b52fe4aabbe5a4cc22efcb855adb6dfb1fc10ddb2ec4fdf178ff012ccbd5942d

Analysis

max time kernel
138s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
01/11/2023, 19:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b52fe4aabbe5a4cc22efcb855adb6dfb1fc10ddb2ec4fdf178ff012ccbd5942d.exe
Size

4.8MB
MD5

ccdb837301e482acf2fe243ec8ff1ad8
SHA1

d4d8f3ba5036c2c35d5edf37f743d402d03e3161
SHA256

b52fe4aabbe5a4cc22efcb855adb6dfb1fc10ddb2ec4fdf178ff012ccbd5942d
SHA512

0a30c1f93608069883a7188fdf8278ef820b3d11e077443151027719dee255967ddc725e0b4f7ce4234ebb0f83edbc750b3fce465ea7c9da11395bf01b1dae02
SSDEEP

98304:R9+cMYa3Fmo/BZXxkIaPG1f5e1M/Cw/khc5FbKEQ26PVR7m6gZ1MRGNCyI5AxV3d:buFjBZBkI7he1M/Cw/khc5FbKEV6PVRS

Score

8^/10

bootkit persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ = "RootsUpdate"	KB931125.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\IsInstalled = "1"	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Version = "28,0,2195,0"	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Locale = "*"	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ComponentID = "Windows Roots Update"	KB931125.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}	KB931125.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	b52fe4aabbe5a4cc22efcb855adb6dfb1fc10ddb2ec4fdf178ff012ccbd5942d.exe

Executes dropped EXE 5 IoCs

pid	Process
924	KB931125.exe
3816	updroots.exe
2452	updroots.exe
5052	updroots.exe
4644	updroots.exe

