eef17a001a27e328434dfacbe7d2348a4f4fb4dc74b4a38b83970aa25fed721b

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 12:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Symantec_Agent_setup_Server.exe
Size

4.4MB
MD5

bc3c4f9b7b7c43cdea4d7eb8e73609b5
SHA1

150835b42a6a018b7cf98eb03f5a49007d56f860
SHA256

eef17a001a27e328434dfacbe7d2348a4f4fb4dc74b4a38b83970aa25fed721b
SHA512

c31912895f78e1f040ab4d4827e1fae6b55f92b5de0267bcc8f54b72d686f59a3d233805e87b182fede18b289abdb8a66e76a21720f06325a507bd2199081f3e
SSDEEP

98304:1zFqBQg/9nWjyBgf2V0GYhR3TZ086CocmXqxYflkkIC41:BAGgBW/2VEO8LcsY8CU

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Symantec_Agent_setup.dat
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Symantec_Agent_setup_Server.exe

Executes dropped EXE 1 IoCs

pid	Process
3008	Symantec_Agent_setup.dat

Loads dropped DLL 1 IoCs

pid	Process
1972	Symantec_Agent_setup_Server.exe

Modifies system certificate store 2 TTPs 28 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D6AEE31631F7ABC56B9DE8ABECCC4108A626B104\Blob = 030000000100000014000000d6aee31631f7abc56b9de8abeccc4108a626b10420000000010000008f0400003082048b30820373a00302010202100c8ee0c90d6a89158804061ee241f9af300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3238303830313132303030305a3044310b300906035504061302555331153013060355040a130c446967694365727420496e63311e301c06035504031315446967694365727420476c6f62616c20434120473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d3487cbef305865d5bd52f854e4be086ad15ac61cf5baf3e6a0a47fb9a7691600b8a6bcdcfdc577e60980be454d956ed21cc02b65a815f976aee022f2327b86dd4b0e70602780b1f5ca99936febbac1b05fa57cd81104067d6308b5835d49661bed08c7a979f1af922e6142fa9c6e8011fabf8260fac8e4d2c32391d819b8d1c65b21cdb61a8892f60e7ebc24a18c46f2ae9109209ed17d1002be67def0489144e33a1b20f97879fb3a0cd2fbc2cecb88368313d1fd54a9010190b8195d6297651f93676d0b7097a384ad76f8cbf137c39edbaae90fc95f77b7809365e74931e25f0ffd4adae686bc6ff0fd535f1556e4849f8f8b8ef88f8f15e1177aadf02b30203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d307b0603551d1f047430723037a035a0338631687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c3037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c303d0603551d200436303430320604551d2000302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f435053301d0603551d0e04160414246e2b2dd06a925151256901aa9a47a689e74020301f0603551d230418301680144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b050003820101000b398491f997ebaa81af84e95a3892fce26c59bf36c845a7310311e106c0ac32c75a5529da4f4002f5a1deb0eddec0f8f6759d76b987fe41807acf5de300c65b02e69b7862c9dcb8629a77ed8908d74bc5fd43d5622327c404596d713f235bead9f2e724276ff49580db962ce4548bcfea19d97f5599517a0e2d183d785852bc6368570bdd44b3574a60e6c870705b87286ad73b4e524519af24069248111a8baeac181257ac03cbb8f4bdca260ea7c1dde333efc055300d95594e9c033606f8c08f14999c4d2a9ec1e17d3baf72a745ba1396294e19d01a9806f4379417ada318ba3eb0010c95d6293520357df51060e4f768621eec19e124f28711ace90880	Symantec_Agent_setup_Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 1400000001000000140000004e2254201895e6e36ee60ffafab912ed06178f39030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a42000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D6AEE31631F7ABC56B9DE8ABECCC4108A626B104\Blob = 