b9937043a138

Download Submit
C:\Users\Public\Downloads\Symantec\{SA1437393-1Q22S3}_x64\Symantec_Agent_Package\Symantec_Agent_setup.dat

Filesize
2.3MB

MD5
7698efc0125b4b5facf28206d86fa006

SHA1
071d9144f9698f2739e856743a1503af62870f8d

SHA256
4d7b2615d41093053a9939a07ebd2b440ca925a6accef615826db29ed3576a79

SHA512
c2c957f5bf1fe4177eb44d30c343a73375c747761d50cf51b61884a256349ef0b9d2da258e24d87eb2fa90f0f9efd000440f0a4ae67be0a95691b9937043a138

Download Submit
\Users\Public\Downloads\Symantec\{SA1437393-1Q22S3}_x64\Symantec_Agent_Package\Symantec_Agent_setup.dat

Filesize
2.3MB

MD5
7698efc0125b4b5facf28206d86fa006

SHA1
071d9144f9698f2739e856743a1503af62870f8d

SHA256
4d7b2615d41093053a9939a07ebd2b440ca925a6accef615826db29ed3576a79

SHA512
c2c957f5bf1fe4177eb44d30c343a73375c747761d50cf51b61884a256349ef0b9d2da258e24d87eb2fa90f0f9efd000440f0a4ae67be0a95691b9937043a138

Download Submit
memory/2476-120-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download