Loads dropped DLL 2 IoCs

pid	Process
3552	b52fe4aabbe5a4cc22efcb855adb6dfb1fc10ddb2ec4fdf178ff012ccbd5942d.exe
924	KB931125.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	b52fe4aabbe5a4cc22efcb855adb6dfb1fc10ddb2ec4fdf178ff012ccbd5942d.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 64 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\59AF82799186C7B47507CBCF035746EB04DDB716	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2AC8D58B57CEBF2F49AFF2FC768F511462907A41\Blob = 0300000001000000140000002ac8d58b57cebf2f49aff2fc768f511462907a41090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b00000001000000120000004300410020004400690073006900670000002000000001000000130400003082040f308202f7a003020102020101300d06092a864886f70d0101050500304a310b300906035504061302534b311330110603550407130a4272617469736c61766131133011060355040a130a446973696720612e732e3111300f060355040313084341204469736967301e170d3036303332323031333933345a170d3136303332323031333933345a304a310b300906035504061302534b311330110603550407130a4272617469736c61766131133011060355040a130a446973696720612e732e3111300f06035504031308434120446973696730820122300d06092a864886f70d01010105000382010f003082010a028201010092f631c17d88fd9901a9d87bf27175f131c6f37566fa51284684977834bc6cfcbc45598826184ac4371fa14a44bde37104f54417e23ffc48586f5c9e7a09ba51372223664321b03c64a2f86a150e3feb51e154a9dd0699d79a3c548b39033f0fc5cec6eb837202a81f71f32df87508db624ce8facef9e76a1fb66b3582bae28f16927d050c6c46035dc0ed69bf3ac18aa0e88ed9b945288708ecb4ca15be82ddb5448b2dad860c68626d8556f2ac14633ac6d199ac3478564bcfb6ad3f8c8ad704e5e3784cf586aaf58ffa3d6c71a32dca67eb687b6e33a90c8228a84c6a214015200c265b83c2a91615c024825d2b16adca63f67400b0df43c41060566763450203010001a381ff3081fc300f0603551d130101ff040530030101ff301d0603551d0e041604148db249689d720825b9c027f5509356484671f98f300e0603551d0f0101ff04040302010630360603551d11042f302d811363616f70657261746f724064697369672e736b8616687474703a2f2f7777772e64697369672e736b2f636130660603551d1f045f305d302da02ba0298627687474703a2f2f7777772e64697369672e736b2f63612f63726c2f63615f64697369672e63726c302ca02aa0288626687474703a2f2f63612e64697369672e736b2f63612f63726c2f63615f64697369672e63726c301a0603551d2004133011300f060d2b811e9193e60a000000010101300d06092a864886f70d010105050003820101005d3474614caf3bd8ff9f6d58361c3d0b810d122b461080fde73c27d07ac8a9b67e743033a33a8a7b74c0797942936dffb1291482ab218c2f17f93f262ff559c6ef8006b79a4929ecce7e713c6a1041c0f6d39ab27c5a919cc0ac5bc84d5ef7e153ff4377fc9e4b676cd7f383d1a0e07f25dfb8980b9a32386c30a0f3ff081533f7504a7b3ea33e20a9dc2f56800aed4150b0c9f4ecb2e32644000e6f9e06bc2296537065c4500a466ba42f27811227135f10a176ce8a7b37eac339610395983ae76c882508fc79680d877d62f8b45ffbc5d84cbd58bc3f435bd41e014d3c63be23ef8ccd5a50b86854f90a99331100e19ec2467782f559068c214c8709cde5a8	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\9BAAE59F56EE21CB435ABE2593DFA7F040D11DCB	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\58119F0E128287EA50FDD987456F4F78DCFAD6D4	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\31E2C52CE1089BEFFDDADB26DD7C782EBC4037BD\Blob = 0b0000000100000040000000530065007200610073006100200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000490049000000090000000100000020000000301e06082b0601050507030106082b0601050507030306082b0601050507030803000000010000001400000031e2c52ce1089beffddadb26dd7c782ebc4037bd20000000010000001a04000030820416308202fea0030201020208462b56c6efa791a0300d06092a864886f70d01010505003064310b300906035504061302425231143012060355040a130b53657261736120532e412e31153013060355040b130c536572617361204341204949312830260603550403131f53657261736120436572746966696361746520417574686f72697479204949301e170d3034313132363132333434385a170d3234313132313132343434385a3064310b300906035504061302425231143012060355040a130b53657261736120532e412e31153013060355040b130c536572617361204341204949312830260603550403131f53657261736120436572746966696361746520417574686f7269747920494930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad1f89b2669d5bb7a9d5e5f2604484f9946de2795d6ec0a5aeba3163a0a99e515e5c6e07d94a45745f8d9e6938b6284392ae4f82a0fc3651353e8da0e70e29080c35b7233def4b1a0e305857400012f1809a80234ac1a0868d413888507368f15f5388940a1121c560b4a260652b18fa103b91923ff8d5624ebe565ec590854a3580ae6e3b410c9512eea72a034ebc673d4b801912e2742e5deb48b94f3b6f3cf7c2b01f1a443d9b5cc0bdba06650ce774671fc9643ef79f8d2c1b4192f81ddca95f90d25370358d04aa247ef4cda5264ee8f6f3381530bead1af347248f4a50272753fe619a7a5cd86cc74f56f4292ca5a31497df620dbc92235ba34af43a950203010001a381cb3081c830270603551d250420301e06082b0601050507030106082b0601050507030306082b06010505070308305d0603551d1f045630543052a050a04e864c687474703a2f2f7777772e636572746966696361646f6469676974616c2e636f6d2e62722f7265706f7369746f72696f2f73657261736163612f63726c2f536572617361434149492e63726c301d0603551d0e041604149eec991000496bcc8a3fdb6f06e5ca1418729383300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a00bb6a7ddcd3548e86e8fa868e0b19b912421c956e99af5ee70a134b0e47c3eaaca97e880ff6205e4ec40ecd9e59c655b0099b4a23045045c2fb5d093afda9105e9df9931f58a840f25d867de296b1cb748fdb6de9312af77aa01e9c3e13014aa5f78a8477fd4ba526131f119b8db1e2ba8899ec630729106b023a9031968f2a704abeece523660ca48db53fa9ca77cb5f5342f437eacf484b69532a5a4bee96aaa8b4199ca02bd123be707d1b1f245a774a726e4bc686fcc1921f094cac8425ffe39f7db3a5e33a59b06aad032acc8aa7e8bb13888bfe64ce8a0e58f9c441e1e201ef02f61aa69867cd5f5b7cec92bc50cddcab728c205de6719ab2d8da367	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4054DA6F1C3F4074ACED0FECCDDB79D153FB901D	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CE6A64A309E42FBBD9851C453E6409EAE87D60F1\Blob = 0b000000010000008e00000056006500720069005300690067006e00200043006c006100730073002000310020005000750062006c006900630020005000720069006d006100720079002000430065007200740069006600690063006100740069006f006e00200041007500740068006f0072006900740079002000280050004300410031002000470031002000530048004100310029000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308030000000100000014000000ce6a64a309e42fbbd9851c453e6409eae87d60f12000000001000000400200003082023c308201a502103f691e819cf09a4af373ffb948a2e4dd300d06092a864886f70d0101050500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732031205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3238303830323233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732031205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100e519bf6da356612d994871f667deb98debb79e86800a910efa3825af468882e573a8a09b245d0d1fcc656e0cb0d0568418879a069b10a173dfb458396b6ec1f615d5a8a83faa12068d31ac7fb034d78f34678809cd1411e24e4556691f780280dadc479129bb36c9635cc5e0d72d877ba1b732b07b30ba2a2f31aaeea367dadb0203010001300d06092a864886f70d010105050003818100581529393c77a3da5c25037c60faee09993c271070c80c09e6b387cf0ae218963562ccbf9b2779895fc9c409f4ceb51ddf2abde5db869c6825e5307cb68915fe67d1ade150ac3c7c624b8fba84d712151b1fca5d0fc152942a1199da7bcf0c3613d535dc101959ea94c100bf758fd9fafd7604db62bb906a03d94635d9f87c5b	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6631BF9EF74F9EB6C9D5A60CBA6ABED1F7BDEF7B	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AEC5FB3FC8E1BFC4E54F03075A9AE800B7F7B6FA\Blob = 030000000100000014000000aec5fb3fc8e1bfc4e54f03075a9ae800b7f7b6fa090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b00000001000000300000004300410052004f004f00540020004600690072006d006100700072006f0066006500730069006f006e0061006c00000020000000010000001806000030820614308203fca003020102020853ec3beefbb2485f300d06092a864886f70d01010505003051310b30090603550406130245533142304006035504030c394175746f72696461642064652043657274696669636163696f6e204669726d6170726f666573696f6e616c2043494620413632363334303638301e170d3039303532303038333831355a170d3330313233313038333831355a3051310b30090603550406130245533142304006035504030c394175746f72696461642064652043657274696669636163696f6e204669726d6170726f666573696f6e616c204349462041363236333430363830820222300d06092a864886f70d01010105000382020f003082020a0282020100ca966b8eeaf8fbf1a235e07f4cdae0c352d77db610c8025eb3432ac44f6ab2ca1c5d289a78111a695957afb52042e48b0fe6df5ba603922ff511e462d7327138d9040c71ab3d517e0f07df63055ce9bf946fc12982c0b4da51b0c13cbbad374a5ccaf14b360e24abbfc38477fda850f4b1e7c62fd22d598d7a0a4e96695202aa3698ecfcfa14830c371fc992377fd7812de5c4b9e03e34fe67f43e66d1d3f440cf5e62340f70063e20185acef7721b256c93741493a373b10eaa871023595f20051947ed688e9212ca5dfcd62bb2923c20cfe15faf20bea0767f76e5ec1a8661333ee77bb43fa00f8ea2b96a6fb987266f416c88a650fd6a630bf593161b198fb2ed9b9bc990f5010cdf193d0f3e3823c92f8f0cd102fe1b55d64ed08d3caf4fa4f3feaf2ad3059d7908a1cb5731b49cc890b267f41816933afc47d8d17896311fba2b0c5f5d99ad63895a242076d8dffdab4ea622aa9d5ee6278a7d6829a3e78ab8da11bb172d999d132446f7c5e2d89f8e7fc78f746d5ab2e872f5acee2410ad2f14daff2d9a467147be42dfbb01dbf47fd3288f31595bd3c902a6b452ca6e97fb43c508266f8af4bbfd9f28aa0dd545f3133a1dd8c0788f41673c1e9464ae7b0bc5e8d90188391a97866441d53b870c6efa0fc6bd4814bf394dd49e41b68f961d639693d995067831689e37063b808945613923c71b44a315e51cf89230bb0203010001a381ef3081ec30120603551d130101ff040830060101ff020101300e0603551d0f0101ff040403020106301d0603551d0e0416041465cdebab351e003e7ed574c01cb473470e1a642f3081a60603551d2004819e30819b3081980604551d200030818f302f06082b060105050702011623687474703a2f2f7777772e6669726d6170726f666573696f6e616c2e636f6d2f637073305c06082b0601050507020230501e4e0050006100730065006f0020006400650020006c006100200042006f006e0061006e006f00760061002000340037002000420061007200630065006c006f006e0061002000300038003000310037300d06092a864886f70d01010505000382020100177da0f9b4ddc5c5ebad4b24b5a102abdda5884ab20f554b2b578c3be531ddfec432f1e75b6496363218eca53277d7e344b6c0112a80b93d6a6e7c9bd3adfcc3d6a3e664297cd1e1381e822bff2765affb1615c42e7184e5b5fffaa447bd6432bbf62584a22742f520b0c2131011cd1015ba42902ad244e19626eb314812fd2adac906cf741ea94bd58728f97934923e2e44e8f68f4f8f353f25b339dc632a906b205fc452124e972c2aac9d97de48f2a366dbc2d28395a666a79e250fe90b3391650a5ac3d95412ddafc34e0e1f265e0ddcb38decd58170ded24f2405f36c4ef54c49668dd1ffd20b254148fe5184c642af8004cfd07e6449e4f2dfa2ecb14cc02a1de7b4b165a2c4bcf198f4aa700763b4b8da3b4cfa4022305b11a6f0050ec6020348ab869b85dddbddeaa27680737df59c04c4458de7b91c8b9eead775d172b1de7544e7427de2576b7ddc99bc3d8328ea80938dc54c65c17081b838fc4331b2f6033447b2acfb2206cb1edd17471c5f66b9d31aa2da11b1a4bc23c9e4be87ffb994b6f85d204ad45fe7bd687b65f2151ed23aa92de9d86b24ac97584447ad5918f1216570dece3460a840f1f33ca4c328238cfe27334340a0173cebea3bb072a6a3b94a4b5e1648f4b2bcc88c92c59d9fac7236bc3480346ba98b92c0b817edec7653f524018cb322e84b7c55c69dfaa314bb65856e6e4f127e0a3c9d95	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5D989CDB159611365165641B560FDBEA2AC23EF1	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\204285DCF7EB764195578E136BD4B7D1E98E46A5	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CF9E876DD3EBFC422697A3B5A37AA076A9062348	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CF9E876DD3EBFC422697A3B5A37AA076A9062348\Blob = 