140000000100000014000000246e2b2dd06a925151256901aa9a47a689e74020030000000100000014000000d6aee31631f7abc56b9de8abeccc4108a626b10420000000010000008f0400003082048b30820373a00302010202100c8ee0c90d6a89158804061ee241f9af300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3238303830313132303030305a3044310b300906035504061302555331153013060355040a130c446967694365727420496e63311e301c06035504031315446967694365727420476c6f62616c20434120473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d3487cbef305865d5bd52f854e4be086ad15ac61cf5baf3e6a0a47fb9a7691600b8a6bcdcfdc577e60980be454d956ed21cc02b65a815f976aee022f2327b86dd4b0e70602780b1f5ca99936febbac1b05fa57cd81104067d6308b5835d49661bed08c7a979f1af922e6142fa9c6e8011fabf8260fac8e4d2c32391d819b8d1c65b21cdb61a8892f60e7ebc24a18c46f2ae9109209ed17d1002be67def0489144e33a1b20f97879fb3a0cd2fbc2cecb88368313d1fd54a9010190b8195d6297651f93676d0b7097a384ad76f8cbf137c39edbaae90fc95f77b7809365e74931e25f0ffd4adae686bc6ff0fd535f1556e4849f8f8b8ef88f8f15e1177aadf02b30203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d307b0603551d1f047430723037a035a0338631687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c3037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c303d0603551d200436303430320604551d2000302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f435053301d0603551d0e04160414246e2b2dd06a925151256901aa9a47a689e74020301f0603551d230418301680144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b050003820101000b398491f997ebaa81af84e95a3892fce26c59bf36c845a7310311e106c0ac32c75a5529da4f4002f5a1deb0eddec0f8f6759d76b987fe41807acf5de300c65b02e69b7862c9dcb8629a77ed8908d74bc5fd43d5622327c404596d713f235bead9f2e724276ff49580db962ce4548bcfea19d97f5599517a0e2d183d785852bc6368570bdd44b3574a60e6c870705b87286ad73b4e524519af24069248111a8baeac181257ac03cbb8f4bdca260ea7c1dde333efc055300d95594e9c033606f8c08f14999c4d2a9ec1e17d3baf72a745ba1396294e19d01a9806f4379417ada318ba3eb0010c95d6293520357df51060e4f768621eec19e124f28711ace90880	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 040000000100000010000000e4a68ac854ac5242460afd72481b2a441400000001000000140000004e2254201895e6e36ee60ffafab912ed06178f39030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a419000000010000001000000014c3bd3549ee225aece13734ad8ca0b82000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6	Symantec_Agent_setup.dat
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D6AEE31631F7ABC56B9DE8ABECCC4108A626B104	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\495847A93187CFB8C71F840CB7B41497AD95C64F\Blob = 030000000100000014000000495847a93187cfb8c71f840cb7b41497ad95c64f20000000010000000e0600003082060a308204f2a00302010202105200e5aa2556fc1a86ed96c9d44b33c7300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3130303230383030303030305a170d3230303230373233353935395a3081b4310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313b3039060355040b13325465726d73206f66207573652061742068747470733a2f2f7777772e766572697369676e2e636f6d2f727061202863293130312e302c06035504031325566572695369676e20436c617373203320436f6465205369676e696e67203230313020434130820122300d06092a864886f70d01010105000382010f003082010a0282010100f5234b5ea5d78abb32e9d457f7efe4c7267ead1998fea89d7d94f6366b10d77581307f04687fcb2b751ecd1d088cdf6994a737a39c7b80e099e1ee374d5fce3b14ee86d4d0f52735bc250b38a78c639d17a308a5abb0fbcd6a62824cd521da1bd9f1e3843b8a2a4f855b90014fc9a776107f27037cbeae7e7dc1ddf905bc1b489c69e7c0a43c3c41003edf96e5c5e49471d65501c700264a403cb5a126a90ca76d808e90257bcfbf3f1ceb2f96fae58777c6b556b27a3b5430531bdf6234ff1ed1f45a932885e54c174e7e5bfda493997fdfcdefa475efef15f647e7f81972d82e341aa6b4a74c7ebdbb4f0c3d57f130d6a6368ed68076d7192ea5cd7e342d890203010001a38201fe308201fa30120603551d130101ff040830060101ff02010030700603551d20046930673065060b6086480186f845010717033056302806082b06010505070201161c68747470733a2f2f7777772e766572697369676e2e636f6d2f637073302a06082b06010505070202301e1a1c68747470733a2f2f7777772e766572697369676e2e636f6d2f727061300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e67696630340603551d1f042d302b3029a027a0258623687474703a2f2f63726c2e766572697369676e2e636f6d2f706361332d67352e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e766572697369676e2e636f6d301d0603551d250416301406082b0601050507030206082b0601050507030330280603551d110421301fa41d301b3119301706035504031310566572695369676e4d504b492d322d38301d0603551d0e04160414cf99a9ea7b26f44bc98e8fd7f00526efe3d2a79d301f0603551d230418301680147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d010105050003820101005622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3	Symantec_Agent_setup_Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	Symantec_Agent_setup_Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob = 0f000000010000002000000017fe16f394ec70a5bb0c6784cab40b1e61025ae9d50ecaa0531d6b4d997bbc590300000001000000140000003679ca35668772304d30a5fb873b0fa77bb70d542000000001000000bd040000308204b9308203a1a0030201020210401ac46421b31321030ebbe4121ac51d300d06092a864886f70d01010b05003081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f72697479301e170d3038303430323030303030305a170d3337313230313233353935395a3081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c761375eb10134db62d7159bff585a8c2323d6608e91d79098837ae65819388cc5f6e56485b4a271fbedbdb9dacd4d00b4c82d73a5c76971951f393cb244079ce80efa4d4ac421df29618f32226182c5871f6e8c7c5f16205144d1704f57eae31ce3cc79ee58d80ec2b34593c02ce79a172b7b00377a413378e133e2f3101a7f872cbef6f5f742e2e5bf8762895f004bdfc5dde4754432413a1e716e69cb0b754608d1cad22b95d0cffbb9406b648c574dfc13117984ed5e54f6349f0801f3102506174adaf11d7a666b986066a4d9efd22e82f1f0ef09ea44c9156ae2036e33d3ac9f5500c7f6086a94b95fdce033f18460f95b2711b4fc16f2bb566a80258d0203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e04160414b677fa6948479f5312d5c2ea07327607d1970719300d06092a864886f70d01010b050003820101004af8f8b003e62c677be4947763cc6e4cf97d0e0ddcc8b935b9704f63fa24fa6c838c479d3b63f39af976329591b177bcac9abeb1e43121c68195565a0eb1c2d4b1a659acf163cbb84c1d59904aef9016281f5aae10fb8150380c6cccf13dc3f563e3b3e321c92439e9fd156646f41b11d04d73a37d46f93deda85f62d4f13ff8e074572b189d81b4c428da9497a570ebac1dbe0711f0d5dbdde58cf0d532b083e657e28fbfbea1aabf3d1db5d438ead7b05c3a4f6a3f8fc0666c63aae9d9a416f481d195140e7dcd9534d9d28f7073817b9c7ebd9861d845879890c5eb8630c635bff0ffc35588834bef05920671f2b89893b7eccd8261f138e64f97982a5a8d	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob = 140000000100000014000000b677fa6948479f5312d5c2ea07327607d19707190300000001000000140000003679ca35668772304d30a5fb873b0fa77bb70d540f000000010000002000000017fe16f394ec70a5bb0c6784cab40b1e61025ae9d50ecaa0531d6b4d997bbc592000000001000000bd040000308204b9308203a1a0030201020210401ac46421b31321030ebbe4121ac51d300d06092a864886f70d01010b05003081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f72697479301e170d3038303430323030303030305a170d3337313230313233353935395a3081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c761375eb10134db62d7159bff585a8c2323d6608e91d79098837ae65819388cc5f6e56485b4a271fbedbdb9dacd4d00b4c82d73a5c76971951f393cb244079ce80efa4d4ac421df29618f32226182c5871f6e8c7c5f16205144d1704f57eae31ce3cc79ee58d80ec2b34593c02ce79a172b7b00377a413378e133e2f3101a7f872cbef6f5f742e2e5bf8762895f004bdfc5dde4754432413a1e716e69cb0b754608d1cad22b95d0cffbb9406b648c574dfc13117984ed5e54f6349f0801f3102506174adaf11d7a666b986066a4d9efd22e82f1f0ef09ea44c9156ae2036e33d3ac9f5500c7f6086a94b95fdce033f18460f95b2711b4fc16f2bb566a80258d0203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e04160414b677fa6948479f5312d5c2ea07327607d1970719300d06092a864886f70d01010b050003820101004af8f8b003e62c677be4947763cc6e4cf97d0e0ddcc8b935b9704f63fa24fa6c838c479d3b63f39af976329591b177bcac9abeb1e43121c68195565a0eb1c2d4b1a659acf163cbb84c1d59904aef9016281f5aae10fb8150380c6cccf13dc3f563e3b3e321c92439e9fd156646f41b11d04d73a37d46f93deda85f62d4f13ff8e074572b189d81b4c428da9497a570ebac1dbe0711f0d5dbdde58cf0d532b083e657e28fbfbea1aabf3d1db5d438ead7b05c3a4f6a3f8fc0666c63aae9d9a416f481d195140e7dcd9534d9d28f7073817b9c7ebd9861d845879890c5eb8630c635bff0ffc35588834bef05920671f2b89893b7eccd8261f138e64f97982a5a8d	