0b00000001000000480000005400570043004100200052006f006f0074002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900200031000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b06010505070307030000000100000014000000cf9e876dd3ebfc422697a3b5a37aa076a906234820000000010000007f0300003082037b30820263a003020102020101300d06092a864886f70d0101050500305f310b300906035504061302545731123010060355040a0c0954414957414e2d43413110300e060355040b0c07526f6f74204341312a302806035504030c215457434120526f6f742043657274696669636174696f6e20417574686f72697479301e170d3038303832383037323433335a170d3330313233313135353935395a305f310b300906035504061302545731123010060355040a0c0954414957414e2d43413110300e060355040b0c07526f6f74204341312a302806035504030c215457434120526f6f742043657274696669636174696f6e20417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100b07e72b8a40394e6a7de0938914a114087a77c5964147bb51110ddfebfd5c0bb56e28525f435720ff853d041e14401c2b41cc33142164785332276b20a6f0fe525504f8586bebf982e10671ebe1105860590c459d07c7810b0805cb7e1c72b75cb7c9faeb5d19d233763a7dc42a22d92041b50c17bb83e1bc956048b2f529bada956e9c1ffada9588730b681f79745fc19573b2b6fe447f49945fe1df1f897a3881d371c5c8fe076259a50f8a054ff44907623d232c6c3ab06bffcfbbff3ad7d9262025b29d335a3939a4364605db2fa32ff3b04af4d406af9c7e3ef23fd6bcbe50f8b380dee0afcfe0f989f3031dd6c5265f98b81be22e11c5803ba911b89070203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a385b268dde8b5af24f7a54831918e30835a6ba300d06092a864886f70d010105050003820101003cd5773ddadf89ba870c08546a205092beb0413db92664830a2fe840c097282782304ac993ff6ae7a6007f89429ad611e553ce2fccf2da05c4fee250c43a867dccda7e10093b92352a53b2feeb2b05d96c5de6d0efd36a669e1528857ae88200ac1ea709695642d3685118be549abf4441ba49be20ba695ceeb877cdce6c1fad8396187d0eb5143984f128e92da39e7b1e7a725a83b3796fefb4fcd00aa5584f46dffb6d7959f2842252ae0fccfb7c3be76aca4761c37af8d392041fb82084e1365416c740de3b8a73dcdfc6094cdfecdaffd45342a1c9f2621d22833c97c5f9196227ac6522d7d33cc6e58eb253cc49cebc30fe7b0e3390fbedd214911f07af	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B8236B002F1D16865301556C11A437CAEBFFC3BB	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\Blob = 0300000001000000140000004f65566336db6598581d584a596c87934d5f2ab409000000010000002a000000302806082b0601050507030406082b0601050507030206082b0601050507030306082b060105050703010b000000010000001200000056006500720069005300690067006e0000002000000001000000410200003082023d308201a6021100e49efdf33ae80ecfa5113e19a4240232300d06092a864886f70d0101020500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3034303130373233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c95c599ef21b8a0114b410df0440dbe357af6a45408f840c0bd133d9d911cfee02581f25f72aa84405aaec031f787f9e93b99a00aa237dd6ac85a26345c77227ccf44cc67571d239ef4f42f075df0a90c68e206f980ff8ac235f702936a4c986e7b19a20cb53a585e73dbe7d9afe244533dc7615ed0fa271644c652e816845a70203010001300d06092a864886f70d0101020500038181006170ec2f3f9efd2be6685421b06779080c2096318a0d7abeb626df792c22694936e397776261a232d77a542136ba02c934e725da4435b0d25c805db394f8f9aceea460752a1f954923b14a7cf4b34772215b7e97ab54ac62e75decae9bd2c9b224fb82ade967154bbaaaa6f097a0f6b0975700c80c3c09a08204ba41daf799a4	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\720FC15DDC27D456D098FABF3CDD78D31EF5A8DA	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob = 0b0000000100000026000000470065006f0054007200750073007400200047006c006f00620061006c002000430041000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308030000000100000014000000de28f4a4ffe5b92fa3c503d1a349a7f9962a8212200000000100000058030000308203543082023ca0030201020203023456300d06092a864886f70d01010505003042310b300906035504061302555331163014060355040a130d47656f547275737420496e632e311b30190603550403131247656f547275737420476c6f62616c204341301e170d3032303532313034303030305a170d3232303532313034303030305a3042310b300906035504061302555331163014060355040a130d47656f547275737420496e632e311b30190603550403131247656f547275737420476c6f62616c20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100dacc186330fdf417231a567e5bdf3c6c38e471b77891d4bca1d84cf8a843b603e94d21070888da582f663929bd05788b9d38e805b76a7e71a4e6c460a6b0ef80e489280f9e25d6ed83f3ada691c798c9421835149dad9846922e4fcaf18743c11695572d50ef892d807a57adf2ee5f6bd2008db914f8141535d9c046a37b72c891bfc9552bcdd0973e9c2664ccdfce831971ca4ee6d4d57ba919cd55dec8ecd25e3853e55c4f8c2dfe502336fc66e6cb8ea4391900b7950239910b0efe382ed11d059af64d3e6f0f071daf2c1e8f6039e2fa36531339d45e262bdb3da814bd32eb180328520471e5ab333de138bb073684629c79ea1630f45fc02be8716be4f90203010001a3533051300f0603551d130101ff040530030101ff301d0603551d0e04160414c07a98688d89fbab05640c117daa7d65b8cacc4e301f0603551d23041830168014c07a98688d89fbab05640c117daa7d65b8cacc4e300d06092a864886f70d0101050500038201010035e3296ae52f5d548e2950949f991a14e48f782a6294a227679ed0cf1a5e47e9c1b2a4cfdd411a054e9b4bee4a6f5552b324a1370aeb64762a2e2cf3fd3b7590bffa71d8c73d37d2b5059562b9a6de893d367b38774897aca6208f2ea6c90cc2b2994500c7ce11512222e0a5eab615480964ea5e4f74f7053ec78a520cdb15b4bd6d9be5c6b15468a9e36990b69aa50fb8b93f207dae4ab5b89ce41db6abe694a5c1c783addbf527870e046cd5ffdda05ded8752b72b1502ae39a66a74e9dac4e7bc4d341ea95c4d335f92092f88665d7797c71d7613a9d5e5f116091135d5acdb2471702c98560bd917b4d1e3512b5e75e8d5d0dc4f34edc2056680a1cbe633	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4ABDEEEC950D359C89AEC752A12C5B29F6D6AA0C	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DD83C519D43481FAD4C22C03D702FE9F3B22F517\Blob = 0b00000001000000920000004100750074006f00720069006400610064002000640065002000430065007200740069006600690063006100630069006f006e0020005200610069007a0020006400650020006c0061002000520065007000750062006c00690063006100200042006f006c006900760061007200690061006e0061002000640065002000560065006e0065007a00750065006c0061000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b06010505070307030000000100000014000000dd83c519d43481fad4c22c03d702fe9f3b22f51720000000010000009f0900003082099b30820783a003020102020101300d06092a864886f70d01010505003082011e313e303c060355040313354175746f72696461642064652043657274696669636163696f6e205261697a2064656c2045737461646f2056656e657a6f6c616e6f310b30090603550406130256453110300e06035504071307436172616361733119301706035504081310446973747269746f204361706974616c31363034060355040a132d53697374656d61204e6163696f6e616c2064652043657274696669636163696f6e20456c656374726f6e69636131433041060355040b133a5375706572696e74656e64656e63696120646520536572766963696f732064652043657274696669636163696f6e20456c656374726f6e6963613125302306092a864886f70d010901161661637261697a4073757363657274652e676f622e7665301e170d3037303231363135333535315a170d3237303231313233353935395a3082011e313e303c060355040313354175746f72696461642064652043657274696669636163696f6e205261697a2064656c2045737461646f2056656e657a6f6c616e6f310b30090603550406130256453110300e06035504071307436172616361733119301706035504081310446973747269746f204361706974616c31363034060355040a132d53697374656d61204e6163696f6e616c2064652043657274696669636163696f6e20456c656374726f6e69636131433041060355040b133a5375706572696e74656e64656e63696120646520536572766963696f732064652043657274696669636163696f6e20456c656374726f6e6963613125302306092a864886f70d010901161661637261697a4073757363657274652e676f622e766530820222300d06092a864886f70d01010105000382020f003082020a0282020100b72893d28e790b33f8511af8c5c674025524deb7c28ce68dcae0eae0ae2a0b94f558670b5533c508c5b14cdeae7a465705f6418567034349c72ce6f5f58c4a48a67329e7a4ef39b87785ca4f0cd434fb58147c4449f9d1e2bd32a568f2d357012f34954c7119d9bb75b298e222fd4cbf267a02e77cd04d49451a2deab5d5dd4d2f8ed6fee5bdfa10335a5bba68fb7771cfc5a5dd355cc9462ff2b4c3d341e53bfd2905837ab007e905882a33249b199e439512a23579e61ced4b580fb2795c3d693ee683c2f47fcc919c533e7f092bd0135dc3a914c030367f638092fb04c96363357f7191474b4ddababaf37e76fe848de578c4e90b39676c5011fde512376248caefdb96c1eedd2e5a5d088357135bfaaecd08ca8009ecdadfc65de8e353c9a0fc82f015e8947dad8eb00774aa296af935e7f4c0c9fdfc42681a17d3962e522236267e360a5a3e60ceb0d4faf3378079e5162c7a862b246a376cc202c4a0af8f1bba275b66abe824296b2fd4ebc15c0ec9f68c80c78710086992122ba16879c218bd95fa3fc4a57a60c1331b8c69ea5747d7451ccf61a7209aab35dbba67b86ec712f2968b590c0c76e8a5a108ce10fd0e725ec59ee938c362af7a4f9a2faf6cd32929eb23e81acd32d374bcdc598b7f0b48b78ad3e4b7d4610bfdddd0c196e2ceb7ef84970dc0dc76da8e2ad53c8e25cec2c5962af0517aa6fd67fb1b2e8f0203010001a38202de308202da30120603551d130101ff040830060101ff02010230370603551d120430302e820f73757363657274652e676f622e7665a01b060560865e0202a0120c105249462d472d32303030343033362d30301d0603551d0e04160414660d9c0caebad14a4303ee139b6df1d2d472d59a308201500603551d2304820147308201438014660d9c0caebad14a4303ee139b6df1d2d472d59aa1820126a48201223082011e313e303c060355040313354175746f72696461642064652043657274696669636163696f6e205261697a2064656c2045737461646f2056656e657a6f6c616e6f310b30090603550406130256453110300e06035504071307436172616361733119301706035504081310446973747269746f204361706974616c31363034060355040a132d53697374656d61204e6163696f6e616c2064652043657274696669636163696f6e20456c656374726f6e69636131433041060355040b133a5375706572696e74656e64656e63696120646520536572766963696f732064652043657274696669636163696f6e20456c656374726f6e6963613125302306092a864886f70d010901161661637261697a4073757363657274652e676f622e7665820101300e0603551d0f0101ff04040302010630370603551d110430302e820f73757363657274652e676f622e7665a01b060560865e0202a0120c105249462d472d32303030343033362d3030540603551d1f044d304b3024a022a020861e687474703a2f2f7777772e73757363657274652e676f622e76652f6c63723023a021a01f861d6c6461703a2f2f61637261697a2e73757363657274652e676f622e7665303706082b06010505070101042b3029302706082b06010505073001861b687474703a2f2f6f6373702e73757363657274652e676f622e766530400603551d20043930373035060560865e0102302c302a06082b06010505070201161e687474703a2f2f7777772e73757363657274652e676f622e76652f647063300d06092a864886f70d010105050003820201008219ec31e411a1281c81ab251e386008c6f70c865d430ea5a8307c1532066ae151cdac01136e0619902648581945272f00ee0d9171ed8dc5c23719a0463396cd6728933af3dfe94ec905978824eb166745597c8a67f68fc3f58d6055cd0f81d8016eb881345551f19326b9efb2e489ea91e407136d5fbddc345dbf2fedb20a4d68451d2909888194dbf876f3114c491cd2c94b2a9cb43b930198baea04061bf8a6912bb8ada4071ddbdc2bc5e6528330c337611bfbcabfab007ef2934be94095903bde5671f27ff403dc06cfc7e911dd007618540c7dd2031c844ca92bb4da7676cbf41368db12f0baa62014a18bda25c1a164c331ab8766031cf3c061618a5c51c43c2fe116098f157dc47951987cd58b0548d7f341ece6fc7796c80dcef0e35ede488b9e97fff10080bcb9f5733eca0cff5da7de685e30b8a76de739d8dd3f5a2fe064a6d500d9747bfd6f59b3ddea890efe8bbb404fcf1a4e1a1f0abcac0f94ef634ce96013022715fab664474fea94356481f59e220fd2a65e7f92aaf30071f04f761008d1056469cfcbab15a8f6d70d09c6e7425a01160a2e6f33dda91a95ff208d8e54209dcf1dbdfd248aa920a47053ce10ff5448b2a268f4710b777cccaed7071417d37daeddc770cf628df4af8984ecb353f606797fdf82b7c78e02f6d0dd6a2e6d0186e6be79f9cec5640536107805cbdeb113f1409dd11747cef6	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\EC0C3716EA9EDFADD35DFBD55608E60A05D3CBF3	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\9078C5A28F9A4325C2A7C73813CDFE13C20F934E	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\FA0882595F9CA6A11ECCBEAF65C764C0CCC311D0\Blob = 