Symantec_Agent_setup_Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a42000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob = 190000000100000010000000ad6d6ff31b24013151f279e26a8c33240f000000010000002000000017fe16f394ec70a5bb0c6784cab40b1e61025ae9d50ecaa0531d6b4d997bbc590300000001000000140000003679ca35668772304d30a5fb873b0fa77bb70d54140000000100000014000000b677fa6948479f5312d5c2ea07327607d19707192000000001000000bd040000308204b9308203a1a0030201020210401ac46421b31321030ebbe4121ac51d300d06092a864886f70d01010b05003081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f72697479301e170d3038303430323030303030305a170d3337313230313233353935395a3081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c761375eb10134db62d7159bff585a8c2323d6608e91d79098837ae65819388cc5f6e56485b4a271fbedbdb9dacd4d00b4c82d73a5c76971951f393cb244079ce80efa4d4ac421df29618f32226182c5871f6e8c7c5f16205144d1704f57eae31ce3cc79ee58d80ec2b34593c02ce79a172b7b00377a413378e133e2f3101a7f872cbef6f5f742e2e5bf8762895f004bdfc5dde4754432413a1e716e69cb0b754608d1cad22b95d0cffbb9406b648c574dfc13117984ed5e54f6349f0801f3102506174adaf11d7a666b986066a4d9efd22e82f1f0ef09ea44c9156ae2036e33d3ac9f5500c7f6086a94b95fdce033f18460f95b2711b4fc16f2bb566a80258d0203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e04160414b677fa6948479f5312d5c2ea07327607d1970719300d06092a864886f70d01010b050003820101004af8f8b003e62c677be4947763cc6e4cf97d0e0ddcc8b935b9704f63fa24fa6c838c479d3b63f39af976329591b177bcac9abeb1e43121c68195565a0eb1c2d4b1a659acf163cbb84c1d59904aef9016281f5aae10fb8150380c6cccf13dc3f563e3b3e321c92439e9fd156646f41b11d04d73a37d46f93deda85f62d4f13ff8e074572b189d81b4c428da9497a570ebac1dbe0711f0d5dbdde58cf0d532b083e657e28fbfbea1aabf3d1db5d438ead7b05c3a4f6a3f8fc0666c63aae9d9a416f481d195140e7dcd9534d9d28f7073817b9c7ebd9861d845879890c5eb8630c635bff0ffc35588834bef05920671f2b89893b7eccd8261f138e64f97982a5a8d	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\495847A93187CFB8C71F840CB7B41497AD95C64F\Blob = 1900000001000000100000003c31c095e651fa664cbfb198e9c0c008030000000100000014000000495847a93187cfb8c71f840cb7b41497ad95c64f140000000100000014000000cf99a9ea7b26f44bc98e8fd7f00526efe3d2a79d20000000010000000e0600003082060a308204f2a00302010202105200e5aa2556fc1a86ed96c9d44b33c7300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3130303230383030303030305a170d3230303230373233353935395a3081b4310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313b3039060355040b13325465726d73206f66207573652061742068747470733a2f2f7777772e766572697369676e2e636f6d2f727061202863293130312e302c06035504031325566572695369676e20436c617373203320436f6465205369676e696e67203230313020434130820122300d06092a864886f70d01010105000382010f003082010a0282010100f5234b5ea5d78abb32e9d457f7efe4c7267ead1998fea89d7d94f6366b10d77581307f04687fcb2b751ecd1d088cdf6994a737a39c7b80e099e1ee374d5fce3b14ee86d4d0f52735bc250b38a78c639d17a308a5abb0fbcd6a62824cd521da1bd9f1e3843b8a2a4f855b90014fc9a776107f27037cbeae7e7dc1ddf905bc1b489c69e7c0a43c3c41003edf96e5c5e49471d65501c700264a403cb5a126a90ca76d808e90257bcfbf3f1ceb2f96fae58777c6b556b27a3b5430531bdf6234ff1ed1f45a932885e54c174e7e5bfda493997fdfcdefa475efef15f647e7f81972d82e341aa6b4a74c7ebdbb4f0c3d57f130d6a6368ed68076d7192ea5cd7e342d890203010001a38201fe308201fa30120603551d130101ff040830060101ff02010030700603551d20046930673065060b6086480186f845010717033056302806082b06010505070201161c68747470733a2f2f7777772e766572697369676e2e636f6d2f637073302a06082b06010505070202301e1a1c68747470733a2f2f7777772e766572697369676e2e636f6d2f727061300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e67696630340603551d1f042d302b3029a027a0258623687474703a2f2f63726c2e766572697369676e2e636f6d2f706361332d67352e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e766572697369676e2e636f6d301d0603551d250416301406082b0601050507030206082b0601050507030330280603551d110421301fa41d301b3119301706035504031310566572695369676e4d504b492d322d38301d0603551d0e04160414cf99a9ea7b26f44bc98e8fd7f00526efe3d2a79d301f0603551d230418301680147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d010105050003820101005622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\495847A93187CFB8C71F840CB7B41497AD95C64F\Blob = 140000000100000014000000cf99a9ea7b26f44bc98e8fd7f00526efe3d2a79d030000000100000014000000495847a93187cfb8c71f840cb7b41497ad95c64f20000000010000000e0600003082060a308204f2a00302010202105200e5aa2556fc1a86ed96c9d44b33c7300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3130303230383030303030305a170d3230303230373233353935395a3081b4310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313b3039060355040b13325465726d73206f66207573652061742068747470733a2f2f7777772e766572697369676e2e636f6d2f727061202863293130312e302c06035504031325566572695369676e20436c617373203320436f6465205369676e696e67203230313020434130820122300d06092a864886f70d01010105000382010f003082010a0282010100f5234b5ea5d78abb32e9d457f7efe4c7267ead1998fea89d7d94f6366b10d77581307f04687fcb2b751ecd1d088cdf6994a737a39c7b80e099e1ee374d5fce3b14ee86d4d0f52735bc250b38a78c639d17a308a5abb0fbcd6a62824cd521da1bd9f1e3843b8a2a4f855b90014fc9a776107f27037cbeae7e7dc1ddf905bc1b489c69e7c0a43c3c41003edf96e5c5e49471d65501c700264a403cb5a126a90ca76d808e90257bcfbf3f1ceb2f96fae58777c6b556b27a3b5430531bdf6234ff1ed1f45a932885e54c174e7e5bfda493997fdfcdefa475efef15f647e7f81972d82e341aa6b4a74c7ebdbb4f0c3d57f130d6a6368ed68076d7192ea5cd7e342d890203010001a38201fe308201fa30120603551d130101ff040830060101ff02010030700603551d20046930673065060b6086480186f845010717033056302806082b06010505070201161c68747470733a2f2f7777772e766572697369676e2e636f6d2f637073302a06082b06010505070202301e1a1c68747470733a2f2f7777772e766572697369676e2e636f6d2f727061300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e67696630340603551d1f042d302b3029a027a0258623687474703a2f2f63726c2e766572697369676e2e636f6d2f706361332d67352e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e766572697369676e2e636f6d301d0603551d250416301406082b0601050507030206082b0601050507030330280603551d110421301fa41d301b3119301706035504031310566572695369676e4d504b492d322d38301d0603551d0e04160414cf99a9ea7b26f44bc98e8fd7f00526efe3d2a79d301f0603551d230418301680147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d010105050003820101005622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D6AEE31631F7ABC56B9DE8ABECCC4108A626B104\Blob = 190000000100000010000000c3e08af0e5fa8ddccec00533c45bc3cf030000000100000014000000d6aee31631f7abc56b9de8abeccc4108a626b104140000000100000014000000246e2b2dd06a925151256901aa9a47a689e7402020000000010000008f0400003082048b30820373a00302010202100c8ee0c90d6a89158804061ee241f9af300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3238303830313132303030305a3044310b300906035504061302555331153013060355040a130c446967694365727420496e63311e301c06035504031315446967694365727420476c6f62616c20434120473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d3487cbef305865d5bd52f854e4be086ad15ac61cf5baf3e6a0a47fb9a7691600b8a6bcdcfdc577e60980be454d956ed21cc02b65a815f976aee022f2327b86dd4b0e70602780b1f5ca99936febbac1b05fa57cd81104067d6308b5835d49661bed08c7a979f1af922e6142fa9c6e8011fabf8260fac8e4d2c32391d819b8d1c65b21cdb61a8892f60e7ebc24a18c46f2ae9109209ed17d1002be67def0489144e33a1b20f97879fb3a0cd2fbc2cecb88368313d1fd54a9010190b8195