030000000100000014000000fa0882595f9ca6a11eccbeaf65c764c0ccc311d009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703080b000000010000001600000043006500720074004500750072006f00700065000000200000000100000003070000308206ff308204e7a00302010202027119300d06092a864886f70d0101050500305a310b300906035504061302465231133011060355040a130a436572746575726f706531173015060355040b130e3030303220343334323032313830311d301b06035504031314436572746575726f706520526f6f742043412032301e170d3037303332373232303030305a170d3337303332373233303030305a305a310b300906035504061302465231133011060355040a130a436572746575726f706531173015060355040b130e3030303220343334323032313830311d301b06035504031314436572746575726f706520526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100c3fc56b52b068bed9e46cfc300791c8039a2caca1b106d21f9c71f0aacf3ad7982979ec6b16888527138c4aa4c476f77fde71ff794f672579f443c6b5fd0d9ce2228cd702301142250100e1a7b4b1bf486578fea2f6940ba457a02405a5f35dba0b99e3ff03f75cd3a45911355c34829f3b7d714f20386a3c9b0577b3dd92aac5ee1df953a85c6054c31a2da2db1008eaf51579ec18b454d29078ba0e5e5df310c7f066c614f6be22332c1e58c2b0dd8960670b32627cacfb3a82300c0122481bfac443d17988388ce0990372ea2801949d9a0081786996add1e409fd202e7b39856477617aa4ea1d7dbeaa4bad5526769732ea0275473ac8bd0bbf0615826a86a7918c10ce77c56cccfcdd7068622075e73b8d0e60c253562ba04c4f1002cce9d489d5bb4f6d16298437757ab72fe3380102a311bdb19502992ac81e008695fe64e3e5ead5c48799ec55db09791179e16df07fa6ae1abbc257c3800e1d6d87a9cfcdcd722005267a897bb6c0d67999710b8793867686188296e94bf52078836c2f22fc6466a211ef19ae8bb9fedb626b386a7304a9b3063bce4e8425644273c5aa10e7dceaac31b5e68ec733f3fb3fbc4852c0415fbac0a3866331995034bcab4047de77e0f0d98563ed8575fb799be7a14adc5a7db940e059e25abb2abf9099578aa078b6c051cee5a8061e8dfbe36fbb3e323dc3d8c7566efa3e455d09aef0203010001a38201cd308201c9300f0603551d130101ff040530030101ff30110603551d0e040a04084bc94eb967b1983530530603551d20044c304a304806072a817a01690401303d303b06082b06010505070201162f687474703a2f2f7777772e636572746575726f70652e66722f7265666572656e63652f70632d726f6f74322e706466300b0603551d0f0404030201063082013f0603551d1f04820136308201323032a030a02e862c687474703a2f2f7777772e636572746575726f70652e66722f7265666572656e63652f726f6f74322e63726c307da07ba07986776c6461703a2f2f6c6372312e636572746575726f70652e66722f636e3d436572746575726f7065253230526f6f742532304341253230322c6f753d303030322532303433343230323138302c6f3d436572746575726f70652c633d46523f63657274696669636174655265766f636174696f6e4c697374307da07ba07986776c6461703a2f2f6c6372322e636572746575726f70652e66722f636e3d436572746575726f7065253230526f6f742532304341253230322c6f753d303030322532303433343230323138302c6f3d436572746575726f70652c633d46523f63657274696669636174655265766f636174696f6e4c697374300d06092a864886f70d010105050003820201001b449660245a3e6baadecdd3d85b52c04bfa5125e3eecdbc8c3ed3b51df6fc4083ac7ee5d706432d6c2773febfdaa48222516efe8c0ca611526068065e334cfa48f85b4821d60c9bbe38b9e1c04c13a153ef22396eee4650650b1a1f057e77d9ce25cdf4afc67c9d8c976c6a1df664ed94e1ce5def401d96cb71d54aad795839454dab6f07bb337cae3ea5e9c728da68a09e572766ef7d97ee69a842eb73aa4bb159c68d379ca9c046506f8c4953d5e52de1a24dcbe75bbfa5bb3cac52ce199364c3109a7942aba8fb8483c2465fbb28cc0e694f7c5fbb3c67e60d961e844c5e20155b3943e58b2b822489a3a0f71065d3c989daa4c1457d895990eb419e8ed0c409605f972d216d04a61181304c93c25860b86bd67aa0e5b1119f62b8307146a77764663a42591f556347d71da0348e81726248d997aea1f1be40e2a0317f6b00d9c702d069020ef1ce1e2da49defcc813b639ef7541bcebec40a579bcdb16be2a7e0ab1e1e83d8c0521caa3a514692d09fdb21df69a80b154d5ee489fc5b5348796bad619f1ee5b8b132b2db7de8476ad8a2e065f5ce5617a01290baf04b2d011aa969d2a7e7c7ac349b6da290c186264ab22fbdfb6f686b55bbc56338c17760632dad0c9c3caa98b243a3d446dc0ddc361f322e68ba7c6521419796906714d6a42ffd213f7ffc227b2a3558f546f1930ed9ede03a267f6e2e8f98b84fd499	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\409D4BD917B55C27B69B64CB9822440DCD09B889\Blob = 0b00000001000000440000004a007500750072002d0053004b00200041005300200053006500720074006900660069007400730065006500720069006d00690073006b00650073006b0075007300000009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303030000000100000014000000409d4bd917b55c27b69b64cb9822440dcd09b8892000000001000000ea040000308204e6308203cea00302010202043b8e4bfc300d06092a864886f70d0101050500305d3118301606092a864886f70d0109011609706b6940736b2e6565310b300906035504061302454531223020060355040a1319415320536572746966697473656572696d69736b65736b75733110300e060355040313074a7575722d534b301e170d3031303833303134323330315a170d3136303832363134323330315a305d3118301606092a864886f70d0109011609706b6940736b2e6565310b300906035504061302454531223020060355040a1319415320536572746966697473656572696d69736b65736b75733110300e060355040313074a7575722d534b30820122300d06092a864886f70d01010105000382010f003082010a02820101008171363e3307d6e3308d137e773246cbcf19b26031469786f49846a4c26545cfd3407ce35a22a8107833cc88b1d3814af662177b5f4d0a2ed0cf8b23ee4f024ebbeb0ecabd1863e8801c8de11c8d3de0ff5b5fea64e597e83f997f0c0a0933001a53a721e1384bd6831badaf64c2f91c7a8c66484d661f180ae23ebb1f07659385b91ab0b9c4fb0d11f6f5d6f91bc72c2bb71851fee07bf6a848af6c3b4f2feff8d1471e2657f0511d3396ffef593dda4dd11534c7ea3f16487b911c80430f3db8053ed1b395cdd8ca0fc24367dbb793e022822ebef5682883b9c13b697b20da4e9c6de1bacd8f7a6cb00922d78b0bdb1cd55a265b0dc0eae560d09ffe35df3f0203010001a38201ac308201a8300f0603551d130101ff040530030101ff308201160603551d200482010d3082010930820105060a2b06010401ce1f0101013081f63081d006082b060105050702023081c31e81c000530065006500200073006500720074006900660069006b0061006100740020006f006e0020007600e4006c006a0061007300740061007400750064002000410053002d0069007300200053006500720074006900660069007400730065006500720069006d00690073006b00650073006b0075007300200061006c0061006d002d0053004b00200073006500720074006900660069006b0061006100740069006400650020006b0069006e006e006900740061006d006900730065006b0073302106082b060105050702011615687474703a2f2f7777772e736b2e65652f6370732f302b0603551d1f042430223020a01ea01c861a687474703a2f2f7777772e736b2e65652f6a7575722f63726c2f301d0603551d0e0416041404aa7a47a3e489af1acf0a40a7183f6fefe97dbe301f0603551d2304183016801404aa7a47a3e489af1acf0a40a7183f6fefe97dbe300e0603551d0f0101ff0404030201e6300d06092a864886f70d010105050003820101007bc1189453a209f3fe26679a50e4c3052f2b3578914c7ca81111794c4959acc8f785655c46bb3b10a002afcd4fb5cc362aec5dfeefa091c9b6936f7c8054ecc708700d8efb82ec2a6078693636d1c59c8b69b540c8946577f25721663bce8540b633631abf791efc5c1dd31d931b8b0c5d85bd99303218099152e97ca1baff64929aecfe35ee8c2faefc2086ec4ade1b783237a681d29daf5a1216ca995bfc6f6d0ec5a01e86c991d05c98825f630c8a5aabd895a6cccb8ad6bf644b8eca8ab2b0e921329eaaa88598348139213ba83a52323df66b3786065a1598dcf01166fe3420b703f441107d398479967263b69602e56bb9ad194dbbc644db36cb2a9c8e	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7FB9E2C995C97A939F9E81A07AEA9B4D70463496	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CE6A64A309E42FBBD9851C453E6409EAE87D60F1	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A0F8DB3F0BF417693B282EB74A6AD86DF9D448A3	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2388C9D371CC9E963DFF7D3CA7CEFCD625EC190D	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\679A4F81FC705DDEC419778DD2EBD875F4C242C6\Blob = 030000000100000014000000679a4f81fc705ddec419778dd2ebd875f4c242c6090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b0601050508020206082b060105050703090b000000010000002000000041002d00540072007500730074002d005100750061006c002d003000320000002000000001000000cf030000308203cb308202b3a003020102020300e248300d06092a864886f70d010105050030818b310b300906035504061302415431483046060355040a0c3f412d5472757374204765732e20662e20536963686572686569747373797374656d6520696d20656c656b74722e20446174656e7665726b65687220476d624831183016060355040b0c0f412d54727573742d5175616c2d30323118301606035504030c0f412d54727573742d5175616c2d3032301e170d3034313230323233303030305a170d3134313230323233303030305a30818b310b300906035504061302415431483046060355040a0c3f412d5472757374204765732e20662e20536963686572686569747373797374656d6520696d20656c656b74722e20446174656e7665726b65687220476d624831183016060355040b0c0f412d54727573742d5175616c2d30323118301606035504030c0f412d54727573742d5175616c2d303230820122300d06092a864886f70d01010105000382010f003082010a02820101009691abd78eb059b801bdb41ead99fda1fcea0c966b8f2e4948d8e9e42482e1d8baccebde075c48c6198201474209e17cb99fae8ff6ee5e6ba8a856883856b3e6fec99d4f3438513c9cbef3ac9c1cc83d5c9a84aef7942c14b26437608e14b03b2acd89b522aff7e47fee2c2b33f98e3cad4ca2570ffb82c58e1f01df538cc115a4ddee9a9212d228e96217256031efcf3194f37df3e43c21ab90fc6dcf63a7c612007149d71cc8a0ed639a7de38f28dd60f9d8e616ab26d1d02fbde70d09df6ed4ece53853f4640bba5acc80b53859ec80596584316a5f55914c24e5249a83847abe80f1ee5f2007aa77176c0be255aa967808029e97f02bae58f580503ffe3b0203010001a3363034300f0603551d130101ff040530030101ff30110603551d0e040a0408423d2b24a6c145ce300e0603551d0f0101ff040403020106300d06092a864886f70d0101050500038201010046cb1163500d9b3e45d4482d927c9dbdb66adb88b29a97e83a6bd33c5f077e123a3ea1890d3fa17819f783b405e99bbc5bf4bcbc96175b1dca51873094407275b410a219d2e09a14b1ed35e38616a728e74382476c0b54fefbea62bae60bef64c3814cb649bd461e527535ceabbc1e1fa7148300e1ea1a952af4b5ac737b45917a91aa6415b6ab51efb9e92881418a873ada34c1c0330f5f78432434750d23dce819d996268dc36207762310d2606861e46715dabe4f20cab2398938e40f2f3ccbfec69ac3a17cf75fa00632c5105aae0f247bde500f252dbbf51ddcb22f165a4e196140bfd55f07dcab62a7f27a69cf1eaa12c26e627cd4ba3dd89187cffa2d	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A9E9780814375888F20519B06D2B0D2B6016907D	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\58119F0E128287EA50FDD987456F4F78DCFAD6D4\Blob = 53000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b0000000100000014000000550053004500520054007200750073007400000009000000010000000c000000300a06082b0601050507030103000000010000001400000058119f0e128287ea50fdd987456f4f78dcfad6d42000000001000000620400003082045e30820346a003020102021044be0c8b500021b411d32a6806a9ad69300d06092a864886f70d0101050500308193310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311b30190603550403131255544e202d2044415441436f727020534743301e170d3939303632343138353732315a170d3139303632343139303633305a308193310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311b30190603550403131255544e202d2044415441436f72702053474330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfee5810a22b6e55c48ebf2e4609e7e0080f2e2b7a13941bbdf6b6808e650593001ebcafe20f8e190d1247ecacada3fa2e70f8de6efb5642159e2e5cef23de21b9057627190f4fd6c39cb4be941963f2a6110aeb53489cbef2293b16e81aa04ca6c9f4185968c070f25300c05e5082a5566f36f94ae04486a04d4ed6476e494acb67d7a6c405b98e1ef4fcffcde736e09c056cb2332215d0b4e0cc17c0b2c0f4fe323f292a957bd8f2a74e0f547ca10d80b30903c1ff5cdd5e9a3ebcaebc478a6aae71ca1fb12ab85f42050bec4630d1720bcae9566df5efdf78be61bab2a5ae044cbca8ac691597bdefebb48cbf35f8d4c3d1280e5c3a9f7018332077c4a2af0203010001a381ab3081a8300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e041604145332d1b3cf7ffae0f1a05d854e92d29e451db44f303d0603551d1f043630343032a030a02e862c687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d44415441436f72705347432e63726c302a0603551d250423302106082b06010505070301060a2b0601040182370a030306096086480186f8420401300d06092a864886f70d01010505000382010100273597008a8b28bdc633301e29fce2f7d598d440bb60cabfab172c09367f50fa41dcae963a0a233e8959c9a307ed1b37adfc7cbe51495ade3a0a54081645c299b187cd8c68e06903e9c44e98b23b8c16b30ea00c98509b93a97009c82ca38fdf02e4e0713af1b42372a0aa01dfdf983e1450a03126bd28e95a302675f97b601c8df3cd50266d04279adfd50d4547296b2ce676d9a9297d32ddc9363cbdae35f1119e1dbb903f12474e8ed77e0f62731d5226381c1849fd30749ac4e5222fd8c08ded917a4c008f727f5ddadd1b8b456be7dd6997a8c5564c0f0cf69f7a9137f69782e0dd7169ff763f604d3ccff799f9c657f4c9553978ba2c79c9a6882bf408	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob = 5300000001000000230000003021301f06092b06010401f022010630123010060a2b0601040182373c0101030200c00b0000000100000012000000470065006f00540072007500730074000000090000000100000020000000301e06082b0601050507030406082b0601050507030106082b06010505070303030000000100000014000000d23209ad23d314232174e40d7f9d62139786633a2000000001000000240300003082032030820289a003020102020435def4cf300d06092a864886f70d0101050500304e310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b1324457175696661782053656375726520436572746966696361746520417574686f72697479301e170d3938303832323136343135315a170d3138303832323136343135315a304e310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b1324457175696661782053656375726520436572746966696361746520417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c15db158670862eea09a2d1f086d911468980a1efeda046f13846221c3d17cce9f05e0b801f04e34ece28a950464acf16b535f05b3cb6780bf42028efedd0109ece100144ffcfbf00cdd43ba5b2be11f80709915579316f10f976ab7c268231ccc4d5930ac511e3baf2bd6ee63457bc5d95f50d2e3500f3a88e7bf14fde0c7b90203010001a38201093082010530700603551d1f046930673065a063a061a45f305d310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b1324457175696661782053656375726520436572746966696361746520417574686f72697479310d300b0603550403130443524c31301a0603551d1004133011810f32303138303832323136343135315a300b0603551d0f040403020106301f0603551d2304183016801448e668f92bd2b295d747d82320104f3398909fd4301d0603551d0e0416041448e668f92bd2b295d747d82320104f3398909fd4300c0603551d13040530030101ff301a06092a864886f67d074100040d300b1b0556332e3063030206c0300d06092a864886f70d01010505000381810058ce29eafcf7deb5ce02b917b585d1b9e3e095cc25310d00a6926e7fb692639e5095d19a6fe411de63856e98eea8ff5ac8d355b2667157dec021eb3d2aa72349010486427bfcee7fa21652b56767d340db3b2658b228773dae147761d6fa2a6627a00dfaa7735cea70f1942165445ffafcef2968a9a28779ef79ef4fac077738	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\720FC15DDC27D456D098FABF3CDD78D31EF5A8DA\Blob = 030000000100000014000000720fc15ddc27d456d098fabf3cdd78d31ef5a8da090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000003400000054004300200054007200750073007400430065006e00740065007200200043006c006100730073002000310020004300410000002000000001000000600300003082035c308202c5a003020102020203e9300d06092a864886f70d01010405003081bc310b30090603550406130244453110300e0603550408130748616d627572673110300e0603550407130748616d62757267313a3038060355040a1331544320547275737443656e74657220666f7220536563757269747920696e2044617461204e6574776f726b7320476d624831223020060355040b1319544320547275737443656e74657220436c61737320312043413129302706092a864886f70d010901161a636572746966696361746540747275737463656e7465722e6465301e170d3938303330393131353935395a170d3131303130313131353935395a3081bc310b30090603550406130244453110300e0603550408130748616d627572673110300e0603550407130748616d62757267313a3038060355040a1331544320547275737443656e74657220666f7220536563757269747920696e2044617461204e6574776f726b7320476d624831223020060355040b1319544320547275737443656e74657220436c61737320312043413129302706092a864886f70d010901161a636572746966696361746540747275737463656e7465722e646530819f300d06092a864886f70d010101050003818d0030818902818100b029ebb476b3aed7b65bb45ee7bde3b19c4904575ba1abd97f131bfdba61abd8e771df2d00945d51487d23ef756284903c0a1f5911742f8e80a5fd30023d2952cd721a49219cbccb528e48a16396c810853069577445c05a86c6d53de068577d316a248d45973e317e6866326e246dec3236c941caf03144c8a361ca1ba0361f0203010001a36b3069300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186303306096086480186f842010804261624687474703a2f2f7777772e747275737463656e7465722e64652f67756964656c696e6573301106096086480186f8420101040403020007300d06092a864886f70d0101040500038181004f995985c8645682c56f3dd846092f3c51c1a77058819212eaf4d41600965e7228e7d6365f1a9caf1fc2831ab4055599a6585c3728f2571eeb5dbfb1d3450f721c03d200c72c55dafe5f89768be2d477f54d0917afc4baab302b4fb81dead9ff59f0507446ba5eea36b0eb927b0f58da32e152bd23370ff5f3004aaeb05ede6e	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8EFDCABC93E61E925D4D1DED181A4320A467A139	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AE5083ED7CF45CBC8F61C621FE685D794221156E	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\379A197B418545350CA60369F33C2EAF474F2079\Blob = 030000000100000014000000379a197b418545350ca60369f33c2eaf474f2079090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080b0000000100000030000000470065006f0054007200750073007400200055006e006900760065007200730061006c002000430041002000320000002000000001000000700500003082056c30820354a003020102020101300d06092a864886f70d01010505003047310b300906035504061302555331163014060355040a130d47656f547275737420496e632e3120301e0603550403131747656f547275737420556e6976657273616c2043412032301e170d3034303330343035303030305a170d3239303330343035303030305a3047310b300906035504061302555331163014060355040a130d47656f547275737420496e632e3120301e0603550403131747656f547275737420556e6976657273616c204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100b35452c1c93ef2d9dcb1531a5929e7b1c34528e5d7d1edc5c54ba1aa747b57af4a26fcd8f55ea76e19db740c4f355b320b01e3dbeb7a7735eaaa5ae0d6e8a15794f090a37456944430031e5c4e2b852674827a0c76a06f4dce412da01506145fb742cd7b8f586134dc2a08f92ec301a622441c4c0782e65bced04a7c04d3197327f0aa987f2eaf4eeb871e24776a5db6e85b45badcc3a1056f568e8f1026a549c32ed7418722e04f86ca60b5eaa163c001971079bd003c126d2b15b1ac4bb1ee18b94e96dcdc76ff3bbecf5f03c0fc3be8be461bffda40c252f7fee33af76a7735d0da8deb5e186a31c71eba3c1b28d66b54c6aa5bd7a22c1b19cca202f69b59bd376b86b56d82bad8eac956bca93658fd3e19f3ed0c26a99338f84fc15d2206d097eae1adc655e0812b28833afaf47b215100be5238cecd6679a8f48156e2d0830947515b506acfdb481a5d3ef7cbf665f76cf195f8023b325682397a5bbd2f891bbfa1b4e8ff7f8d8cdf03f1604e58114ceba33f102b839a0173d9946d84002766acf07040094292ad4f930d61095124d892d50b9461b287b2edff9a35ff8554caed4443ac1b3c166b484a0a1c40881f92c20b0005fff2c8024aa4aaa9cc99969c2f58e07de1bebb07dc5f04725c3134c3ec5f2de03d649022e6d1ecb82edd59aed9a137bf5435dc73324f8c041e33b2c946f1d85cc85550c968bda8ba36090203010001a3633061300f0603551d130101ff040530030101ff301d0603551d0e0416041476f355e1faa436fbf09f5c6271ed3cf44738102b301f0603551d2304183016801476f355e1faa436fbf09f5c6271ed3cf44738102b300e0603551d0f0101ff040403020186300d06092a864886f70d0101050500038202010066c1c623f3d9e02e6e5fe8cfaeb0b0254d2bf83b589b4024375acbab1649ffb3757933a12f6d70173491fe677e8fec9be55e82a9551f2fdcd4510712feac163e2c35c663fcdc10eb0da3aad07cccd1d02f512ec4145adee819e13ec6cca429e72e84aa06307876547328985938e0000d62d3427d219fae3d3a8cd5fa770d182b160e5f36e1fc2ab53024cfe0630c7b581afe99ba4212b191f47c68e2c8e8af2ceac97eaebb2a3d0d15dc3495b61874a86a0fc7b4f413c4e45bed0ad2a4974c2aed2f6c12893df12770aa6a0352219f40a86750f2f35a1fdfdf23f6dc784ee6984f553a53e3eff2f49fc77cd858af292297b8e0bd912eb076ec5711cfef2944f3e9857a6063e45d338917d931aadad6f3183572cf872b2f6323845d848c3f57a088fc999128266999d48f9744be8ed548b1a42829f115b4e1e59eddf88fa66f26d7093c3a1c110ea66c37f7ad44872c28c7d87482b3d06f4a57bb352927a08be821a78764365dccd816acc7b22740925538288d516edd1467536c715c26844d755ab67e6056a94dadfb9b1e97f30dd9d2975477da3d12b7e01eef0806acf98587e9a2dcaf7e181283fd5617412ed529827d99f431f671a9cf2c0127a505b9aab2484e2aef9f935251953c52738e564c1740c00928e48b6a4853dbeccd5555f1c6f8e9a22c4ca6d1265f7eaf5a4cda1fa6f21c2c7eae0216d256d02f575347e892	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7E784A101C8265CC2DE1F16D47B440CAD90A1945\Blob = 0300000001000000140000007e784a101c8265cc2de1f16d47b440cad90a1945090000000100000020000000301e06082b0601050507030406082b0601050507030106082b060105050703030b000000010000004a00000045007100750069006600610078002000530065006300750072006500200047006c006f00620061006c002000650042007500730069006e006500730073002000430041002d003100000020000000010000009402000030820290308201f9a003020102020101300d06092a864886f70d0101040500305a310b3009060355040613025553311c301a060355040a1313457175696661782053656375726520496e632e312d302b06035504031324457175696661782053656375726520476c6f62616c2065427573696e6573732043412d31301e170d3939303632313034303030305a170d3230303632313034303030305a305a310b3009060355040613025553311c301a060355040a1313457175696661782053656375726520496e632e312d302b06035504031324457175696661782053656375726520476c6f62616c2065427573696e6573732043412d3130819f300d06092a864886f70d010101050003818d0030818902818100bae717900265b134553c49c251d5dfa7d1378fd1e781734152609b9da1172678adc7b1e8269432b5de338d3a2fdbf29a7a5a7398a35ce9fb8a731b5ce7c3bf806ccda9f4d62bc0f7f999aa63a2b147020fd4e4513a123c6c8a5a548470dbc1c590cf7245cba859c0cd339d3fa396eb8533211c3e1e3e606e769c6785c5c8c3610203010001a3663064301106096086480186f8420101040403020007300f0603551d130101ff040530030101ff301f0603551d23041830168014bea8a07472506b44b7c923d8fba8ffb3576b686c301d0603551d0e04160414bea8a07472506b44b7c923d8fba8ffb3576b686c300d06092a864886f70d01010405000381810030e20151aac7ea5fdab9d0650f30d63eda0d14496e9193271431efc4f72d45f8ecc7bfa2410d23b492f9190067bd01afcde071fc5acf64c4e09698d0a340e2018aef2707f165018a442d06657552c0861020215f6c6b0f6cae091caff2a21834c475a4731cf18ddcefadf9b376b492bfdc95101ebecbc83b5a8460195694a955	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\9FC796E8F8524F863AE1496D381242105F1B78F5\Blob = 0300000001000000140000009fc796e8f8524f863ae1496d381242105f1b78f5090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000003400000054004300200054007200750073007400430065006e00740065007200200043006c006100730073002000330020004300410000002000000001000000600300003082035c308202c5a003020102020203eb300d06092a864886f70d01010405003081bc310b30090603550406130244453110300e0603550408130748616d627572673110300e0603550407130748616d62757267313a3038060355040a1331544320547275737443656e74657220666f7220536563757269747920696e2044617461204e6574776f726b7320476d624831223020060355040b1319544320547275737443656e74657220436c61737320332043413129302706092a864886f70d010901161a636572746966696361746540747275737463656e7465722e6465301e170d3938303330393131353935395a170d3131303130313131353935395a3081bc310b30090603550406130244453110300e0603550408130748616d627572673110300e0603550407130748616d62757267313a3038060355040a1331544320547275737443656e74657220666f7220536563757269747920696e2044617461204e6574776f726b7320476d624831223020060355040b1319544320547275737443656e74657220436c61737320332043413129302706092a864886f70d010901161a636572746966696361746540747275737463656e7465722e646530819f300d06092a864886f70d010101050003818d0030818902818100b6b4c135052e0d8deca0406a1c0e27a650926b501b07de2ee776cce0dafc84a85e8c636a2b4dd94e027611c10bf28d79ca00b6f1b00ed7fba4173dafab697a9627bfaf33a19a2a59aac4b53708f212a531b643f53296712828ab8d2886dfbbeee30c7d30d6c352ab8f5d279c6bc0a3e7056b574944b36eea64cfd28e7a5077770203010001a36b3069300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186303306096086480186f842010804261624687474703a2f2f7777772e747275737463656e7465722e64652f67756964656c696e6573301106096086480186f8420101040403020007300d06092a864886f70d010104050003818100163dc6cdc1bb857185469f3e208f512899ec2d452163235b04bb4c90b88892044dbd7d01a33ff6eccef1defe7de5e13ebbc6ab5e0bdd3d96c4cba9d4f926e6064e9e0ca57aba6ec37c8219d1c7b1b1c3db0d8e9b407c370bf15de8fd1f9088a50e4e376421a84e8db49ff1de48add5561852298b47341209d4bb9235ef0fdb34	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\FAAA27B8CAF5FDF5CDA98AC3378572E04CE8F2E0\Blob = 