d6297651f93676d0b7097a384ad76f8cbf137c39edbaae90fc95f77b7809365e74931e25f0ffd4adae686bc6ff0fd535f1556e4849f8f8b8ef88f8f15e1177aadf02b30203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d307b0603551d1f047430723037a035a0338631687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c3037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c303d0603551d200436303430320604551d2000302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f435053301d0603551d0e04160414246e2b2dd06a925151256901aa9a47a689e74020301f0603551d230418301680144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b050003820101000b398491f997ebaa81af84e95a3892fce26c59bf36c845a7310311e106c0ac32c75a5529da4f4002f5a1deb0eddec0f8f6759d76b987fe41807acf5de300c65b02e69b7862c9dcb8629a77ed8908d74bc5fd43d5622327c404596d713f235bead9f2e724276ff49580db962ce4548bcfea19d97f5599517a0e2d183d785852bc6368570bdd44b3574a60e6c870705b87286ad73b4e524519af24069248111a8baeac181257ac03cbb8f4bdca260ea7c1dde333efc055300d95594e9c033606f8c08f14999c4d2a9ec1e17d3baf72a745ba1396294e19d01a9806f4379417ada318ba3eb0010c95d6293520357df51060e4f768621eec19e124f28711ace90880	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 0f00000001000000200000004b4eb4b074298b828b5c003095a10b4523fb951c0c88348b09c53e5baba408a319000000010000001000000014c3bd3549ee225aece13734ad8ca0b8030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a41400000001000000140000004e2254201895e6e36ee60ffafab912ed06178f39040000000100000010000000e4a68ac854ac5242460afd72481b2a442000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6	Symantec_Agent_setup.dat
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\495847A93187CFB8C71F840CB7B41497AD95C64F	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob = 0300000001000000140000003679ca35668772304d30a5fb873b0fa77bb70d542000000001000000bd040000308204b9308203a1a0030201020210401ac46421b31321030ebbe4121ac51d300d06092a864886f70d01010b05003081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f72697479301e170d3038303430323030303030305a170d3337313230313233353935395a3081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c761375eb10134db62d7159bff585a8c2323d6608e91d79098837ae65819388cc5f6e56485b4a271fbedbdb9dacd4d00b4c82d73a5c76971951f393cb244079ce80efa4d4ac421df29618f32226182c5871f6e8c7c5f16205144d1704f57eae31ce3cc79ee58d80ec2b34593c02ce79a172b7b00377a413378e133e2f3101a7f872cbef6f5f742e2e5bf8762895f004bdfc5dde4754432413a1e716e69cb0b754608d1cad22b95d0cffbb9406b648c574dfc13117984ed5e54f6349f0801f3102506174adaf11d7a666b986066a4d9efd22e82f1f0ef09ea44c9156ae2036e33d3ac9f5500c7f6086a94b95fdce033f18460f95b2711b4fc16f2bb566a80258d0203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e04160414b677fa6948479f5312d5c2ea07327607d1970719300d06092a864886f70d01010b050003820101004af8f8b003e62c677be4947763cc6e4cf97d0e0ddcc8b935b9704f63fa24fa6c838c479d3b63f39af976329591b177bcac9abeb1e43121c68195565a0eb1c2d4b1a659acf163cbb84c1d59904aef9016281f5aae10fb8150380c6cccf13dc3f563e3b3e321c92439e9fd156646f41b11d04d73a37d46f93deda85f62d4f13ff8e074572b189d81b4c428da9497a570ebac1dbe0711f0d5dbdde58cf0d532b083e657e28fbfbea1aabf3d1db5d438ead7b05c3a4f6a3f8fc0666c63aae9d9a416f481d195140e7dcd9534d9d28f7073817b9c7ebd9861d845879890c5eb8630c635bff0ffc35588834bef05920671f2b89893b7eccd8261f138e64f97982a5a8d	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 19000000010000001000000014c3bd3549ee225aece13734ad8ca0b8030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a41400000001000000140000004e2254201895e6e36ee60ffafab912ed06178f392000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331332000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	Symantec_Agent_setup_Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4	Symantec_Agent_setup.dat

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1972	Symantec_Agent_setup_Server.exe
3008	Symantec_Agent_setup.dat

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3008	Symantec_Agent_setup.dat
3008	Symantec_Agent_setup.dat
3008	Symantec_Agent_setup.dat

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3008	Symantec_Agent_setup.dat
3008	Symantec_Agent_setup.dat
3008	Symantec_Agent_setup.dat

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 3008	1972	Symantec_Agent_setup_Server.exe	28
PID 1972 wrote to memory of 3008	1972	Symantec_Agent_setup_Server.exe	28
PID 1972 wrote to memory of 3008	1972	Symantec_Agent_setup_Server.exe	28
PID 1972 wrote to memory of 3008	1972	Symantec_Agent_setup_Server.exe	28
PID 1972 wrote to memory of 3008	1972	Symantec_Agent_setup_Server.exe	28
PID 1972 wrote to memory of 3008	1972	Symantec_Agent_setup_Server.exe	28
PID 1972 wrote to memory of 3008	1972	Symantec_Agent_setup_Server.exe	28

C:\Users\Admin\AppData\Local\Temp\Symantec_Agent_setup_Server.exe
"C:\Users\Admin\AppData\Local\Temp\Symantec_Agent_setup_Server.exe"
1⤵
- Checks whether UAC is enabled
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Public\Downloads\Symantec\{SA143RU8-4Q23S6}_x64\Symantec_Agent_Package\Symantec_Agent_setup.dat
  "C:\Users\Public\Downloads\Symantec\{SA143RU8-4Q23S6}_x64\Symantec_Agent_Package\Symantec_Agent_setup.dat" /r
  2⤵
  - Checks whether UAC is enabled
  - Executes dropped EXE
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Symantec\FSD\bin\Symantec_Agent_setup.exe

Filesize
303KB

MD5
baecb04583a24df44c009469005e59bb

SHA1
f353cd627b58521c6e594a95c4ee48786f9d75a6

SHA256
8db89e0c6af8167e9ca97c2785f0e56c55c7fde3fa983997d1db925282503bd7

SHA512
004fe75307501a4a9daf80b7db60293e841d098c60456f35614e0a8918493136b7c781049829caf1754d7dcaa908366a1f7c47ed99cf8ab34742d85b6dad739a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4BE3.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4C05.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp50CE.tmp