0b00000001000000500000005300700061006e006900730068002000500072006f007000650072007400790020002600200043006f006d006d006500720063006500200052006500670069007300740072007900200043004100000009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070309030000000100000014000000faaa27b8caf5fdf5cda98ac3378572e04ce8f2e02000000001000000de050000308205da308204c2a00302010202043cce73d0300d06092a864886f70d01010505003082010c310b300906035504061302657331453043060355040a133c536572766963696f2064652043657274696669636163696f6e2064656c20436f6c6567696f206465205265676973747261646f726573202853435229311b3019060355040b1312436572746966696361646f2050726f70696f31193017060355040b1310436572746966696361646f205261697a312a302806035504031321436572746966696361646f206465206c6120436c617665205072696e636970616c312c302a060355040913235072696e636970652064652056657267617261203732203238303036204d61647269643124302206092a864886f70d0109011615736372407265676973747261646f7265732e6f7267301e170d3032303433303130333935305a170d3132303432373039333935305a3082010c310b300906035504061302657331453043060355040a133c536572766963696f2064652043657274696669636163696f6e2064656c20436f6c6567696f206465205265676973747261646f726573202853435229311b3019060355040b1312436572746966696361646f2050726f70696f31193017060355040b1310436572746966696361646f205261697a312a302806035504031321436572746966696361646f206465206c6120436c617665205072696e636970616c312c302a060355040913235072696e636970652064652056657267617261203732203238303036204d61647269643124302206092a864886f70d0109011615736372407265676973747261646f7265732e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100a9142b9008fd1080bcdea9083f0b99c99076108d155be19f44b645e89120e0ff6b697c25f95600770c3841d7c19bcbf7d1802839a7d542719a8299f152ca8072e1ad44768512e2f78ae01b9b511dcf645b3e614864bfafb5fe5944704c0b50c74cc14c6db10878e68720c8ab9fb40971f6cd4569ed7762f02a84db87183706b9a20a7377bc4ef019a6f82a13dfd56e30342824339ae731521aea103bea62cc4a2e6d38963523782a38d7170dc03a25f87757690b3d7c54fc02add9acedf5c1fab37c9dc5562bdaa93fe7aa1b90cf16886f47ccf8ed0797d5c2077aea00f7e3c4bc4af9360a88e5074db0759ebbe50406156b8d2d96aebe4dbe2083d76096c1e30203010001a382013e3082013a300f0603551d130101ff040530030101ff308201250603551d200482011c30820118308201140604551d20003082010a3081c506082b060105050702023081b81a81b54573746520636572746966696361646f20657320656d697469646f20792064656265207574696c697a6172736520736567756e206c6f2064697370756573746f20656e2073757320436f6e646963696f6e65732064652043657274696669636163696f6e207920656e20656c205265676c616d656e746f2064656c205343522e20687474703a2f2f7777772e7265676973747261646f7265732e6f72672f7363722f6e6f726d61746976612f63705f66322e68746d304006082b060105050702011634687474703a2f2f7777772e7265676973747261646f7265732e6f72672f7363722f6e6f726d61746976612f63705f66322e68746d300d06092a864886f70d01010505000382010100702bcb0474667ee70d228b1256eb16637758b0db09fa97f5dbbd34d08f6849e0cddfee5cb5b193859ec2741e92994a729a07a02b48a0499bba7b20442e71f866815bb9b8aca4a4a5c19aa4b471091ee62890b112d69eaf76dde200f2ae7eca7741731b2297dcac27c217979f52f4967167977d48905e7171e39f51e887d3974fea3f77509d8805f351ea2edb1303b57e3fc4040e96fe259bb09c5b9e72aa8621654f65c8903b1a105d2d4985436869b62c67a352a8687bae4f3a70f195e0b3ea2312525332c264a168a65450a28378718008fcbc48934c5c5e9be578e1dc8333b18e16a79d11fc4ad72f62fa032f1fac00f6e8774546bf1ff2a109e8db0d02b9	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6E3A55A4190C195C93843CC0DB722E313061F0B1\Blob = 0b000000010000004c0000004300680061006d006200650072007300690067006e0020004300680061006d00620065007200730020006f006600200043006f006d006d006500720063006500200052006f006f0074000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080300000001000000140000006e3a55a4190c195c93843cc0db722e313061f0b12000000001000000c1040000308204bd308203a5a003020102020100300d06092a864886f70d0101050500307f310b300906035504061302455531273025060355040a131e41432043616d65726669726d61205341204349462041383237343332383731233021060355040b131a687474703a2f2f7777772e6368616d6265727369676e2e6f726731223020060355040313194368616d62657273206f6620436f6d6d6572636520526f6f74301e170d3033303933303136313334335a170d3337303933303136313334345a307f310b300906035504061302455531273025060355040a131e41432043616d65726669726d61205341204349462041383237343332383731233021060355040b131a687474703a2f2f7777772e6368616d6265727369676e2e6f726731223020060355040313194368616d62657273206f6620436f6d6d6572636520526f6f7430820120300d06092a864886f70d01010105000382010d00308201080282010100b73655e5a55d1830e0da895491fcc8c752f82f50d9efb1757365477d1b5bba75c5fca18824fa2fedca084a3954c4517ab5da60ea383c81b2cbf1bbd991233f48017075a9052aad1f71f3c9543d1d066a403eb30c85ee5c1b79c262c4b8368e355d010c23044735aa9b604ea0663dcb260a9c40a1f45d98bf71aba500682aed837a0fa214b5d422b380b03c0c5a51692d58188fed999ef1aee295e6f647a8d60c0fb05858dbc366379e9b91543337d2941c6a48c9c9f2a5daa50c23f7230e9c32555e719c8405519a2dfde64e2a345adeca4037670c54215577da0a0ccc97ae80dc94364af43ece36131e53e4ac4e3a05ecdbae729c388bd0393b890a3e77fe75020103a38201443082014030120603551d130101ff040830060101ff02010c303c0603551d1f043530333031a02fa02d862b687474703a2f2f63726c2e6368616d6265727369676e2e6f72672f6368616d62657273726f6f742e63726c301d0603551d0e04160414e394f5b14de9dba1295b578b4d760676e1d1a28a300e0603551d0f0101ff040403020106301106096086480186f842010104040302000730270603551d110420301e811c6368616d62657273726f6f74406368616d6265727369676e2e6f726730270603551d120420301e811c6368616d62657273726f6f74406368616d6265727369676e2e6f726730580603551d200451304f304d060b2b0601040181872e0a0301303e303c06082b060105050702011630687474703a2f2f6370732e6368616d6265727369676e2e6f72672f6370732f6368616d62657273726f6f742e68746d6c300d06092a864886f70d010105050003820101000c4197c21a86c0227c9ffb90f31ad103b1ef13f9215f049cdac9a58d276c968791be4190017293e71e7d5ff689c65da740093dac494545dc2e8d3068b209bafbc32fccba0bdf3f777b467d3a12248e968f3c050a6fd294281d6d0cc02e8822d5d8cf1d13c7f048d7d705a7cfc7479e3b3c34c8804fd414bbfc0d50f7fab3ec425fa9dd6dc8f475cf7bc17226b1011c5c2cfd7a4eb401c50557b9e73caa05d988e9074641ceef4181ae58df83a2aecad7771fe7003c9d6f8ee432091d4d783478343c949b26ed4f71c6197abd2022485afe4b7d03b7e758bec6324e741e68dda8685bb33eee627dd980e80a757ab7eeb4659a2190e0aad098bc38b5733c8bf8dc	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F5C27CF5FFF3029ACF1A1A4BEC7EE1964C77D784	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\23E594945195F2414803B4D564D2A3A3F5D88B8C\Blob = 0b000000010000000e0000007400680061007700740065000000090000000100000016000000301406082b0601050507030106082b0601050507030303000000010000001400000023e594945195f2414803b4d564d2a3a3f5d88b8c200000000100000017030000308203133082027ca003020102020101300d06092a864886f70d01010405003081c4310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311d301b060355040a131454686177746520436f6e73756c74696e6720636331283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3119301706035504031310546861777465205365727665722043413126302406092a864886f70d01090116177365727665722d6365727473407468617774652e636f6d301e170d3936303830313030303030305a170d3230313233313233353935395a3081c4310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311d301b060355040a131454686177746520436f6e73756c74696e6720636331283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3119301706035504031310546861777465205365727665722043413126302406092a864886f70d01090116177365727665722d6365727473407468617774652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d3a4506ec8ff566be6cf5db6ea0c687547a2aac2da8425fca8f44751da85b5207494861e0f75c9e90861f5066d306e151902e952c062db4d999ee26a0c4438cdfebee3640970c5feb16b29b62f49c83bd427042510972fe7906dc0284299d74c43dec3f5216d549f5dc358e1c0e4d95bb0b8dcb47bdf363ac2b5662212d6870d0203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010405000381810007fa4c695cfb95cc46ee85834d21308ecad9a86f491ae6da51e360706c846111a11ac8483e59437d4f953da18bb70b62987a758add884e4e9e40dba8cc3274b96f0dc6e3b3440bd98a6f9a299b9918283bd1e340289a5a3cd5b5e7201b8bcaa4ab8de951d9e24c2c59a9dab9b2751bf642f2efc7f218f989bca3ff8a232e7047	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B8236B002F1D16865301556C11A437CAEBFFC3BB\Blob = 030000000100000014000000b8236b002f1d16865301556c11a437caebffc3bb090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b0000000100000018000000410066006600690072006d0054007200750073007400000053000000010000002400000030223020060a2b06010401828f09020430123010060a2b0601040182373c0101030200c0200000000100000002020000308201fe30820185a00302010202087497258ac73f7a54300a06082a8648ce3d0403033045310b300906035504061302555331143012060355040a0c0b41666669726d54727573743120301e06035504030c1741666669726d5472757374205072656d69756d20454343301e170d3130303132393134323032345a170d3430313233313134323032345a3045310b300906035504061302555331143012060355040a0c0b41666669726d54727573743120301e06035504030c1741666669726d5472757374205072656d69756d204543433076301006072a8648ce3d020106052b81040022036200040d305e1b159d03d0a17935b73a3c927aca151ccd62f39c265c073de554faa3d6cc12eaf4145fe88e19ab2f2e48e6ac184378acd037c3bdb2cd2ce647e21ae663b83d2e2f78c44fdbf40fa4684c55726b951d4e18429578cc373c91e29b652b29a3423040301d0603551d0e041604149aaf297ac011353526513000c36afe40d5aed63c300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106300a06082a8648ce3d040303036700306402301709f38788505aafc8c042bf475ff56c6a86e0c42774e43853d7057f1b34e3c62fb3ca093c379dd7e7b846f1fda1e271023042598743d451dfbad309325ace887e573d9c5f426bf5072db5f08293f9596fae64fa58e58b1ee363beb581cd6f028c79	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B172B1A56D95F91FE50287E14D37EA6A4463768A\Blob = 030000000100000014000000b172b1a56d95f91fe50287e14d37ea6a4463768a090000000100000016000000301406082b0601050507030406082b060105050703020b000000010000001400000055005300450052005400720075007300740000002000000001000000a6040000308204a23082038aa003020102021044be0c8b500024b411d336252567c989300d06092a864886f70d01010505003081ae310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d313630340603550403132d55544e2d5553455246697273742d436c69656e742041757468656e7469636174696f6e20616e6420456d61696c301e170d3939303730393137323835305a170d3139303730393137333635385a3081ae310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d313630340603550403132d55544e2d5553455246697273742d436c69656e742041757468656e7469636174696f6e20616e6420456d61696c30820122300d06092a864886f70d01010105000382010f003082010a0282010100b23985a4f27dab413b624637aecdc16075bc3965f94a1a47a2b9cc48cc6a98d54d3519b9a442e5ce49e28a2f1e7cd23107c74eb483649d2e29d5a264c485bd85513579a44e68907b1c7aa492a817f29815f293ccc9a43295bb0c4f30bd98a00b8be56e1ba246fa78bca26fab595ea52fcfcada6daa2febaca1b36aaab72e67358b79e11e6988e2e646cda0a5eabe0bce763a7a0e9beafcda275b3d731f22e64861c64cf369b1a82e1bb6d431202cbc828a8ea40ea5d78943fc165aaf1d71d71159daba870daffaf3e1c2f0a4c5678cd6d6543ade0aa4ba0377b365c8fd1ed37462aa18ca68931ea1857ef54765cbf84d572874d234ff30b6eef66230148c2ceb0203010001a381b93081b6300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e041604148982677dc49d2670004bb450487cde3dae046e7d30580603551d1f0451304f304da04ba0498647687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d436c69656e7441757468656e7469636174696f6e616e64456d61696c2e63726c301d0603551d250416301406082b0601050507030206082b06010505070304300d06092a864886f70d01010505000382010100b16d615da61a7f7cab4ae430fc536f2524c6caede2315c2b0eeeee61556f043ecf39dec51b4994e4eb204cb4e69e502e72d98df5aaa3b34ada561c609780dc82a2ad4abd8a2bff0b09b4c6d7200445e4cd8001baba2b6eceaad792fee4afebf4261d162a7f6c3095372f3312ac7fddc7d1118c5198b2d0a391d0adf69f9e83931e1d42b846af6b66f09b7feae30302e50251c1aad5359d72400389ba311dc51068529edfa285c55c08a678e6534fb1e8b7d3149e93a6c364e3ac7e71cdbc9fe9031bccfbe9ac31c1af7c15740299c3b247a6c23261d7c76f48245127a1d58755f27b8f983d169eee75b6f8d08ef2f3c6ae285ba7f0f33617fcc305d3ca034a54	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8D1784D537F3037DEC70FE578B519A99E610D7B0	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4313BB96F1D5869BC14E6A92F6CFF63469878237\Blob = 