Filesize
4KB

MD5
661e8ccf7182f1ad0b3774fef08b633d

SHA1
d571cb2a1263af6251c75ae5fe2249fff3fab72a

SHA256
7124ce12edbe629ab084b603901ba8dec0cb497bca0f74f9e953f9e8e82a3066

SHA512
0ad26d4027e89afd5f388ecd701da4de8b447bde8dd1c4d8582bcad3e52833d92eaabaf1fe235e83bdfc320231927ac2b5420c47e0ecb3a8fc3c2cb3a75fe7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp50DF.tmp

Filesize
1KB

MD5
78ff5e740204e0e244a6d43d7b078f39

SHA1
097008df39ff9f8b23834981bfb31f58e70d92ef

SHA256
c13116656282407ad0eaf70d8eb4981c92e559d1f9174c50fb1d2931fbacf6ec

SHA512
7ecba0fc2dc8056ba73482a143fc22b1e0d83e3e02430010dc5aafeb73d2c62cf960f2bd25d3ce5345b952ba999fbfb9fcac9c3aa86963f1221c3c1d60e12781

Download Submit
C:\Users\Public\Downloads\Symantec\{SA143RU8-4Q23S6}_x64\Symantec_Agent_Package\Symantec_Agent_setup.dat

Filesize
291KB

MD5
190a0a7064fb5c82da77cb5f0f623928

SHA1
23f97473f88cff1abd57ca50f4bf886be99aae5d

SHA256
0c36e959a5f3c09940d5e4d2d1d5750dfd69fbbeeef6f54ad32d78d063091a0f

SHA512
6b66e8e0919868ce623d355f7ed6f28e5f9210826796f394c0edcdfa70e70931f913fe5440a885fcb3d07311e1cb091a2541062a74b4df45ab5b1b6d71100977

Download Submit
C:\Users\Public\Downloads\Symantec\{SA143RU8-4Q23S6}_x64\Symantec_Agent_Package\Symantec_Agent_setup.dat

Filesize
16KB

MD5
096446ab8f54c669f83eadd1262b15a5

SHA1
02b0a209293743eaaa4725799a7ef2eae74ef1a8

SHA256
3cbda93406bf869074dad389e603b312b5f19cddce44a1fde3358b9931f9e5dd

SHA512
f0cbae8e2c28157421f401e59c4deaf92df045e724531e0f37c8c365866a3214d90baa30ffc603b885686ad869f035fdb60cdd471801604759736f766eaffc04

Download Submit
C:\Users\Public\Downloads\Symantec\{SA143RU8-4Q23S6}_x64\Symantec_Agent_Package\Symantec_Agent_setup.dat

Filesize
77KB

MD5
f3f150f0585e3da055c465479e85adc4

SHA1
836c5ebf0484bb2abd1621faa4915c606a298aa7

SHA256
f61943a7ead71591cb2934b424a318f99c95618861dc1917b11c68cd98aca7d4

SHA512
572863c13ba9e9ab5263af3452f1d1d6b2c8b6e719e7dec001c29db482eae6091d5e1458ca05e80de398cdea92df1d7c9975c8882c4d46addea8b3972ec07a3b

Download Submit
\Users\Public\Downloads\Symantec\{SA143RU8-4Q23S6}_x64\Symantec_Agent_Package\Symantec_Agent_setup.dat

Filesize
36KB

MD5
717a88a979bdd12f926867ae7684f7ed

SHA1
9678d08c4239c4f275e1dfc28581c11fa63b1e8c

SHA256
893ab634f0a4229899dd33c4723859e7a38ef1ba0b2f7d7741211d62b4bce159

SHA512
b71c6d4b62c68fc0005482aca4a5e232face5b914a79ea702b8e430fba2b18ecc731444c2057c374880c7c82a14bd9e74d2f7e16aa3934f9c797b6a9a4e9a417

Download Submit
memory/3008-61-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download