0300000001000000140000004313bb96f1d5869bc14e6a92f6cff63469878237090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030806082b060105050703030b000000010000002e000000540065006c006900610053006f006e00650072006100200052006f006f007400200043004100200076003100000020000000010000003c0500003082053830820320a00302010202110095be16a0f72e46f17b398272fa8bcd96300d06092a864886f70d0101050500303731143012060355040a0c0b54656c6961536f6e657261311f301d06035504030c1654656c6961536f6e65726120526f6f74204341207631301e170d3037313031383132303035305a170d3332313031383132303035305a303731143012060355040a0c0b54656c6961536f6e657261311f301d06035504030c1654656c6961536f6e65726120526f6f7420434120763130820222300d06092a864886f70d01010105000382020f003082020a0282020100c2beeb27f021a3f36926557e9dc55516915cfdef21bf53807a2dd2918c6331f0ec24f0c3a5d2727c106df437b7e5e67c79ea8cb5828bae48b6ac00dc6575ec2a4d5fc187f520652b81a8473e8923953016907fe8570748e719aebf4567b1371b062afedef9ac7d83fb5ebae48f9767be4b8e8d64075738556934363d1348ef4fe2d3661ea4cf1ab75e3633d4b406bd1801fd7784500045f58c5de823bc7efe35e1ed507ba9308d19d3098e68675dbf3c971853bb2962c5ca5e72c1c796d4db2da0b41f6903eceae250f10c3cf0acf3532df01cf5ed6c3939738016c852b023cde03edcdd3c47a0bb358ae298688bbee5bf72eed2faa5ed12edfc9818a92676dc284b10201cd37f16772ded6f80f749bb5305bb5d68c7d4c875163f895a8bf71747d44cf1d289793e4d3d98a861de3a1ed2f85e03e0c1c91c8cd38d4dd39536b3375f63639b3314f02d266b537c898c32c26eec3d210039c9a168e250832eb03a2bf336a0ac2fe46f61c25109393e8b53b9bb67dadc53b97659369d43e520e03d3260852251b7c733bbdd152fa478a6077b8146360486dd7935c7952c3bb0a31735e5731fb45c59efdaea10657b7ad07f9fb3b42a373b708b9b5bb92bb7ecb251129753295ad4f01210dc4f02bb12922f62d43f69437c0dd6fc587501889d58164bdeba90ff470189066af65fb2906ab302a60288bfb3477e2ad9d5fa6878354d0203010001a33f303d300f0603551d130101ff040530030101ff300b0603551d0f040403020106301d0603551d0e04160414f08f593800b3f58f9a960cd5ebfa7baa17e81312300d06092a864886f70d01010505000382020100bee45c624e24f40c08fff0d30c68e49349223f44276fbb6dde8366cea8cc0dfcf59a06e5771491eb9d417b992a84e5fffc21c15df0e41f57b775a9a15f0226ffd7c7f74ede4ff8f71c46c07a4f402c2235f019b1d06b672cb0a8e0c0403735f6845c5ce3af4278fea7c90d50ea0d8476f651ef8353c67aff0e56492e8f7ad60ce62754e34d0a607262cd9107d6a5bfc8996bedc419e6ab4c1138c56f31e26e49c83f768026032629e036f6f62053e3177034179d63681e6becc34d86b813302f5d460d4743d51baa590eb95c8d0648ad74875fc7fc31544113e2c7210e9ee01e0de1c07b438590c58a58c6650a7857f2c6230f01d9204bde0ffb9285752a5c738d6d7b2591caee45ae064b00ccd3b15950da3a883b2943465e972b54ce536f8d4ae796fabf710e428b7cfd28a0d048cadac4814cbba2739326c8eb0cd62688b6c024cfbbbd5beb757de9088e86332c79770969a589fcb3709087768fd322bb42cebd730b20262ad09b3d701e246ccd8776a91796b7cf0d92fb8e18a99849d19efe60447221b919edc2f531f13948889024755416adcef4f869146439fba3b8ba7040c7271cbfc45653fa6365d0f31c0e16f56b86584d18d4e40d8ea59d5b91dc7624503fc62afbd9b79cb5d6e6d0d9e8198b157148adb7ead85988d490bf16b3d9e9ac596154c81cbacac1cae1b9204c8f3a9389a5a0ccbfd3f675a475966d56	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\394FF6850B06BE52E51856CC10E180E882B385CC\Blob = 0b000000010000003c000000450071007500690066006100780020005300650063007500720065002000650042007500730069006e006500730073002000430041002d0032000000090000000100000020000000301e06082b0601050507030406082b0601050507030106082b06010505070303030000000100000014000000394ff6850b06be52e51856cc10e180e882b385cc2000000001000000240300003082032030820289a00302010202043770cfb5300d06092a864886f70d0101050500304e310b300906035504061302555331173015060355040a130e457175696661782053656375726531263024060355040b131d45717569666178205365637572652065427573696e6573732043412d32301e170d3939303632333132313434355a170d3139303632333132313434355a304e310b300906035504061302555331173015060355040a130e457175696661782053656375726531263024060355040b131d45717569666178205365637572652065427573696e6573732043412d3230819f300d06092a864886f70d010101050003818d0030818902818100e43939931e52061b2836f8b2a329c5ed8eb211bdfeebe7b474c28fff05e7d99d06bf12c83f0ef2d6d124b211ded173098ad4b12c98090d1e5046b283a6458d6268bb851b207032aa40cda6965fc471373f04f3b7412439071a1e2e6158a0120be5a5dfc5abea3771cc1cc8373ab99752a7acc56a24944e9c7bcfc06ad6df21bd0203010001a38201093082010530700603551d1f046930673065a063a061a45f305d310b300906035504061302555331173015060355040a130e457175696661782053656375726531263024060355040b131d45717569666178205365637572652065427573696e6573732043412d32310d300b0603550403130443524c31301a0603551d1004133011810f32303139303632333132313434355a300b0603551d0f040403020106301f0603551d23041830168014509e0beaaf5eb92048a6506acbfdd8207aa78276301d0603551d0e04160414509e0beaaf5eb92048a6506acbfdd8207aa78276300c0603551d13040530030101ff301a06092a864886f67d074100040d300b1b0556332e3063030206c0300d06092a864886f70d0101050500038181000c8682ade84e1af58e8927e235583d29b4078f365095bf6ec19eebc490b285a8bbb742e00f0739dffb9e90b2d1c13e539f0344b07e4bf46fe47c1fe7e2b1e4b89aefc3bdcede0b3234d9de28ed336bc4d4d73d1258ab7d092dcb70f5138a94a127a4d670c56d94b5c97d9da0d2c60849d9669ba6d3f40bdcc52657e19130eacd	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\74F8A3C3EFE7B390064B83903C21646020E5DFCE	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A1E7C600AA4170E5B74BC94F9B9703EDC261B4B9	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F\Blob = 03000000010000001400000085371ca6e550143dce2803471bde3a09e8f8770f09000000010000002a000000302806082b0601050507030406082b0601050507030206082b0601050507030306082b060105050703010b000000010000001200000056006500720069005300690067006e000000200000000100000006030000308203023082026b02107dd9fe07cfa81eb7107967fba78934c6300d06092a864886f70d01010505003081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b301e170d3938303531383030303030305a170d3238303830313233353935395a3081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b30819f300d06092a864886f70d010101050003818d0030818902818100cc5ed1115d5c69d0abd3b96a4c991f5998308e168520466d473fd4852084e16db3f8a4ed0cf1170f3bf9a7f925d7c1cf8463f27c63cfa247f2c65b338e64400468c180b9641c4577c7d86ef595293c50e834d7781fa8ba6d4391958f45575e7ec5fbcaa404ebea973754306fbb01473233cddc579b646961f89b1d1c894f5c670203010001300d06092a864886f70d010105050003818100514dcdbe5ccb98199c15b20139782e4d0f67707099c6105a94a4534d546d2baf0d5d408b64d3d7eede5661925fa6c41d106136d32c273ce82909b9116474ccb5739f1c48a9bc6101eee217a60ce340083b0ee7eb44732a9af16992ef7114c339ac71a791096fe47106b3ba5957267900f6f80da2333028d4aa58a09d9d6991fd	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CFE4313DBA05B8A7C30063995A9EB7C247AD8FD5\Blob = 0b00000001000000200000006900700073004300410020004d00610069006e00200052006f006f0074000000090000000100000040000000303e06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a0304030000000100000014000000cfe4313dba05b8a7c30063995a9eb7c247ad8fd52000000001000000f2050000308205ee308204d6a003020102020100300d06092a864886f70d01010505003081ae310b3009060355040613024553310f300d060355040813064d6164726964310f300d060355040713064d6164726964312f302d060355040a13264950532043657274696669636174696f6e20417574686f7269747920732e6c2e206970734341310e300c060355040b13056970734341311b3019060355040313126970734341204d61696e20434120526f6f74311f301d06092a864886f70d01090116106d61696e30314069707363612e636f6d301e170d3039303930373134353433365a170d3239313232353134353433365a3081ae310b3009060355040613024553310f300d060355040813064d6164726964310f300d060355040713064d6164726964312f302d060355040a13264950532043657274696669636174696f6e20417574686f7269747920732e6c2e206970734341310e300c060355040b13056970734341311b3019060355040313126970734341204d61696e20434120526f6f74311f301d06092a864886f70d01090116106d61696e30314069707363612e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100953025b27d224cda3f16c267df65cceb459247659eac76cf6c6ac9ce03cda3c33872e36da56ba55287e662a5fb017def6744cbb641ef0b607d4afd22eda1e3f49db24260ce360d295979ee62077ab9134dc4633597b6a6f5068ced19653f8c26347feee829968bab7c768014c427519c63bf2a9486188f909e85fd1ad97470d07fec1da42c7a51c58114ab55b36295830f83486886b7ef3f068b8ea568c2a359a699504b0dbc5c7215e0b2458b1e59c92a4f5bd6a2bfc17fbda8a6a27d7c2904e11bba42c16cced9bbba54303d2787c19cb80fb2db5f44809a6a434d16d3dcc470a88e98681ce232c3b147208b0b6a8a9fff55c18fbd76792e789b3008702e6f0203010001a38202133082020f301d0603551d0e0416041461ed398d6b3ce136c6cfdb41fc1b435157cb4d6b3081db0603551d230481d33081d0801461ed398d6b3ce136c6cfdb41fc1b435157cb4d6ba181b4a481b13081ae310b3009060355040613024553310f300d060355040813064d6164726964310f300d060355040713064d6164726964312f302d060355040a13264950532043657274696669636174696f6e20417574686f7269747920732e6c2e206970734341310e300c060355040b13056970734341311b3019060355040313126970734341204d61696e20434120526f6f74311f301d06092a864886f70d01090116106d61696e30314069707363612e636f6d820100300c0603551d13040530030101ff300b0603551d0f04040302010630470603551d250440303e06082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a0304301b0603551d110414301281106d61696e30314069707363612e636f6d301b0603551d120414301281106d61696e30314069707363612e636f6d303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c6d61696e30312e69707363612e636f6d2f63726c2f6d61696e30312e63726c303606082b06010505070101042a3028302606082b06010505073001861a687474703a2f2f63726c6d61696e30312e69707363612e636f6d300d06092a864886f70d01010505000382010100469c0f62b6da3d1c693ebe22c1e97e20efc9eefac6109e655d4fb844b3d42169564f727e62de9b49879de3c860ad6fb006371d40e17d3ad013d697e28776f71f4dd3832d0ab98859d221cfe6c0768fb5496bf93ccd5e2ba9e9a42913cf0afa9d932ddb38e1722a0d3b2f7097bdd9b304b1a26efa6f84cf60713b9ae385d87fb80d321ba0fa05641668243b9bf8cc2a00117fc02adc3de929947102a3186e2c0c3005ce98964d1af65163a146f42f8f511f3dae8752fdc03b93c88c72d171c899ea7da40c8c9f31877af7db95f0bf6f45cfac85dfd1465e6542934a1017741805025a4c9237e1e22d430aba9aaa444c87cdc494dc6f1b6ac7129264b700f8254d	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 53000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b000000010000000e00000043004f004d004f0044004f000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b06010505070307030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb42000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2AC8D58B57CEBF2F49AFF2FC768F511462907A41	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\96974CD6B663A7184526B1D648AD815CF51E801A\Blob = 03000000010000001400000096974cd6b663a7184526b1d648ad815cf51e801a090000000100000016000000301406082b0601050507030406082b060105050703030b000000010000001200000056006500720069005300690067006e00000020000000010000004502000030820241308201aa021100caf6c1f570e2e9036b73fc06921c2af1300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20496e646976696475616c20536f667477617265205075626c697368657273204341301e170d3936303430393030303030305a170d3034303130373233353935395a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20496e646976696475616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c17aca65a72dd50f4f6c4732f8737786e53df26f7990b5de4fd21479334bb20e46fd88722ac2fc649e618f6bc05be8f01104da7aba72f6ec5daffbf197f114d228e328855c7bbd8aa27fc233b56d0b92780b387174857f3dbab92fefbe27480d3822c956308d77fa5d2c5a9c97ce7030e9515fa68be49596a5a01777f193b8290203010001300d06092a864886f70d010102050003818100c08f9fd77f0e26f747fd657b63920646cce05e4b8158b397ec05181315d697102a7ff856add80e7abf274845079f2522ac7012066937805858d88a345a07c627dac6fb9eb17d6420804ff4a1157b1961afc6abc02665fe8c07873f1ac48eb24044107e2c617afeada3c8beccbd5eaaafacc5bf1167582a32f325ddb67443c07c	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\750251B2C632536F9D917279543C137CD721C6E0	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8	updroots.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 3552 wrote to memory of 924	3552	b52fe4aabbe5a4cc22efcb855adb6dfb1fc10ddb2ec4fdf178ff012ccbd5942d.exe	86
PID 3552 wrote to memory of 924	3552	b52fe4aabbe5a4cc22efcb855adb6dfb1fc10ddb2ec4fdf178ff012ccbd5942d.exe	86
PID 3552 wrote to memory of 924	3552	b52fe4aabbe5a4cc22efcb855adb6dfb1fc10ddb2ec4fdf178ff012ccbd5942d.exe	86
PID 924 wrote to memory of 3816	924	KB931125.exe	87
PID 924 wrote to memory of 3816	924	KB931125.exe	87
PID 924 wrote to memory of 3816	924	KB931125.exe	87
PID 924 wrote to memory of 2452	924	KB931125.exe	88
PID 924 wrote to memory of 2452	924	KB931125.exe	88
PID 924 wrote to memory of 2452	924	KB931125.exe	88
PID 924 wrote to memory of 5052	924	KB931125.exe	89
PID 924 wrote to memory of 5052	924	KB931125.exe	89
PID 924 wrote to memory of 5052	924	KB931125.exe	89
PID 924 wrote to memory of 4644	924	KB931125.exe	90
PID 924 wrote to memory of 4644	924	KB931125.exe	90
PID 924 wrote to memory of 4644	924	KB931125.exe	90

C:\Users\Admin\AppData\Local\Temp\b52fe4aabbe5a4cc22efcb855adb6dfb1fc10ddb2ec4fdf178ff012ccbd5942d.exe
"C:\Users\Admin\AppData\Local\Temp\b52fe4aabbe5a4cc22efcb855adb6dfb1fc10ddb2ec4fdf178ff012ccbd5942d.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:3552
- C:\Users\Admin\AppData\Local\Temp\{F3020778-3927-42af-91AB-D705339B943F}-TemporaryCache\KB931125.exe
  "C:\Users\Admin\AppData\Local\Temp\{F3020778-3927-42af-91AB-D705339B943F}-TemporaryCache\KB931125.exe"
  2⤵
  - Modifies Installed Components in the registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:924
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe authroots.sst
    3⤵
    - Executes dropped EXE
    - Modifies system certificate store
    PID:3816
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe updroots.sst
    3⤵
    - Executes dropped EXE
    - Modifies system certificate store
    PID:2452
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -l roots.sst
    3⤵
    - Executes dropped EXE
    - Modifies system certificate store
    PID:5052
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -d delroots.sst
    3⤵
    - Executes dropped EXE
    PID:4644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

Filesize
89KB

MD5
a64e4b204d44548eeb5c3d86eca2ad70

SHA1
e3245bf6dbb2e56d71a9cbad2697aa4fa0df6bbe

SHA256
985a5603ebf94539ac11549999f83b5e6dc008180994898c5daa6fd31ae1e9dc

SHA512
dca4099318954bab5f1204645be0d0e8fea0c2e97ee95496fa884fbed627e376358623fa94c39bf0abe97d07d46a7e6c5e1081496cdd1987e07e595995a46cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

Filesize
89KB

MD5
a64e4b204d44548eeb5c3d86eca2ad70

SHA1
e3245bf6dbb2e56d71a9cbad2697aa4fa0df6bbe

SHA256
985a5603ebf94539ac11549999f83b5e6dc008180994898c5daa6fd31ae1e9dc

SHA512
dca4099318954bab5f1204645be0d0e8fea0c2e97ee95496fa884fbed627e376358623fa94c39bf0abe97d07d46a7e6c5e1081496cdd1987e07e595995a46cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\authroots.sst

Filesize
73KB

MD5
bb49ccc10926cdb601eba81afef749a2

SHA1
a4766c9aea8d211e9632148fd4b625cece195be9

SHA256
f013ee3b7fede9a95844e83e83ee298d38cba6efce5a5cafcd8b95255c32f86c

SHA512
94c2809727039d1ed07a3742a4b2f9300e865ea7c49bc1fcf547a30238eeecc88d8dd06a2d4f3112317f948908b9af082b50f412a41a2bcb48d5e30d6d8ecbba

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\delroots.sst

Filesize
9KB

MD5
7b32871e409608ff887b6cf4d87debb0

SHA1
191f9ea1298ee52dbd6f977b3584109a064f57b9

SHA256
3f01268547364d2d60a0f65b46757cccfd9225fc39d581846a8fbffdb5756ff2

SHA512
534a384f7946db4083e639b8e02d83ac97293c60630b8811a84c85e0330e9c293f05f5cf71e0f3580551e7923bc5a3bfb7f0406432ca3cdb7efeb4a950ac5e8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\roots.sst

Filesize
7KB

MD5
9e5de0fd1f90486a66dee4bfe89a78d7

SHA1
90e3188ef63495aaa71c85d4ff0f23253c834b40

SHA256
8b95ff56d61586582864d05563762615c8705779578dca3c98a303c3b1f4122e

SHA512
60006fa6f57e4d280642d51055f85f8d27b913ce71373de5b928c515c77647295030ab73ab4a55024de4a40c18f200909f49ffb52c26cf554835fc3d4cc348f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rootsupd.inf

Filesize
1KB

MD5
421e60325404f5f29ac04c9b9d59096b

SHA1
aace2fd74d799e8af5c8d5b2646361bb67a1620c

SHA256
571a8da5298aacc37700c747ee5d72b5a7797835140e7a4d4f895e9604574d77

SHA512
86693975b1b187ee65b0a23b1f3f8e05d1a3f61e7e47b060f938fe1602bbad96021847b709e64c2d5a295b72f10f4db587a11a1e7ca0a0b64c3bed7fa683b1d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

Filesize
5KB

MD5
9c18ae971cbffb096952177f6804ea31

SHA1
bb255dd1bd9bb39cdbb8671af66054432c686828

SHA256
2703c25453b09c40ee81fdc458b8cc24712e387a12d15ff94e12b02921fe98cb

SHA512
21086509bb4ea5afede55d034955de0bdf8b366d5d8d4bfa7a6c68b0f35fbf217ff3e932f87fc1d37f09022805e79ceeecbaf3dbccbd96d7c93029ffe7370e4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

Filesize
5KB

MD5
9c18ae971cbffb096952177f6804ea31

SHA1
bb255dd1bd9bb39cdbb8671af66054432c686828

SHA256
2703c25453b09c40ee81fdc458b8cc24712e387a12d15ff94e12b02921fe98cb

SHA512
21086509bb4ea5afede55d034955de0bdf8b366d5d8d4bfa7a6c68b0f35fbf217ff3e932f87fc1d37f09022805e79ceeecbaf3dbccbd96d7c93029ffe7370e4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

Filesize
5KB

MD5
9c18ae971cbffb096952177f6804ea31

SHA1
bb255dd1bd9bb39cdbb8671af66054432c686828

SHA256
2703c25453b09c40ee81fdc458b8cc24712e387a12d15ff94e12b02921fe98cb

SHA512
21086509bb4ea5afede55d034955de0bdf8b366d5d8d4bfa7a6c68b0f35fbf217ff3e932f87fc1d37f09022805e79ceeecbaf3dbccbd96d7c93029ffe7370e4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

Filesize
5KB

MD5
9c18ae971cbffb096952177f6804ea31

SHA1
bb255dd1bd9bb39cdbb8671af66054432c686828

SHA256
2703c25453b09c40ee81fdc458b8cc24712e387a12d15ff94e12b02921fe98cb

SHA512
21086509bb4ea5afede55d034955de0bdf8b366d5d8d4bfa7a6c68b0f35fbf217ff3e932f87fc1d37f09022805e79ceeecbaf3dbccbd96d7c93029ffe7370e4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

Filesize
5KB

MD5
9c18ae971cbffb096952177f6804ea31

SHA1
bb255dd1bd9bb39cdbb8671af66054432c686828

SHA256
2703c25453b09c40ee81fdc458b8cc24712e387a12d15ff94e12b02921fe98cb

SHA512
21086509bb4ea5afede55d034955de0bdf8b366d5d8d4bfa7a6c68b0f35fbf217ff3e932f87fc1d37f09022805e79ceeecbaf3dbccbd96d7c93029ffe7370e4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.sst

Filesize
320KB

MD5
2d9b4498c847715418160bfd7e7c8a2d

SHA1
e0873091d476d2566aa6fc988cb364247c95dc97

SHA256
c49c05b701c390c679e5e3226ec621f22a08155b1065fcfc37b509f648f03b41

SHA512
dcf3208cdd1e4353f82823f796d735c1209f149f183eea827a90753ec55509a1c460a16c120e07c12a5eacf0e67d2661c25638491ecf4403e25d6508983e519b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9BDD473A-0C5C-46f1-9C26-C71E6FB8F124}-TemporaryCache\7z.dll

Filesize
1.1MB

MD5
f0fef6362d4886e85a186a5e3766650a

SHA1
65843b7052a4d1b84762479d79445c46834e18b5

SHA256
15b9fe7d408cbf2204039087526e7df947df57b42ea479e303b682e956638816

SHA512
3f6dfd701cf62b77219f8825a2257c4bd7d44ebafc5654b06abaf906ced2571f4eeb04fe22ae6136c14bddebddb12555aa6efd322e779443d57bb122ea786043

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9BDD473A-0C5C-46f1-9C26-C71E6FB8F124}-TemporaryCache\7z.dll

Filesize
1.1MB

MD5
f0fef6362d4886e85a186a5e3766650a

SHA1
65843b7052a4d1b84762479d79445c46834e18b5

SHA256
15b9fe7d408cbf2204039087526e7df947df57b42ea479e303b682e956638816

SHA512
3f6dfd701cf62b77219f8825a2257c4bd7d44ebafc5654b06abaf906ced2571f4eeb04fe22ae6136c14bddebddb12555aa6efd322e779443d57bb122ea786043

Download Submit
C:\Users\Admin\AppData\Local\Temp\{F3020778-3927-42af-91AB-D705339B943F}-TemporaryCache\KB931125.exe

Filesize
349KB

MD5
4a4d72d34f9da1fc5019e0748fcde2f5

SHA1
f54752ec63369522f37e545325519ee434cdf439

SHA256
83b660f3f3eaddd4b388ed3f806f7444f03429fb63fc1f8db3d86294914a05ca

SHA512
95986ffbf51483a0d1a256028847c7ee6ac73ffd62f6d838309a69e1833f719a7cfed5422815f4d4a49dbd599c449f8db8f60273136720cb1da5f8b0eb24cb33

Download Submit
C:\Users\Admin\AppData\Local\Temp\{F3020778-3927-42af-91AB-D705339B943F}-TemporaryCache\KB931125.exe

Filesize
349KB

MD5
4a4d72d34f9da1fc5019e0748fcde2f5

SHA1
f54752ec63369522f37e545325519ee434cdf439

SHA256
83b660f3f3eaddd4b388ed3f806f7444f03429fb63fc1f8db3d86294914a05ca

SHA512
95986ffbf51483a0d1a256028847c7ee6ac73ffd62f6d838309a69e1833f719a7cfed5422815f4d4a49dbd599c449f8db8f60273136720cb1da5f8b0eb24cb33

Download Submit
C:\Users\Admin\AppData\Local\Temp\{F3020778-3927-42af-91AB-D705339B943F}-TemporaryCache\KB931125.exe

Filesize
349KB

MD5
4a4d72d34f9da1fc5019e0748fcde2f5

SHA1
f54752ec63369522f37e545325519ee434cdf439

SHA256
83b660f3f3eaddd4b388ed3f806f7444f03429fb63fc1f8db3d86294914a05ca

SHA512
95986ffbf51483a0d1a256028847c7ee6ac73ffd62f6d838309a69e1833f719a7cfed5422815f4d4a49dbd599c449f8db8f60273136720cb1da5f8b0eb24cb33

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads