Malware Analysis Report

2025-08-10 18:07

Sample ID 240507-nd3b5agc46
Target 2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a
SHA256 2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a
Tags
bootkit discovery persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a

Threat Level: Likely malicious

The file 2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a was found to be: Likely malicious.

Malicious Activity Summary

bootkit discovery persistence

Modifies Installed Components in the registry

Executes dropped EXE

Loads dropped DLL

Writes to the Master Boot Record (MBR)

Checks installed software on the system

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Modifies system certificate store

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-07 11:17

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-07 11:17

Reported

2024-05-07 11:20

Platform

win10v2004-20240419-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a.exe

"C:\Users\Admin\AppData\Local\Temp\2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 139.53.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 14.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/3240-0-0x0000000077660000-0x0000000077670000-memory.dmp

memory/3240-2-0x00000000776F2000-0x00000000776F3000-memory.dmp

memory/3240-1-0x0000000077660000-0x0000000077670000-memory.dmp

memory/3240-3-0x0000000002EB0000-0x0000000002FAA000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-07 11:17

Reported

2024-05-07 11:20

Platform

win7-20240221-en

Max time kernel

117s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a.exe"

Signatures

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ComponentID = "Windows Roots Update" C:\Users\Admin\AppData\Local\Temp\KB931125.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A} C:\Users\Admin\AppData\Local\Temp\KB931125.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ = "RootsUpdate" C:\Users\Admin\AppData\Local\Temp\KB931125.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\IsInstalled = "1" C:\Users\Admin\AppData\Local\Temp\KB931125.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Version = "28,0,2195,0" C:\Users\Admin\AppData\Local\Temp\KB931125.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Locale = "*" C:\Users\Admin\AppData\Local\Temp\KB931125.exe N/A

Checks installed software on the system

discovery

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\LuDaShi\{952069D3-0078-4c8b-B266-B559288E4DC4}.tf C:\Users\Admin\AppData\Local\Temp\2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.app.log C:\Users\Admin\AppData\Local\Temp\KB931125.exe N/A

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\905F942FD9F28F679B378180FD4F846347F645C1 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\61573A11DF0ED87ED5926522EAD056D744B32371 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7A74410FB0CD5C972A364B71BF031D88A6510E9E C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0456F23D1E9C43AECB0D807F1C0647551A05F456 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4313BB96F1D5869BC14E6A92F6CFF63469878237 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 03000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b00200043004100000053000000010000002500000030233021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c02000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\20CB594FB4EDD895763FD5254E959A6674C6EEB2\Blob = 03000000010000001400000020cb594fb4edd895763fd5254e959a6674c6eeb2090000000100000056000000305406082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a0304060a2b0601040182370a030c06082b060105050703090b00000001000000340000004d004f004700410048004100200047006f007600740020006f00660020004b006f007200650061002000470050004b004900000020000000010000008e0300003082038a30820272a003020102021045f8e0e401c53e71e6bd716d979c4123300d06092a864886f70d0101050500304f310b3009060355040613024b52311c301a060355040a1313476f7665726e6d656e74206f66204b6f726561310d300b060355040b130447504b49311330110603550403130a47504b49526f6f744341301e170d3037303331353036303030345a170d3137303331353036303030345a304f310b3009060355040613024b52311c301a060355040a1313476f7665726e6d656e74206f66204b6f726561310d300b060355040b130447504b49311330110603550403130a47504b49526f6f74434130820121300d06092a864886f70d01010105000382010e0030820109028201005a2b41159bdb762601f054720b87131fa0d03f96aa0db33481de485a9ff3705ac2f13a9e04f04e947997e1f4b5144cd76fc48b18b7dc122b1d0a9bee200c5b8ffff9af829e9846d03d5d28f39716c15ce556bf44a400a17acb9b7a5bdcd4edfbf2a00267001e44e58a01dca5a34efed60c67ca49b9f0d0a0f94d1f03d386ef0d85754df3edfbcd6a660457f4579bac668a4fc2a84f718909dd4c00df96bbd5900ab4b66a6dc6bfd39929ff62f010da45ac09720b8210e815a88b5fe2a25a791ec267fde944570b03d0211551b000f38f6de223f04921d96dcf623decebfd2892013f7aa3727cebf3aee7f80aec6ead7a9b55c9304b9cb661466b581afe9f481d0203010001a3633061301f0603551d23041830168014166732f4685e683147dbedecce612e9a2446c47d301d0603551d0e04160414166732f4685e683147dbedecce612e9a2446c47d300e0603551d0f0101ff0404030201ae300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100356352c660181cb7c2c15a5802ec07d5a19093fc8047d05278ab85f876d3b8b01832a0b6906813663d6faf8edcf6a3c4ce395fafed0a66e07c11c80ccb9e1f38298a8bdec8632ec7b4d2ce369194e04f8492b6aa22a8fd31a73348c95bf613d81616eb1f3fa54e06933ad906653096fa8d06dba11af42bfa0f68f0c12b7c9d05d709423bd22f9190fc0e6b385bb275a9579c5764f59820a4ffd43004e4ce1f90c92fc1df5a56b8cbaaaab4bfebb8f7224a4dc135f465bd78bc6f781b563a81e80df5c2a51730d38d5777cba5c14cb130dd34b8ab920a2202368bf66cf761b908ee30ad1aa844f12e32ec83a248483a675fe96f1b1733082ac1c9c3679a0e8567 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\9ED18028FB1E8A9701480A7890A59ACD73DFF871 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\209900B63D955728140CD13622D8C687A4EB0085 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\9078C5A28F9A4325C2A7C73813CDFE13C20F934E\Blob = 0300000001000000140000009078c5a28f9a4325c2a7c73813cdfe13c20f934e090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000004800000053004500520056004900430049004f0053002000440045002000430045005200540049004600490043004100430049004f004e0020002d00200041002e004e002e0043002e0000002000000001000000ff030000308203fb308202e3a003020102020436e58d9e300d06092a864886f70d01010505003081b4310b3009060355040613025559312b3029060355040a132241444d494e495354524143494f4e204e4143494f4e414c20444520434f5252454f53311f301d060355040b1316534552564943494f5320454c454354524f4e49434f53312c302a06035504031323534552564943494f532044452043455254494649434143494f4e202d20412e4e2e432e31293027060a0992268993f22c6401031419636f7272656f5f6365727440636f7272656f2e636f6d2e7579301e170d3939303330393231303830375a170d3039303330393231303830375a3081b4310b3009060355040613025559312b3029060355040a132241444d494e495354524143494f4e204e4143494f4e414c20444520434f5252454f53311f301d060355040b1316534552564943494f5320454c454354524f4e49434f53312c302a06035504031323534552564943494f532044452043455254494649434143494f4e202d20412e4e2e432e31293027060a0992268993f22c6401031419636f7272656f5f6365727440636f7272656f2e636f6d2e757930820122300d06092a864886f70d01010105000382010f003082010a0282010100b22a2fec2b596a439389462a8ae5ecfa05fae2c8de416baf03db005aef4837cf5789fbddc99210de7703951c903ec7b667253b5598efd93cfe26e48a3b44a97437830a772774b8a971addd9713d2caa22eb8ba9dc9be59e8d972f28a85661c475eb48782d60fdf6726a6bd36b1f35d90505176322c3b2faa5f615ee354d5125dff0d8d11c7827a36dfe14c16c474dd2d6aefd0b1f033a7febf376743122e794a94af84fb0711084e309375e90154cec5de1486f0aeae9b72250f4477e2f36caf799c2e49c79e987632169abc00dee0b420059117dd801514ee3641c4218feed9004a19c67161a5115d003be4a7746c3a4a6e83e07a315c2165f80887428767e50203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100991f49225cf8657f836e90662f02cfb4f6563a6636a1b7920d36c34558364be6ccf15acc73329e9aa8aed376ebeffe802ce31034b2479f1c256ae844b58f4cbe81f3d0c0c10bcd0316a04255564ec1e3b420ad5f9bb6555f481012ef24b3567ccc051bb2c92aa96811927e2fe93f44f1d0c6901b4bddf76122ec69861540b3e2a56a77f3b3f25427da492a6419f439de7c7686d99c72570a34f5f52fd039681bdb45a518e380543b93109014c21401aaa5762d7d0fe456f3ff732a6f8ec1d880fbbb901d1b1a499c0463c4421df36fbbb3494add47ed49ba022d2a8cc70356b9e268d0c1b086b58c4b3aae8d1c88844cfd50af99267608c280ad287955d32de6 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\FAAA27B8CAF5FDF5CDA98AC3378572E04CE8F2E0\Blob = 0b00000001000000500000005300700061006e006900730068002000500072006f007000650072007400790020002600200043006f006d006d006500720063006500200052006500670069007300740072007900200043004100000009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070309030000000100000014000000faaa27b8caf5fdf5cda98ac3378572e04ce8f2e02000000001000000de050000308205da308204c2a00302010202043cce73d0300d06092a864886f70d01010505003082010c310b300906035504061302657331453043060355040a133c536572766963696f2064652043657274696669636163696f6e2064656c20436f6c6567696f206465205265676973747261646f726573202853435229311b3019060355040b1312436572746966696361646f2050726f70696f31193017060355040b1310436572746966696361646f205261697a312a302806035504031321436572746966696361646f206465206c6120436c617665205072696e636970616c312c302a060355040913235072696e636970652064652056657267617261203732203238303036204d61647269643124302206092a864886f70d0109011615736372407265676973747261646f7265732e6f7267301e170d3032303433303130333935305a170d3132303432373039333935305a3082010c310b300906035504061302657331453043060355040a133c536572766963696f2064652043657274696669636163696f6e2064656c20436f6c6567696f206465205265676973747261646f726573202853435229311b3019060355040b1312436572746966696361646f2050726f70696f31193017060355040b1310436572746966696361646f205261697a312a302806035504031321436572746966696361646f206465206c6120436c617665205072696e636970616c312c302a060355040913235072696e636970652064652056657267617261203732203238303036204d61647269643124302206092a864886f70d0109011615736372407265676973747261646f7265732e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100a9142b9008fd1080bcdea9083f0b99c99076108d155be19f44b645e89120e0ff6b697c25f95600770c3841d7c19bcbf7d1802839a7d542719a8299f152ca8072e1ad44768512e2f78ae01b9b511dcf645b3e614864bfafb5fe5944704c0b50c74cc14c6db10878e68720c8ab9fb40971f6cd4569ed7762f02a84db87183706b9a20a7377bc4ef019a6f82a13dfd56e30342824339ae731521aea103bea62cc4a2e6d38963523782a38d7170dc03a25f87757690b3d7c54fc02add9acedf5c1fab37c9dc5562bdaa93fe7aa1b90cf16886f47ccf8ed0797d5c2077aea00f7e3c4bc4af9360a88e5074db0759ebbe50406156b8d2d96aebe4dbe2083d76096c1e30203010001a382013e3082013a300f0603551d130101ff040530030101ff308201250603551d200482011c30820118308201140604551d20003082010a3081c506082b060105050702023081b81a81b54573746520636572746966696361646f20657320656d697469646f20792064656265207574696c697a6172736520736567756e206c6f2064697370756573746f20656e2073757320436f6e646963696f6e65732064652043657274696669636163696f6e207920656e20656c205265676c616d656e746f2064656c205343522e20687474703a2f2f7777772e7265676973747261646f7265732e6f72672f7363722f6e6f726d61746976612f63705f66322e68746d304006082b060105050702011634687474703a2f2f7777772e7265676973747261646f7265732e6f72672f7363722f6e6f726d61746976612f63705f66322e68746d300d06092a864886f70d01010505000382010100702bcb0474667ee70d228b1256eb16637758b0db09fa97f5dbbd34d08f6849e0cddfee5cb5b193859ec2741e92994a729a07a02b48a0499bba7b20442e71f866815bb9b8aca4a4a5c19aa4b471091ee62890b112d69eaf76dde200f2ae7eca7741731b2297dcac27c217979f52f4967167977d48905e7171e39f51e887d3974fea3f77509d8805f351ea2edb1303b57e3fc4040e96fe259bb09c5b9e72aa8621654f65c8903b1a105d2d4985436869b62c67a352a8687bae4f3a70f195e0b3ea2312525332c264a168a65450a28378718008fcbc48934c5c5e9be578e1dc8333b18e16a79d11fc4ad72f62fa032f1fac00f6e8774546bf1ff2a109e8db0d02b9 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4ABDEEEC950D359C89AEC752A12C5B29F6D6AA0C\Blob = 53000000010000002700000030253023060d2b0601040181872e0a080c010230123010060a2b0601040182373c0101030200c00b000000010000003e00000047006c006f00620061006c0020004300680061006d006200650072007300690067006e00200052006f006f00740020002d00200032003000300038000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070300000001000000140000004abdeeec950d359c89aec752a12c5b29f6d6aa0c20000000010000004d0700003082074930820531a003020102020900c9cdd3e9d57d23ce300d06092a864886f70d01010505003081ac310b3009060355040613024555314330410603550407133a4d616472696420287365652063757272656e742061646472657373206174207777772e63616d65726669726d612e636f6d2f61646472657373293112301006035504051309413832373433323837311b3019060355040a131241432043616d65726669726d6120532e412e312730250603550403131e476c6f62616c204368616d6265727369676e20526f6f74202d2032303038301e170d3038303830313132333134305a170d3338303733313132333134305a3081ac310b3009060355040613024555314330410603550407133a4d616472696420287365652063757272656e742061646472657373206174207777772e63616d65726669726d612e636f6d2f61646472657373293112301006035504051309413832373433323837311b3019060355040a131241432043616d65726669726d6120532e412e312730250603550403131e476c6f62616c204368616d6265727369676e20526f6f74202d203230303830820222300d06092a864886f70d01010105000382020f003082020a0282020100c0df56d3e43a9b7645b413dbffc1b6198b374118955247eb179d29888e356c06322e4762f34904bf7d4436b171ccbd5a0973d5d98544ff915725df5e368e70d15c71431dd9daef5cd2fb1bbd3ab5cbada3cc44a70dae21153fb97a5b9275d8a4123889198ab780d2e2326f569c91d688100bb37464927460f3f6cf184f60b223d0c73bce614b998fc20cd040b298dc0da84ea3b90aae60a0ad455263ba66bd68e0f9be1aa881bb1e417875d3c1fe0055b08754e82790351d4c33ad97fc972e9884bf2cc9a3bfd1981114ed63f8ca9888581799ed4503977e3c861e888cbef291848f6534d8004c7db731175a297a0a182430a337b57aa9017d26d6f90e8e59f1fd1b33b5293b173b41b621ddd4c03da59f9f1f4350c9bbbc6c7a9798eecd8c1ffb9c51ae8b70bd279f71c06bac7d9066e8d75d3a0db0d5c28dd5c89d9dc16dd0d0bf51e4e3f8c33836aed6a775e6af84435d93920c6a07de3b1d9822d6acc135dba3a025ff72b5761dde6de92c662c5284d04592ce1ce5e5331ddc075354a3aa823b9a372fdcdda064e9e6ddbdaefc64851d3ca7c906de84ff6be86b1a3cc5a2b342fb8b093e5f0852c762c4d40571bfc464e4f8a183e83e129ba81ed4364d2f71f68d28f683a913d261c191bb48c0348f418c4b4cdb6912ff50949c20835973ed7ca1f2f1fdddf749d34358a05663ca3d3de5355659e90eca20cc2b4b93290f0203010001a382016a3082016630120603551d130101ff040830060101ff02010c301d0603551d0e04160414b909ca9c1edbd36c3a6baeed54f15b9306352e5e3081e10603551d230481d93081d68014b909ca9c1edbd36c3a6baeed54f15b9306352e5ea181b2a481af3081ac310b3009060355040613024555314330410603550407133a4d616472696420287365652063757272656e742061646472657373206174207777772e63616d65726669726d612e636f6d2f61646472657373293112301006035504051309413832373433323837311b3019060355040a131241432043616d65726669726d6120532e412e312730250603550403131e476c6f62616c204368616d6265727369676e20526f6f74202d2032303038820900c9cdd3e9d57d23ce300e0603551d0f0101ff040403020106303d0603551d200436303430320604551d2000302a302806082b06010505070201161c687474703a2f2f706f6c6963792e63616d65726669726d612e636f6d300d06092a864886f70d0101050500038202010080887f70de9228d9059446ff9057a9f12fdf1a0d6bfa7c0e1c49247927d846aa6f295952887012eadd3df59b53546fe160a2a809b9eceb597cc635f1dc18e9f167e5afba45e009deca440fc2170e7791457a335f5f962c688bc1478f989b3dc0eccbf5d582928435d1be36385672315b472daa17a46351eb0a01ad7fec759ecba11ff17f12b1b9e4647f67d6232af4b8395d98e821a7e1bd3d421a749a70af686c505d49cffffb0e5de62c47d7813a5900b5736b6320f6314508390ef4707e40705a3fd06b42a9743d282f026d757295098d4863c6c6235792935e35c18df90af72c9d621cf6ad7cdda6311eb6b1c77e8526faa46ab5da6330d1ef9337b2662f7d05f7e7b74b989435c0d93a29c19db250331d4aa95aa6c903efedf4e7a86e8ab45784eba43fd0eeaaaa875b63e893e26ba8d4b872786b1bed39e45dcb9baa87d54f4e00fed96a9f3c310f2802017d98e8a7b0a2649e79f848f215a9cce6c844eb3f7899f27b713e3cf198a7c518123fe6bb283342e9450a7c6df286792fc582197d09897cb2547688aedec1f3cce16edb31d693ae99a0ef256a7398895b3a2e13881ebfc09294341be327b78b1e6f42ffe7e9379b501d2da2f902eecb58583a71bc68e3aac1af1c281fa2dc23653f81eaae99d3d830cf130d4f15c984bca7482df8302377d8464b796df68ced3a7f601178f4e99baed554c07480d10b429fc1 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5F3B8CF2F810B37D78B4CEEC1919C37334B9C774 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8C96BAEBDD2B070748EE303266A0F3986E7CAE58\Blob = 0300000001000000140000008c96baebdd2b070748ee303266a0f3986e7cae5809000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030306082b060105050703040b0000000100000058000000450042004700200045006c0065006b00740072006f006e0069006b00200053006500720074006900660069006b0061002000480069007a006d006500740020005300610067006c00610079006900630069007300690000002000000001000000eb050000308205e7308203cfa00302010202084caf73421c8e7402300d06092a864886f70d01010505003081803138303606035504030c2f45424720456c656b74726f6e696b20536572746966696b612048697a6d6574205361c49f6c6179c4b163c4b173c4b131373035060355040a0c2e4542472042696c69c59f696d2054656b6e6f6c6f6a696c6572692076652048697a6d65746c65726920412ec59e2e310b3009060355040613025452301e170d3036303831373030323130395a170d3136303831343030333130395a3081803138303606035504030c2f45424720456c656b74726f6e696b20536572746966696b612048697a6d6574205361c49f6c6179c4b163c4b173c4b131373035060355040a0c2e4542472042696c69c59f696d2054656b6e6f6c6f6a696c6572692076652048697a6d65746c65726920412ec59e2e310b300906035504061302545230820222300d06092a864886f70d01010105000382020f003082020a0282020100eea08461d03a6a661032d831387fa7a7e5fda1e1fb9777b87196e8139646834fb6f25f72566e1360a50191e25bc5cd571f776351ff2f3ddbb93faaa935e779d0f5d024b621eaeb2394fe29bffb89910c649a054a2bcc0ceef13d9b8269a44cf89a6fe722da10ba5f92fc18270aa8aa44fa2e2cb4fb469a08038372ab88e46a72c9e5651f6e2a0f9db3e83be40c6e7ada57fdd7eb798b5e2006d3760b6c0295a396e4cb7651d1289da11afc44a24dcc7a76a80d3dbf174f228850fdaeb6ec90504a5b9f9541aaca0fb24afe80994ea34615abf873426ac26676b10a2615dd9392ecdba95f54225291705d13ea48ec6e036cd9dd6cfceb0d03ffa683129bf1a9930fc5264c31b263996172e72a6499d2b8e975e27ca9a99a1aaac356db109a3c8352b67b96b7ac8777a8b9f2670b9443b3af3e73fa4236b125c50a3126375667baa30b7dd6f789cd67a1b73a1e664ff6a05514254c2c330da6418cbd04316a10720a9d0e2e76bd5ef351898ba83f5573bfdb3ac62405969248aa4b8d2a03e5579110f46a28156e4777845c51749f19e9e61e631639e31115e3581a44bdcbc46c66d78406df30f437a2432279d2106cdfbbe61311fc9d840a137bf03bd0fca30ad789ea967e8d48851e645fdb54a2acd57a02796bd28af067da65720d1470e4e98e788f32747c57f2d6d6f436891bf8296c8bb9f697d1a42eaabe0b19c245e9705d0203009dd9a3633061300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414e7cec64ffc166796fa4aa307c104a7cb6adeda47301f0603551d23041830168014e7cec64ffc166796fa4aa307c104a7cb6adeda47300d06092a864886f70d010105050003820201009b989a5dbef3282376c66cf77fe6409ec036dc950d1dad15c536d8d539eff21e225eb382b45dbb4c1aca920ddf47241eb324da9188e98370dd93d7e9bab3df165a3edee0c8fbd3fd6c29f81546a06826cc9352ae82019390ca77ca4d49efe25ad92abd30ce4cb281b630ce594fda591d6a7aa445b08226818676f5f51000b8eeb309e84f870207ae245cf05fac0a30cc8a40a07304c1fb8924f69a1c5cb73c0a6736050831b3afd801682ae0788f74deb851a48c6c203da2fbb3d409fd7bc280aa936c299821a8bb16f3a9125f74b58798f29526df34ef8a5391885d1a94a33f7c22f8d788baa68c96a83d5234629f001e54554267c64d468fbb14453d0a96168e10a19799d5d33085ccdeb472b7bc8a3c182968fddc7107ee24396afaeda5ac382ff91e100e06711a104cfe757eff1e573942cad7e115a15655591bd1a3af11d84ec3a52bef90bfc0ec82135b8dd6722c934e8f6a29df853cd30de0a21812cc552f47b7a79b02fe41f6884c6ddaa90147836427621082d6127b5e031f34a9c991feaf5d6d8627b723aa7518ca20e7b00fd7890ea6672263f483412b064bbb58d5d1d7b7b91063d8894ab4aadd1663f56ebe60a1f8ede8d6904f1ac6c5a029d3a721a8f55a3cf7c749a2219a4a95522096729a66cbf7d286437c22be96f9bd01a847dde53b40f9752b9b2b4664868d1ef48ffb0777d0ea49a21c8d5214a60a93 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F555CE20DCD3364E0DC7C41EFDD40F50356C122 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85B5FF679B0C79961FC86E4422004613DB179284 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A\Blob = 03000000010000001400000097e2e99636a547554f838fba38b82e74f89a830a09000000010000002a000000302806082b0601050507030406082b0601050507030206082b0601050507030306082b060105050703010b000000010000001200000056006500720069005300690067006e000000200000000100000006030000308203023082026b021046a433bd761f6a49e6a8c3a7f58540f5300d06092a864886f70d01010505003081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b301e170d3938303531383030303030305a170d3138303531383233353935395a3081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b30819f300d06092a864886f70d010101050003818d0030818902818100cc5ed1115d5c69d0abd3b96a4c991f5998308e168520466d473fd4852084e16db3f8a4ed0cf1170f3bf9a7f925d7c1cf8463f27c63cfa247f2c65b338e64400468c180b9641c4577c7d86ef595293c50e834d7781fa8ba6d4391958f45575e7ec5fbcaa404ebea973754306fbb01473233cddc579b646961f89b1d1c894f5c670203010001300d06092a864886f70d010105050003818100107bf4893fdc3d0bbb004ceb3428cbfd07a9436986f24b00a4c7d5d8b082780eed963c667b0707e13e73f67e72c8c541dd29485c63eb36f4752ec5048daabbb6b714a58066463d010cd2c000b5481b4b1df42947a83c4217582d787b205002274b9b270bedf32f54267348f025a989f79fc9aa8a61b7ca0c3dd684770614e815 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0747220199CE74B97CB03D79B264A2C855E933FF C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0b0000000100000012000000440069006700690043006500720074000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\BEB5A995746B9EDF738B56E6DF437A77BE106B81 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E0AB059420725493056062023670F7CD2EFC6666 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF646DCB7B0FD3A96AEE88C64E2D676711FF9D5F C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\016897E1A0B8F2C3B134665C20A727B7A158E28F C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8781C25A96BDC2FB4C65064FF9390B26048A0E01\Blob = 0300000001000000140000008781c25a96bdc2fb4c65064ff9390b26048a0e01090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030806082b060105050703090b000000010000000c000000440061006e0049004400000020000000010000001d0500003082051930820401a00302010202043e48bdc4300d06092a864886f70d01010505003031310b300906035504061302444b310c300a060355040a1303544443311430120603550403130b544443204f434553204341301e170d3033303231313038333933305a170d3337303231313039303933305a3031310b300906035504061302444b310c300a060355040a1303544443311430120603550403130b544443204f43455320434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ac62f66120b2cfc0c685d7e379e6ccedf23992a4972e64a3845b879c4cfda4f3c45f21bd5610ebdb2e61ec9369e3a3ccbd99c305fc06b8ca361cfe908e494cc4569a2f56bccf7b0cf16f47a60d434de2e91d3934cd8d2cd91298f9e3e1c14a7c8638c4a9c46188d25eaf1a264dd5e4a0224784d964b71996fcec19e4b297264e4a4ccb8f248b54181c48617bd58868da5db5eacd1a30c180837650aa4fd1d4dd38f0ef16f4e10c5006bfeafb7a49a1282b1cf6fc1532a3746a8fa9c362297131e53ba460175e74e6da13ede91f1f1bd1b26873c6103475461010e390007640cb8bb7430921ffab4e93c658e9a582db77c43a99b172954904f0b72bfa7b598edd0203010001a382023730820233300f0603551d130101ff040530030101ff300e0603551d0f0101ff0404030201063081ec0603551d200481e43081e13081de06082a815081290101013081d1302f06082b060105050702011623687474703a2f2f7777772e636572746966696b61742e646b2f7265706f7369746f727930819d06082b06010505070202308190300a160354444330030201011a8181436572746966696b61746572206672612064656e6e6520434120756473746564657320756e646572204f494420312e322e3230382e3136392e312e312e312e204365727469666963617465732066726f6d2074686973204341206172652069737375656420756e646572204f494420312e322e3230382e3136392e312e312e312e301106096086480186f84201010404030200073081810603551d1f047a30783048a046a044a4423040310b300906035504061302444b310c300a060355040a1303544443311430120603550403130b544443204f434553204341310d300b0603550403130443524c31302ca02aa0288626687474703a2f2f63726c2e6f6365732e636572746966696b61742e646b2f6f6365732e63726c302b0603551d1004243022800f32303033303231313038333933305a810f32303337303231313039303933305a301f0603551d2304183016801460b585ec56647e121927671d50154b73ae3bf912301d0603551d0e0416041460b585ec56647e121927671d50154b73ae3bf912301d06092a864886f67d0741000410300e1b0856362e303a342e3003020490300d06092a864886f70d010105050003820101000aba262646d373a809f36b0b3099fd8ae1577a11d3b894d709106ea3b13803d1b6f243412962a772d8fb7c05e631702754184e8a7c4ee5d1ca8c7888cf1bd3908be623f80b0e33437d9ce20a198fc9013e745d74c98b1c03e518c8014c3fcb97055d9871a6986fb67cbd377fbee193256d6ff00aad1718e103bc0729c8ad26e8f861f0fd21097e9a8ea9687d486272bd00ea0199b8068251814ef1f5b49154b9237a009a9f5d8de03c64b91a12922ac782447239dce23cc6d855f5154ec8050edbc6d062a6ec15b4b50282dbac8ca281f09b9931f52020a888610a079f94fcd0d71bcc2e17f304277667eb5483fda4907e063d04a3432ddafc0b62ea2f5f6253 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\204285DCF7EB764195578E136BD4B7D1E98E46A5\Blob = 0b000000010000001200000056006500720069005300690067006e000000090000000100000016000000301406082b0601050507030206082b06010505070304030000000100000014000000204285dcf7eb764195578e136bd4b7d1e98e46a520000000010000001e0400003082041a308203020211008b5b75568454850b00cfaf3848ceb1a4300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203139393920566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732031205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204733301e170d3939313030313030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203139393920566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732031205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473330820122300d06092a864886f70d01010105000382010f003082010a0282010100dd84d4b9b4f9a7d8f304789cde3ddc6c1316d97add245166c0c726590dac0608c294d1331ff083351f6e1bc8deaa6e154e5427efc46d1aec0be30ef044a557c740581ea3471f71ec60f66d94c81839edfe421856dfe44c4910784e017635631236dd66bc010436a35568d5a23609acab21265406ad3fca14e0accaad061d95e2f89df1e060ffc27f752b4cccdafe879921eabafe3e54d7d25978db3c6ecfa013001ab827a1e4be6796caa0c5b39cddc9759eeb309a5fa3cdd9ae78193f23e95cdb29bdad55c81b548c63f6e8a6eac737125ca3291e02d9db1f3bb4d70f56478115044aaf8327d1c55888c1ddf6aaa7a318da68aa6d1151e1bf656b9f9676d13d0203010001300d06092a864886f70d01010505000382010100ab668dd7b3bac79ab6e655d005f19f318d5aaad9aa46260f71eda5ad53566201472a44e9fe3f740b139bb9f44d1bb2d15fb2b6d2885cb39fcdcbd4a7d96095843af8c1371d61cae7b0c5e591da54a6ac3181ae97decd08acb8c097807f6e72a4e7691395651fc4933cfd798f04d43e4feaf79ececd677c4f6502ff91855473c7ff36f7862decd05e4fff119f7206d6b81af14c0d2665e244801ec79fe3dde80adaeca520806968a14f7ee16bcf0741fa838ebc38ddb02e11b16bb242cc9abcf94822794a190fb21c3e2074d96ac3bef228781356794f6d50ea1bb0b557b137665823f3dc0fdf0a87c4ef8605d538146099a34bde0696712cf2dbb61fa4ef3fee C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DA40188B9189A3EDEEAEDA97FE2F9DF5B7D18A41 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\FAAA27B8CAF5FDF5CDA98AC3378572E04CE8F2E0 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\027268293E5F5D17AAA4B3C3E6361E1F92575EAA C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3BC49F48F8F373A09C1EBDF85BB1C365C7D811B3 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B865130BEDCA38D27F69929420770BED86EFBC10\Blob = 0b00000001000000220000004100430020005200410049005a00200046004e004d0054002d00520043004d000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b06010505070307030000000100000014000000b865130bedca38d27f69929420770bed86efbc10200000000100000088050000308205843082036ca00302010202100081bbdd6b241fdab4be8f1bda0855c4300d06092a864886f70d0101050500303b310b30090603550406130245533111300f060355040a0c08464e4d542d52434d31193017060355040b0c104143205241495a20464e4d542d52434d301e170d3038313032393135353935355a170d3330303130313030303030305a303b310b30090603550406130245533111300f060355040a0c08464e4d542d52434d31193017060355040b0c104143205241495a20464e4d542d52434d30820222300d06092a864886f70d01010105000382020f003082020a0282020100ba71807a4c866e7fc8136dc0c67d1c00978f2c0c23bb109a40a91ab78788f89b566afbe67b8e8b928ea7255d5911db362eb751171fa9081f04172458aa374a18dfe539d457fdd7c12c910191e222d403c058fc7747ec8f3e7443baac348d4d3876678eb0c86f303358715cb4f56b6ed40150b8137e6c4aa349d12019eebcc0291865a7defeefdd0a9021e71a67924210985f4f30bc3e1c45b410d7684014c040fae777177ae60b8f655b3cd99a52dbb5bd9e46cf3deb910502c096b2764c4d10963b92fa9c7f0f99dfbe2335451e025cfeb5a89b9925da5ef322c339f5e42a2ed3c61fc46caac51c6a01054a2fd2c5c1a834265d66a5d20221f918b706f54e996fa8ab4c51e8cf5018c577c839092c49923299a8bb171779b05ac5e6a3c459654735835ea9e8350b99bbe4cd20c69b4a0639b568fc22baee558c2b4eeaf3b1e3fcb6999ad542fa714d08cf871e6a717df9d3b4e9a571817bc24e4796a5f67685a3288fe9806e8153a56d5fb848f9c2f936a62e49ffb896c28c07b39b8858fceb1b1cde2d70e2979230a189e3bc55a827d64bed90ad8bfa6325592da835ddca9733bce5cdc79dd1ecef5e0e4a90062663adb9d9352d07ba76652cac578f7df40794d78102965da30749d57ad057f91be7534675aab07942cb687108e960bd3969cef4afc35640c7ad52a209e46f86478a1feb28275d8320af04c96c569a8b46f50203010001a38183308180300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414f77dc5fdc4e89a1b7764a7f51da0ccbf87609a6d303e0603551d200437303530330604551d2000302b302906082b06010505070201161d687474703a2f2f7777772e636572742e666e6d742e65732f647063732f300d06092a864886f70d0101050500038202010076b926d7bc607c3bc3c78451925979b68dbf53e0bc88a0b5d94ce9adf5664eefa060c80bb891ed338e82f18695fec6d31a89ab4f3bd9331fd00bc7b1f54fa44bbb030c235c6cb0deac72fa69de0010cdf1d6cf3652be7ffc2641f3f2fc30e231c6db103ea974ba4feced2099c9b0e2a2a3a9429933cb7ff7aa02e924962af8e4ce5d41a00609555adadf1a4feb39fc5fe0a9a944d718ea95b1447bdaea3809741e67283fe08b392c53fa0ce039f72b1a0e3101d4667988749d48488eb49361e6bf2909efbe06a91a6c0870040abf6e0976a46443ce1f579d979e6cf874171c5103fa6053d4564696d0509fc69d33f343b1a8d7a2c9b0c983b17dc7dcac8176d789ed4326d6ffa25ca22da02447aa469a693109c1fd1079b085ec7020e63d4154a24a622fd6de4cc39c8fbdcba655941cddbd41cf28658dd04dd787d14cd3437321ecd72e17673287b6d01b74aa69c7e46c87d77d199aec3d44f1aa825972cd45dbda6642e1386c365f54dd265657a2d93ea40af2effc19801fdbbaaa80bcd851cd546ad57fd86fb5dc16fb40e2555490c3dd8733d1ff1ea5628b3644aca8bfc0d6c49477b3bdc4752469e9ff3994abfc516724ea401eeb892d13067dae07a1c30cf5d45ab24eb7211d17c5e5b9f21fe386015d0b06795dc9ca3f167e811e4d7ef09a3c25c5ce74799e4ae1f1e9f52546f6c4dee44464731dc6393e7ae6857b18 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae474090000000100000016000000301406082b0601050507030106082b060105050703040b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c020000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B19DD096DCD4E3E0FD676885505A672C438D4E9C\Blob = 0b000000010000001200000056006500720069005300690067006e000000090000000100000016000000301406082b0601050507030406082b06010505070303030000000100000014000000b19dd096dcd4e3e0fd676885505a672c438d4e9c200000000100000039020000308202353082019e020502b5000002300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20496e646976696475616c20536f667477617265205075626c697368657273204341301e170d3936303430393039333734395a170d3939313233313039333734385a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20496e646976696475616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c17aca65a72dd50f4f6c4732f8737786e53df26f7990b5de4fd21479334bb20e46fd88722ac2fc649e618f6bc05be8f01104da7aba72f6ec5daffbf197f114d228e328855c7bbd8aa27fc233b56d0b92780b387174857f3dbab92fefbe27480d3822c956308d77fa5d2c5a9c97ce7030e9515fa68be49596a5a01777f193b8290203010001300d06092a864886f70d01010205000381810088d656439b33dc5cd143e4f13acf1113394b2e061c688180ca9cc9fc93169a050f77725d6c8d86af0a97c23292c75cf91003e48440af496be171fa658dddb238fd05ae6ec8e26a3178f70d4a4aef183bad2938cef862bddd9c23ba9bde2357c9523e78fbb378646a45b2687ed1b29961eadae4e330374564e7ea3b5a3ac814e3 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8D08FC43C0770CA84F4DCCB2D41A5D956D786DC4\Blob = 0300000001000000140000008d08fc43c0770ca84f4dccb2d41a5d956d786dc4090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b000000010000003c000000530077006900730073005300690067006e002000530069006c00760065007200200052006f006f0074002000430041002000132020004700330000002000000001000000820500003082057e30820366a003020102020900aa88b05a0bb1769b300d06092a864886f70d01010b0500304c310b300906035504061302434831153013060355040a130c53776973735369676e204147312630240603550403131d53776973735369676e2053696c76657220526f6f74204341202d204733301e170d3039303830343133313931345a170d3337303830343133313931345a304c310b300906035504061302434831153013060355040a130c53776973735369676e204147312630240603550403131d53776973735369676e2053696c76657220526f6f74204341202d20473330820222300d06092a864886f70d01010105000382020f003082020a0282020100be879b05e6717c526f6dec37a9e9b3dccc5f7fd350ea219b04f03dbfbe8ec9a514163210cf99fcec70ad483667240c1732d629e54a39b137eba6780c6c6f19ca4ef751da1ae8fa21386c959c2fd68bcc3b029bbf269b1145b6b8345a1da6544852c89d7871ce484acca77883dc68ab661e7707d3361808d7d46d60f8f079d33336099263b7049af5a796da45af741afc82e3a85b0e3a3f5257987ebc9c8cc1c0b25adfc47efe0ca65476837ebadde72af44a364f87652ea5ba398d596129f3d38e24708c539b11a54707b275055c0d84d944d9cdc92644576e027d9501d4ab2486ee3d70fb57fab02914d09df2c597cb09caf1f23de7d84b96e9882f9e47518a54659848d212e454770c07e6be5b9cf1dd037e8d84fcbec962d5fcc93ae889b55fc2055261f09c3eec2e4d8c72918ec843c1a2285ef58024dce22f873b5300e5cbf0b27c8d7919a088cd78f8c58a5a77e506acdd4adee6706ebeafbef5b1ab0e08b0dba03f94c5be12b9bc7b2779b532295daec5202392037b5439b08922546d12e3c378ea3a40fda493ace92d883cdba647664cdfd817ed16de1ad6d74166bf1d80f1a4e06411295e0c270562ebe5c40462d1c49f0c6a55d658389c660f9dfbab5480999cec49d6829fda45d63f530603b7fd1fec867d74e0a4b4e832b6aa0723f8ef24419e633078f454dd8ef05a388e127f78c76f02562133ceb8b8ad69550203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414a18c45930a12630ba7575f324a7de121e7b73e66301f0603551d23041830168014a18c45930a12630ba7575f324a7de121e7b73e66300d06092a864886f70d01010b0500038202010087ae616d48382ac61cdc4a2e847849c0232a45b8354dd105fab90533c464bddbad54162ab03e0d5a28daa61a80730cc4416fafb834b677d45b8e1d0b8b469044b5b3ee491889c14b34b3873574a29e4567ed457166b6b9a12573d7c2ac88fbd21da76bdac05ae6d85964349765203133034fcead099eaee9c23e1875b4332512bb05ec50ba7140e2bdde88460521848ba32b1eeb303089bf11f55c44f8918b4b59450b300dca0c4f6f63be04fec1ede087fec8cd56bfe5dc8e7ad4d6294e80dbab9b3f8e650722f744cd961f2dc7f509b69870ff38dc501511843b7fa9f0d82454c8178c2b1349d6997f45d10f8ebf6972375307f4e6aefd5b3e79b906cdb88178b44da0d035bae4aeffd349bc35ed63c6b3fce3ab615a05b60be4ffa92abedf544ec24b5c68daa332a2c94d57185334593c6699d73c0278a74c71d0bfdbf1c43ce701e604f244f648263033c9b10119eb02f1cc21fa3a0230179dc85f803fdd25ac029be317debdca9214d2528153e6eafc306732a962f693171507315e0f1b69f5f4a9b77c2db3ed8444324728073b866945a9c73696907274d812a67323d14eb9b67a3ac429a1500611b9d9f4266e6208122016f0015717d405366797eb51f9ff33240c050f56bfef3d1c528e8ade690f5a1ff0d5033144b392c6ea75a8aebbc760038898ffc70484529086e1b493a9502fe8ebd236ac3060a7d00313b50a C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5F4E1FCF31B7913B850B54F6E5FF501A2B6FC6CF C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\93E6AB220303B52328DCDA569EBAE4D1D1CCFB65 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A5EC73D48C34FCBEF1005AEB85843524BBFAB727 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CC4307BC60755E7B22DD9F7FEA245936C7CF288\Blob = 0b000000010000003e00000054004300200054007200750073007400430065006e00740065007200200055006e006900760065007200730061006c002000430041002000490049000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080300000001000000140000008cc4307bc60755e7b22dd9f7fea245936c7cf2882000000001000000e3050000308205df308203c7a003020102020e193300010002281a9a04bcf25545300d06092a864886f70d0101050500307a310b3009060355040613024445311c301a060355040a1313544320547275737443656e74657220476d624831243022060355040b131b544320547275737443656e74657220556e6976657273616c204341312730250603550403131e544320547275737443656e74657220556e6976657273616c204341204949301e170d3036303332323135353833345a170d3330313233313232353935395a307a310b3009060355040613024445311c301a060355040a1313544320547275737443656e74657220476d624831243022060355040b131b544320547275737443656e74657220556e6976657273616c204341312730250603550403131e544320547275737443656e74657220556e6976657273616c20434120494930820222300d06092a864886f70d01010105000382020f003082020a02820201008bd4776b346ce536d86a5c5e38eefcd51d79033b7b836244824e88edde83ffeecc5062050595997698f6b9f25fd8069192c2f62d66171ffd5303e8a88d63a96ee1d61b8cbc98b38b3bd4e42eca7d8549265b79b81a8b409e7fbbc93f632ccfd15a7cba282241125a4df91777fc85fdc249e02a187fe9a02c9cf944fc0c683942f52705be8e157a609df03bc73ce63e16bcaf76de6ab7a2e1ab4645eb8c657dd197f3971125ab59eba022d982dd98ed7ee2faa0610a4a32de2c17f76d44ea8147599757370339dd5e8222d433b8fa2609b6bc39882f51154e9bc33bdf138288dd4b34f233d690e9f353dc357cc0c3d97c78b3cd703f8d6ae0a38148e429ad63b8f0fc28643b99b37dfe9a9d88f69922089147168935785d77a1cfbf49e1fd24942b69367be81ce62a908a5bd53b345942dc6dcfbb0f411c55cdf50d5b2e162226ef611e97fce253c8cf5ba3c7a9f1ba0e8612cb13ca15c7ece4368dda5c133d65d20e5d7074dcbf8f7a6ac12e0fd3c65e0f2b596ccc616cfec0614ed9e64f46b25ae219147084f82000ed01a7977ec3bd125c922317a0a51d451715239a9208b522888ddc2b24ebe0b11768d3af61bdd98578f68dba78ca378d63bee7ac1fdfa54709b9c8253154465111550d895c8ddad2182d73f2b8d527f5482237d162f77b0dc8388ba14ab0fcd0f1ebb78663e7e00e737ffd7251b5e97de255056478677f0203010001a3633061301f0603551d23041830168014cdd790a16ea3bfdb30d6da3225900ce6391e8065300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414cdd790a16ea3bfdb30d6da3225900ce6391e8065300d06092a864886f70d010105050003820201007e1688e8130e36cc6e2a850738c656897ae34721664c5008315a51d0fca65e1475de4c3becf1edcc7e11074a61eeeab38e3aa433c6ed8a42664ff13c7bc9a5054199b1ec2c5beedc96d288534b7834b96ee6bb0fc57aa67c0e18df6f0f744cd1a9f1a1e9d85464cc5e9678a2561ac173b215c65705dfdaf748248a8e7f6aa9f94de93e6ace602c7d2d9008f6638f15d02d9c8cfff1fdfc0c16505614fbba9786eeb4490354ee1b597f303a02828621aefef015f2df4e83e699c5ba35f720908c38ed75cfe12ef70430fb51ad8e822440ca7d295dd5d9f76564fcaa9f74b87d925dd28429e013ea8af7d0abc4aeef15c5c289f27bb63b499861f34e7291378c4992e9c8ec2aa0f7496e7c0d24c66b6cf2382fca7005e57fdfc62b2b8080d5da6fcb40bbd81bf024c910c844027e2ed398aaa20df12bd0dafa8e1cff54e8e14a6edda8d678b537a5ac64d51423c70ea5ebe10938d7c07c60a55d988f8c02d5dc56a8f34d58a90bd47c64740132f2df0f4a8aa902a2a21d8477c2f1cc97bd3419745de2743e7527f7afbfee7c0e6d5488a656e226ad31123c1e41796d17ea135e1ff55c9f4959a3b22fa342c3faa87ebfa59f48c96062620adfbd45dee342b55196fdc4f51a99b852a244cd2d618c158f81d55da2d4903d8c6e4061c3595dd8d9e1f674472279747ddacaa36f371536f02c1a713c1176df5d1a3e5463786b657e1f C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\293621028B20ED02F566C532D1D6ED909F45002F C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1B2364FD4D4F52E89B2D0FAF33E4D62BD969921\Blob = 030000000100000014000000b1b2364fd4d4f52e89b2d0faf33e4d62bd969921090000000100000048000000304606082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b0601050507030606082b060105050703070b000000010000003a00000053006f0075007400680020004100660072006900630061006e00200050006f007300740020004f0066006600690063006500200043004100000020000000010000003d0600003082063930820421a003020102020102300d06092a864886f70d01010505003081ce310b3009060355040613025a41311530130603550408130c5765737465726e2043617065311630140603550407130d536f6d65727365742057657374312a3028060355040a1321536f757468204166726963616e20506f7374204f6666696365204c696d69746564311a3018060355040b13115341504f2054727573742043656e747265311d301b060355040313145341504f20436c617373203320526f6f742043413129302706092a864886f70d010901161a706b6961646d696e40747275737463656e7472652e636f2e7a61301e170d3130303931353030303030305a170d3330303931343030303030305a3081ce310b3009060355040613025a41311530130603550408130c5765737465726e2043617065311630140603550407130d536f6d65727365742057657374312a3028060355040a1321536f757468204166726963616e20506f7374204f6666696365204c696d69746564311a3018060355040b13115341504f2054727573742043656e747265311d301b060355040313145341504f20436c617373203320526f6f742043413129302706092a864886f70d010901161a706b6961646d696e40747275737463656e7472652e636f2e7a6130820222300d06092a864886f70d01010105000382020f003082020a0282020100ca781a07bcf6fbb4b789bcd01956382a599d07ea1af9f8f868675e8fefcaf7f56a89e6a3957fa9db29241c35d038966c3e5624ff5e6251902e87e89cc7dabc33f19ea16f0b8e0a24f4f84d90a6b2cd5e11d3c2974cf55f401d26244d8d09100bffbb201b9326190c433fe98ebc3137106e91ca48825646c7bcb93a9e468166cfd9e85c10cf399e65c39ec55af44bcc44996686f4721ba35349eaae47cd320d70e6a0a076079dff58efe43c91c0b5e4dcb8010cd3feb342a03b6102d4375bd74c4595d2755df56e305f57518bb2ff7ec88b9caaa341370c1091a8a6855cb9c78f0551b2d078d2e24b49e9d41aa73bacaa33e69a2a0340986f7452133194d112c1b4cb30f9ff44b8925b52d630d933d175e319a51615b75457f15650ce4ebe033b2fecb630ee14605e5f7a35f44e640711eaa507661b6e93e2b04f5ed6e044e0b3dcaeefb8fda8b3ecece5398844b4a1bb1460648fd69293cbf3cc50dde907c86767f9f0878491b20062e9bf4a1574c5bf044c05465d0acbe5ea6100e16f41b1348ea600a27ca6a5a6fa6c4c43e5a8269a34981e8798e74c78d18f9f05555d8a4bc9cfa00b7d06909c1892b2c4b2d7e345d96b73c39739bf291e06095540babcda487543edfe447e3d2ce6629103fd3d89ef7ef45d248fa50b2bb33e7a2928bcbb3fbfeb778504268b94b290f5eb8d4fa2442250a89c2a4448007819ab9d0896150203010001a320301e300e0603551d0f0101ff040403020106300c0603551d13040530030101ff300d06092a864886f70d0101050500038202010045c99ea4602589fe9799b8c2f1aed735133679d0dd822251f14cf66336a10d5b20f21b85d6768f790fababa2c837b82963ece59eb67896a6ff8a109e146e1a6ddf5e9bb92c857209f2371a9b79b328efe596dd469b878c8df8418c14e1ad455fcba7240cc137ba2c02c4ab8c353809e990f16672a5914279090a144e9a749645a12f20a497742acb01b3cb562ade2c585f176762be2bba11132d10404561f0c3c5ef8f19d03ac2650ad968e89c062037ba9f4b16396078e0756255c0d9cb372109109039cf5c99ecdfacd65a474123abb8a721079214ac8cda8a2416eb148848bcef81ce8e16df3dd25a6f9fc041712589062ce6bc4feda491f3c6ed54ddd9930322aa8407a873dba75a894df6ed7280eb837844a922246898b13fa941f2ece904a422335fe675dcbd9e25f5e364651ec1f357272ec9c0327844dbd8381376e11d7fe017879a7f4d4b076eb8573885b9e9534e973a0d1f53b981724546f3c87ea609ee1834757e87e7e820eedc16d4e6c784aada6f5f9ccceb580641938ce5cc590c6865393c291661f169fb47b9c2d86781240bf4fc496200af07a3ff9ea00ec3018b2167d63b1b3ce0a1b76ddc554be3d02e9dd69eca6ebab3baf0607e7f0550e341f1be403a9057e02d696c0bc1bc7ac18efb09deea957f399bc3639f49f578af7e4982ac9f6e8c121a50b6c0e3dc8482d8ebd2bb0e5d368602492b053b57 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F99AA93FB2BD13726A1994ACE7FF005F2935D1E\Blob = 0300000001000000140000004f99aa93fb2bd13726a1994ace7ff005f2935d1e090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b000000010000007e0000004300680069006e006100200049006e007400650072006e006500740020004e006500740077006f0072006b00200049006e0066006f0072006d006100740069006f006e002000430065006e007400650072002000450056002000430065007200740069006600690063006100740065007300200052006f006f007400000053000000010000002400000030223020060a2b0601040181e90c010a30123010060a2b0601040182373c0101030200c02000000001000000fb030000308203f7308202dfa0030201020204489f0001300d06092a864886f70d010105050030818a310b300906035504061302434e31323030060355040a0c294368696e6120496e7465726e6574204e6574776f726b20496e666f726d6174696f6e2043656e7465723147304506035504030c3e4368696e6120496e7465726e6574204e6574776f726b20496e666f726d6174696f6e2043656e7465722045562043657274696669636174657320526f6f74301e170d3130303833313037313132355a170d3330303833313037313132355a30818a310b300906035504061302434e31323030060355040a0c294368696e6120496e7465726e6574204e6574776f726b20496e666f726d6174696f6e2043656e7465723147304506035504030c3e4368696e6120496e7465726e6574204e6574776f726b20496e666f726d6174696f6e2043656e7465722045562043657274696669636174657320526f6f7430820122300d06092a864886f70d01010105000382010f003082010a02820101009b7e73eebd3b78aa644341f550df94f22eb28d4a8e4654d22112c839324206e983d59f52ede567033b54c18c9999cce9c00fff0dd98411b2b8d1cb5bdc1ef9683164e19bfa74eb68b92095f7c60f8d47ac5a06dd61abe2ecd89f172d9cca3c35975571cd4385b14716f52c538076cfd30064bd4099ddccd8dbc49fd6135f41838bf90d879256346c1a100b17d55a1c9758843c841a2e5c91346e195f7f1769c565ef6b21c6d5503abf61b9058def6f343ab26f1463bf163b9ba92afdb72b386606c52ce2aa671e45a78d046642f68f2bef8820698f328c1473da2b869163229af2a7dbce898bab5dc714c15b306a1fb1b79e2e810102edcf965e63dba8e638b70203010001a3633061301f0603551d230418301680147c724b39c7c0db62a54f9baa183492a2ca838259300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c724b39c7c0db62a54f9baa183492a2ca838259300d06092a864886f70d010105050003820101002ac3c743378fddada4b20ceedc146d8f28a49849cb0c80eaf3ed2366757dc5d3216779d173c5b503b758ac0c542fc656130f31da06e7653b1d6f36dbc81df9fd8006caa33d6616a89d4c167dc09546b551e4e21fd7ea064d638d968cefe73357423aeb8cc179c84d767ddef6b1b781e0a0f9a17846171a5698f04e3dab1cedec39dc0748f763fe06aec2a45c6a5b3288c5c73385ac664247c2582499e1e53ee5752c8e43d65d3c781ea895822950d1d116baefc1be7ad9b4d8cc1e4c46e177b131abbd2ac8ce8f6ea15d7f037534e4ad8945545ebeae28a5bb3f7879eb73b30a0dfdbec9f756acf6b7ed2f9b2129c738b695c404f2c32dfd142a9099b907cc9f C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\11C5B5F75552B011669C2E9717DE6D9BFF5FA810\Blob = 03000000010000001400000011c5b5f75552b011669c2e9717de6d9bff5fa810090000000100000048000000304606082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030706082b0601050507030806082b060105050703090b000000010000003000000041004e004300450052005400200043006500720074006900660069006300610064006f0073002000430047004e00000020000000010000002e0500003082052a30820412a003020102020f4474ecc86c721e58ddb82c7ef4fc95300d06092a864886f70d0101050500307c310b3009060355040613024553314b3049060355040a13424167656e636961204e6f74617269616c2064652043657274696669636163696f6e20532e4c2e20556e69706572736f6e616c202d20434946204238333339353938383120301e06035504031317414e4345525420436572746966696361646f732043474e301e170d3034303231313137323731325a170d3234303231313137323731325a307c310b3009060355040613024553314b3049060355040a13424167656e636961204e6f74617269616c2064652043657274696669636163696f6e20532e4c2e20556e69706572736f6e616c202d20434946204238333339353938383120301e06035504031317414e4345525420436572746966696361646f732043474e30820122300d06092a864886f70d01010105000382010f003082010a028201010090753f3f0caccad47cc448a718bb3abba1bbd57bdf8b19e48244fb65ecb612613e692219623524b6d51006a9456a242af5278c783cc8b9f3056cc50203d24e8064ec86ab7894220200b5689bd4e5555fe0c88030e70bbf6bd7048e4e7998704c1c26b9b3a8eaf011a2b98a530226751289e1fb884e597a00d182d816aee5b6bc9525604077251b9eef8de4fdf04f333125bfee7a0a54f0903867127ba560da0c01899a76872ef51b437be5e7264afb1562ab451b7bd50aa54d6c4dab9f284884e18375b818705553dbd0df2990af39c61795c194c55ed9655f5dff6e169598219f5e4df0cd31392103170d911fa1559941ec55c9bb3d995c9bc57fd11c5eea530203010001a38201a7308201a3300f0603551d130101ff040530030101ff308201200603551d2004820117308201133082010f06092b060104018193680430820100302506082b060105050702011619687474703a2f2f7777772e616e636572742e636f6d2f6370733081d606082b060105050702023081c9300d1606414e4345525430030201011a81b74167656e636961204e6f74617269616c2064652043657274696669636163696f6e2e204c61206465636c61726163696f6e2064652070726163746963617320646520636572746966696163696f6e20717565207269676520656c2066756e63696f6e616d69656e746f206465206c612070726573656e7465206175746f726964616420736520656e6375656e74726120646973706f6e69626c6520656e20687474703a2f2f7777772e616e636572742e636f6d2f637073300e0603551d0f0101ff040403020186301c0603551d11041530138111616e6365727440616e636572742e636f6d301f0603551d23041830168014ec579fc876226fcc3aae5bf02da16258d18d02cc301d0603551d0e04160414ec579fc876226fcc3aae5bf02da16258d18d02cc300d06092a864886f70d010105050003820101008b3ddfdc362c7f279cfcb55853710a125d10645171b54a56f45e44671eef1db2f1a4513c676c2c65967aa112a3af0b08370e99d66e28870b62ab4e784e72819bdf114f8960c851a61b060971737c37b71c38379af987e1efa1ee7fd7c0ea3914fa7c6f0bf986cae6c57769a09f8d29a3776ec5ccdaf6dd067ad369663e603be332dfaef01b9e2a9dcc84df1a1047eda556964237b52d720d411293ba328844c8ae09c4bd80edfd600f72b2b664f66320327077872e332e9f35c85fa89256b7ff243a2c5df226056819f25167cfdf5209e982047a6b82a77fe5d2a9746b1826c8bad4d51ea54b3b26c19d22e1fb12bdd56246d5d75dd2ddc3fc610d30054f058b C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0747220199CE74B97CB03D79B264A2C855E933FF\Blob = 0300000001000000140000000747220199ce74b97cb03d79b264a2c855e933ff090000000100000016000000301406082b0601050507030206082b060105050703040b000000010000002200000053006f006e00650072006100200043006c00610073007300310020004300410000002000000001000000240300003082032030820208a003020102020124300d06092a864886f70d01010505003039310b3009060355040613024649310f300d060355040a1306536f6e6572613119301706035504031310536f6e65726120436c61737331204341301e170d3031303430363130343931335a170d3231303430363130343931335a3039310b3009060355040613024649310f300d060355040a1306536f6e6572613119301706035504031310536f6e65726120436c6173733120434130820122300d06092a864886f70d01010105000382010f003082010a0282010100b5891f2b4f670a79ffc51ef87f3cedd17edab0cd6d2f36ac34c6dbd9641708633033228a4cee8ebb0f0d4255c99d2ea5eff7a78cc3abb997cb8eef3f1567a8827263530f418c7d109524a15aa506fa92579dfaa501f275e91fbc5626524e78196558550358c014ae8c7c555f705b7723063697f324b59a4695e4df0d0b0545e5d1f21d82bbc613e0feaa7afd693094f3d24585fcf2325b32dee86c5d1fcba42274b0808e5d94f706004ba9d45e2e355009f38097f40c17ae39d85fcd33c11cca89c222f74512ed5e12939d63ab822eb9eb424144cb4a1a00820d9ef98b573e4cc717ed2c8b72335f727a3856d5e6d9ae051a1d7545b1cba5251c125736fd22370203010001a3333031300f0603551d130101ff040530030101ff30110603551d0e040a040847e20c8bf6538852300b0603551d0f040403020106300d06092a864886f70d010105050003820101008b1ab2c95d61b4e1b92bb953d1b2859d778e16ee113ddbc263d95b9765fb1267d82a5cb6abe55ec3b7162fc8e8ab1d8afdab1a7cd55f63cfdcb0dd77b9a8e6d22238870714d9ffbe56b5fd070e3c55ca16cca7a67737fbdb5c1f4e590687a30343f516abb784bd4eef9f3137f046f140b6d10ca564f8635e21db554e4f31769c10618eb6533aa311beaf6d7c1ebdae2de20c69c7855368a261bac53eb47954789e0ac702be62d111824b652f915ac2a887b156689479f925f7c1d5ae1ab8bb3d8fa98a3815f773d05a60d180b0f0dcd550cd4eee924869edb2231e30ccc894c8b6f53b867f3fa62e9ff63e2cb592963edf2c938aff818c0f0f59211957bd559a C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\027268293E5F5D17AAA4B3C3E6361E1F92575EAA\Blob = 0b000000010000001c0000004b00490053004100200052006f006f0074004300410020003100000009000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b06010505070309030000000100000014000000027268293e5f5d17aaa4b3c3e6361e1f92575eaa200000000100000077030000308203733082025ba003020102020104300d06092a864886f70d01010505003064310b3009060355040613024b52310d300b060355040a0c044b495341312e302c060355040b0c254b6f7265612043657274696669636174696f6e20417574686f726974792043656e7472616c3116301406035504030c0d4b49534120526f6f7443412031301e170d3035303832343038303534365a170d3235303832343038303534365a3064310b3009060355040613024b52310d300b060355040a0c044b495341312e302c060355040b0c254b6f7265612043657274696669636174696f6e20417574686f726974792043656e7472616c3116301406035504030c0d4b49534120526f6f744341203130820120300d06092a864886f70d01010105000382010d00308201080282010100bc04e4fa1339f03496206b6c68bbfadb77ff27f7acec2fe7fdf07f6d6f8c2acd25095b24f4a168fc28ecc925e2aceddec83384f5b0a5093aa7b14748c5cc4f8c799cf906577dddee38f6cf14b29cead3c05d7762f0470db91a40535c6470af085ac0f7cf75f96c8d64281e20feb71b19d35a668372e2b09bbdd325150d326f6437948546c872be77d56e1f282fc769ede783893358d3dea0bf40e84350eedc4d6bbca5eaa6c8618ef5c364af0615dc298b3f758cbc7144dbfcadb5171d6d8983cfc633bdbf45a2fe0a9fa3115f0fb91f9c1ac246cc9c28669f70263c2edfaa80fe8cc50409254fcd93473c37ea026792fefc22245cacd22ce05c01338ac119db020103a3323030301d0603551d0e04160414bfb627d8035a76654c6101415631e58b7b3ad9cc300f0603551d130101ff040530030101ff300d06092a864886f70d0101050500038201010013af510bde8a6a5be69a0ac8b1904a4ea1029dcc88d2ab66bd3decbbb142956ab25c5affa1636496a968157f255e8af8a473c1808a850a0e52e832e745f84e658091997443e5459d492af09495dde9e130d2136ec94eb177e504cfad5a1e94095ad73c081cae7ae91432c145add2264872aca841daf02187395edffc64ff61742a9cd99b8b5fc23793d8a3372f3b936bb21b07a77f0950efd33abe216b8a903b274a514e6b9e9c879df8789031ed1127c6a859befc180bfb8e7e2e42e1ede70921bdb913c55667f426a64243904454b4719b76e41a12ac1a2800df9bc1d5f8db5ca3f892b1bdb4d4f950d900024fdb83d0114fa44256613a7e1332d3841fc9ba C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8EFDCABC93E61E925D4D1DED181A4320A467A139\Blob = 0b00000001000000520000004100750074006f00720069006400610064006500200043006500720074006900660069006300610064006f007200610020005200610069007a002000420072006100730069006c0065006900720061000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080300000001000000140000008efdcabc93e61e925d4d1ded181a4320a467a1392000000001000000bc040000308204b8308203a0a003020102020104300d06092a864886f70d01010505003081b4310b300906035504061302425231133011060355040a130a4943502d42726173696c313d303b060355040b1334496e7374697475746f204e6163696f6e616c206465205465636e6f6c6f67696120646120496e666f726d6163616f202d204954493111300f0603550407130842726173696c6961310b30090603550408130244463131302f060355040313284175746f72696461646520436572746966696361646f7261205261697a2042726173696c65697261301e170d3031313133303132353830305a170d3131313133303233353930305a3081b4310b300906035504061302425231133011060355040a130a4943502d42726173696c313d303b060355040b1334496e7374697475746f204e6163696f6e616c206465205465636e6f6c6f67696120646120496e666f726d6163616f202d204954493111300f0603550407130842726173696c6961310b30090603550408130244463131302f060355040313284175746f72696461646520436572746966696361646f7261205261697a2042726173696c6569726130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0f32e7705ff86f9be521d9bfe54007075408ac6a668b916764c0ff7f4bfb4e288811acbe8ecbe6481a539475deae62d93d31aff7a54a6071f3408f4bd89b982cca3428f5e9ac73ec7a9b8556c24f62a8c65208ae4442402afd4b789fb2ae2c4d7e81d7edc1d220c5f52c3ede02c8dad8e74415e7b28cd944fcc79aeb9b3123afb4c8086a52500976815a9eeb16a28be6e6611d50ae659a052006e7d2eb92b8eb62d6d18456e85037b50cafba4fcb392fa93c73ca24a5b1e96bdbde333b43542f6c3c9eb43165e1e9a9d52a8d5470b71b511c8478dbd99de551280014ea8bb07630efc25b1a2b27452b079dd13a10e3b6e650a81c9bec15dde4d1937e943a74f0203010001a381d23081cf304e0603551d200447304530430605604c010100303a303806082b06010505070201162c687474703a2f2f61637261697a2e69637062726173696c2e676f762e62722f44504361637261697a2e706466303d0603551d1f043630343032a030a02e862c687474703a2f2f61637261697a2e69637062726173696c2e676f762e62722f4c435261637261697a2e63726c301d0603551d0e041604148afaf157841113359042fa574954690da4c4f037300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106300d06092a864886f70d010105050003820101001903973553f860221e8e7202c07e2260156a6f983656aa5577d3f6c71698fc881a1b2529b9b83a6ded38ab621d54c5eddf41a1a562325efbdcddfa2ccf45b06a5cf550037e045dcc24e2aa56b9fd611eb8967ddaf1f0072a4aaafa0ae405c12afbe45a2c4b39700c00daef4993ef06630264219d9c76c49eb07d6953f5541f4bffc961e21cec5b9ed8934b774d1439230c6a22bfb7bf5e9ca347100d9fba91f7bc48a07f9121e1b54037956886b4e6e8c639df1ed741966bd4c13b6b9e651449d2793d2e9a53808d1da601bbd23395f9a1264dae67ad773c938f67e508cf020bb30b69bd2491d9e04489540461c5d7f4b99e63db2bef40e3ab1ddf7a2a2bc9fc C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 53000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c00b000000010000001200000056006500720069005300690067006e00000009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742CDF1594049CBF17A2046CC639BB3888E02E33\Blob = 0b000000010000004e0000004300650072007400690070006f0073007400200045002d005400720075007300740020005000720069006d0061007200790020005100750061006c00690066006900650064002000430041000000090000000100000040000000303e06082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a030c030000000100000014000000742cdf1594049cbf17a2046cc639bb3888e02e332000000001000000e2030000308203de308202c6a003020102020b040000000001055264c425300d06092a864886f70d0101050500305c310b3009060355040613024245311c301a060355040a13134365727469706f737420732e612e2f6e2e762e312f302d060355040313264365727469706f737420452d5472757374205072696d617279205175616c6966696564204341301e170d3035303732363130303030305a170d3230303732363130303030305a305c310b3009060355040613024245311c301a060355040a13134365727469706f737420732e612e2f6e2e762e312f302d060355040313264365727469706f737420452d5472757374205072696d617279205175616c696669656420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ae20d278db9aa0729c0452252c6d52d8d7278933a0e1b2d5fb30756b2d7f1c678e0ee71f12df177918bbb41b6ff83d751b9e6737f0f1fa0f75ed869d0304a128702d3cb26ba07351e335a974a5083e948527362aaa7264fc77ee76941c72ebbf32c777036a25820905af5f603c7fac1bbc92e83c7459cef17c542d38ae96f0ac6fa1330c215a01ba23205ba08602d553dc491fa832b3af3b463bb6ef9f39b3380be77a8af628f9a76f5029c879588b49d2a5d8857e56f1691578441135d7a5543eab6625d2dbe318f12e2be27123093764434274329677de97a2e996869c254409d4019d517e33b70944e580970d645b771897a54ba99e109d87fa56a7cf0a7d0203010001a381a030819d300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414f078f9077710bbdc1ea1ae79fb3010dbc634f81730480603551d200441303f303d060903900e0701000102003030302e06082b060105050702011622687474703a2f2f7777772e652d74727573742e62652f4350532f514e636572747320301106096086480186f8420101040403020007300d06092a864886f70d010105050003820101006ce1d85f7458e97049d6ca0d2c58daca64b6514fc3066401e98a731d9ecf4678bf3b8586e23d4a18942a81776f82f86ff4ee22fc9d18217260bb18808295fbf9f795248166c1b5c3b5d2b6768b3b815cb8a10e2b01148b800940eef8604c19e417cd2701b3631205a408c9b4bf9e504eb5de0f92336675d03de7237cea25717cfe3e2e3679a1e529502335059578bb9f7964dc5748272ce25c33cdc2bb7e6877a72fa3491772e100846b7d7aaf390b2cd5d85764326c840a6a763ad3accd9db1e737dcec0c2fc55760df88f543b1016426b4278210b2a350ef97e67fbf9187b3db90a92ae27a346c7349f4e88d2e6b8adda18a7f63d0bf581eafcc3f92502dd1 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1CBCA5DB2D52A7F693B674DE5F05A1D0C957DF0 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CEA9890D85D80753A626286CDAD78CB566D70CF2 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0483ED3399AC3608058722EDBC5E4600E3BEF9D7 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\9FAD91A6CE6AC6C50047C44EC9D4A50D92D84979 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0446C8BB9A6983C95C8A2E5464687C1115AAB74A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1B4B396126276B6491A2686DD70243212D1F1D96\Blob = 0300000001000000140000001b4b396126276b6491a2686dd70243212d1f1d96090000000100000074000000307206082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030606082b0601050507030706082b0601050508020206082b06010505070308060a2b0601040182370a0304060a2b0601040182370a030c06082b060105050703090b000000010000000e0000004b0061006d00750053004d00000020000000010000001b05000030820517308203ffa003020102020111300d06092a864886f70d01010505003082012b310b30090603550406130254523118301606035504070c0f4765627a65202d204b6f6361656c6931473045060355040a0c3e54c3bc726b6979652042696c696d73656c2076652054656b6e6f6c6f6a696b20417261c59f74c4b1726d61204b7572756d75202d2054c39c42c4b054414b31483046060355040b0c3f556c7573616c20456c656b74726f6e696b207665204b726970746f6c6f6a6920417261c59f74c4b1726d6120456e73746974c3bc73c3bc202d2055454b414531233021060355040b0c1a4b616d7520536572746966696b6173796f6e204d65726b657a69314a304806035504030c4154c39c42c4b054414b2055454b4145204bc3b66b20536572746966696b612048697a6d6574205361c49f6c6179c4b163c4b173c4b1202d2053c3bc72c3bc6d2033301e170d3037303832343131333730375a170d3137303832313131333730375a3082012b310b30090603550406130254523118301606035504070c0f4765627a65202d204b6f6361656c6931473045060355040a0c3e54c3bc726b6979652042696c696d73656c2076652054656b6e6f6c6f6a696b20417261c59f74c4b1726d61204b7572756d75202d2054c39c42c4b054414b31483046060355040b0c3f556c7573616c20456c656b74726f6e696b207665204b726970746f6c6f6a6920417261c59f74c4b1726d6120456e73746974c3bc73c3bc202d2055454b414531233021060355040b0c1a4b616d7520536572746966696b6173796f6e204d65726b657a69314a304806035504030c4154c39c42c4b054414b2055454b4145204bc3b66b20536572746966696b612048697a6d6574205361c49f6c6179c4b163c4b173c4b1202d2053c3bc72c3bc6d203330820122300d06092a864886f70d01010105000382010f003082010a02820101008a6d4bff10883ac3f67e94e8ea206470ae2181be3a7b3cdbf11d527f59faf3224c95a090bc484e11abfbb7b58d7a83288c2646d84e954087619fc59e6d8187576c8a3bb466eacc40fce3aa6cb2cb01db32bfd2eb85cfa10d55c35b385770b875c679d11430ed1b585b6bef35f2a1214ec5ce7c995f6cb9b8229350a7cd4c706abe6a057f139c2b1eeafe47ce04a56fac932e7c2b9f9e791391e8ea9eca38758e62b095932ae5dfe95e976e205f5f847a443919401cba552bfb30b281ef84e3dcec983839038508a954030529f0c98f8bea0b86651911d3e90923de689303c9361c216ece8c66f19930d8d7b3c31df8812ea8bd820b66fe82cbe1e01a82c340810203010001a3423040301d0603551d0e04160414bd8887c98ff6a40a0baaebc5fe91239dab4a8a32300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d010105050003820101001d7cfa498f34e9b72692169a0574e74bd06d396cc326f6ceb831bcc4dfbc2af8379118dc04c864992b186d800359c9aef858d03eedc3239f693c86381c9eefda2778d18437718a3c4b39cf7e4506d62dd88a4d7812d6adc2d3cbd2d041f326364a9b956c0ceee5d1432766c188f77ab3206ceab0692bc720e80c03c4410599e23fe46bf8a08681c784c61fd54b8112b216212c13a180b25e0c4a139e20d86240ab90ea644a2fac0d01127945a82f871968c8e285c730b275f9383fb2c093b46be20344ce67a0df89d6ad8c76a313c394612b6bd96cc1070a2207856c852446a9be3f8b7884827e240c9dfd8137e325a8ed364e952cc99c90daeca9423cadb602 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0048F8D37B153F6EA2798C323EF4F318A5624A9E C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1B4B396126276B6491A2686DD70243212D1F1D96 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5F3B8CF2F810B37D78B4CEEC1919C37334B9C774\Blob = 0300000001000000140000005f3b8cf2f810b37d78b4ceec1919c37334b9c774090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080b00000001000000380000005300450043004f004d002000540072007500730074002000530079007300740065006d007300200043006f0020004c00740064002e00000053000000010000002400000030223020060a2a83088c9b1b6485510130123010060a2b0601040182373c0101030200c020000000010000007b030000308203773082025fa003020102020100300d06092a864886f70d01010b0500305d310b3009060355040613024a5031253023060355040a131c5345434f4d2054727573742053797374656d7320434f2e2c4c54442e31273025060355040b131e536563757269747920436f6d6d756e69636174696f6e20526f6f74434132301e170d3039303532393035303033395a170d3239303532393035303033395a305d310b3009060355040613024a5031253023060355040a131c5345434f4d2054727573742053797374656d7320434f2e2c4c54442e31273025060355040b131e536563757269747920436f6d6d756e69636174696f6e20526f6f7443413230820122300d06092a864886f70d01010105000382010f003082010a0282010100d0153952b152b3bac55982c45d52ae3a4365804bc7f296bcdb3697d6a6648ca85ef0e30a1cf7df973d4baef65dec21b541abcdb97e769fbef93e3634a03bc1f631114574933d5780c5f98999cae5ab6ad4b5da419010c1d6d64289c2bff43812954c5405f736e445837b1465d6dc0c4dd1de7e0cab3bc415be3a56a65a6f766952a97ab9c8eb6a9a5d52d02d0a6b3516091084d06aca3a06003747e47e574f3f8beb67b888aac5be5355b291c47db9b0851906782edb611afa85f54a91a1e716d58ea239df94b8701f283f8bfc405e63833c832a1a996bcfde596a3bfc6f16d71ffd4a10eb4e82163aac270c53f1add524b06b0350c12d3c16dd4434271a75fb0203010001a3423040301d0603551d0e041604140a85a9776505987c4081f80f972c38f10aec3ccf300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003820101004c3aa344acb945b1c7937ec80b0a42df64ea1cee596c08ba895f6aca4a959e7a8f07c5da457282710e3ad2cc6fa7b4a123bbf6249fcb17fe8ca6cec2d2dbcc8dfc71fc0329c16c5d335f64b6653b896f187678f5dca2481f193f8e93ebf1fa17eecd4ee3041255d6e5e4ddfb3e057ce21d5ec6a7bc974f683af5e92e0a43b6af575c62687cb7fda38a84a0ac62be2b098734f06a01bb9b29563cfe0037cf236cf14eaab67446126c91ee34d5ec9a91e744be903172d54902f602e5f41feb7cd99655a9ffec8af99947ff355a02aa04cb8a5b87712991bda4b47a0dbd9af55723000721173f4a39d105490ba7b63781a55d8caa335e81287ca77d27eb00ae8d37 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DBAC3C7AA4254DA1AA5CAAD68468CB88EEDDEEA8\Blob = 0b000000010000002800000047005400450020004300790062006500720054007200750073007400200052006f006f0074000000090000000100000020000000301e06082b0601050507030406082b0601050507030206082b06010505070301030000000100000014000000dbac3c7aa4254da1aa5caad68468cb88eeddeea82000000001000000500200003082024c308201b5020200fd300d06092a864886f70d0101040500306e310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e311c301a06035504031313475445204379626572547275737420526f6f74301e170d3938303430333134353230315a170d3034303430333233353930305a306e310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e311c301a06035504031313475445204379626572547275737420526f6f7430819f300d06092a864886f70d010101050003818d0030818902818100ba8ebd759012fae57974b2d9f726d40e411de936075672d5b869da54d4b1d6786daae33b3da3843725c7afaf04dcb322b1e96dbe826deb8d2fbdb4ae701ea2d66e203151e6565c7352b223504ebcfb9a6740c4861146c74322baea004f6c72cd619cdecbfaee30d2e6fa5b9dc599dc20f839bf648c07563bbddc6c5ef6bfe1d90203010001300d06092a864886f70d010104050003818100965f1d3cc67595b66baf8700cda5412b8bbfd08d315b3965d3f1d18f581e5222c33d86f2c29af6dd485e71c3451c7c4ca259eea151963df7d534243aaafd822665c54c420f0c8f69607ce7d6d51a4b79faee5ab54ca6cca36b46d6d1c83254a03067d25d861191bcc3ba2a9cd578511ad45ddd769122456b31593ef985594ecb C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B3EAC44776C9C81CEAF29D95B6CCA0081B67EC9D C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D8C5388AB7301B1B6ED47AE645253A6F9F1A2761 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5A4D0E8B5FDCFDF64E7299A36C060DB222CA78E4 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\89DF74FE5CF40F4A80F9E3377D54DA91E101318E C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2AC8D58B57CEBF2F49AFF2FC768F511462907A41 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a09000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c02000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AB48F333DB04ABB9C072DA5B0CC1D057F0369B46 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3000 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a.exe C:\Users\Admin\AppData\Local\Temp\KB931125.exe
PID 3000 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a.exe C:\Users\Admin\AppData\Local\Temp\KB931125.exe
PID 3000 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a.exe C:\Users\Admin\AppData\Local\Temp\KB931125.exe
PID 3000 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a.exe C:\Users\Admin\AppData\Local\Temp\KB931125.exe
PID 3000 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a.exe C:\Users\Admin\AppData\Local\Temp\KB931125.exe
PID 3000 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a.exe C:\Users\Admin\AppData\Local\Temp\KB931125.exe
PID 3000 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a.exe C:\Users\Admin\AppData\Local\Temp\KB931125.exe
PID 2620 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 584 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 584 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 584 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 584 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 584 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 584 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2620 wrote to memory of 584 N/A C:\Users\Admin\AppData\Local\Temp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a.exe

"C:\Users\Admin\AppData\Local\Temp\2df908df3695285c6d835ac914fcbcaaa9f7b53dc2ef60971ef3301b0b2c2e1a.exe"

C:\Users\Admin\AppData\Local\Temp\KB931125.exe

"C:\Users\Admin\AppData\Local\Temp\KB931125.exe" /Q

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe authroots.sst

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe updroots.sst

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -l roots.sst

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -d delroots.sst

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.ludashi.com udp
CN 114.115.218.83:80 api.ludashi.com tcp
US 8.8.8.8:53 s.ludashi.com udp
CN 47.117.76.6:80 s.ludashi.com tcp

Files

memory/3000-1-0x0000000077B60000-0x0000000077B70000-memory.dmp

memory/3000-0-0x0000000077B60000-0x0000000077B70000-memory.dmp

\Users\Admin\AppData\Local\Temp\NetBridge.dll

MD5 8786d469338c30e0ba9fedfc62bd5197
SHA1 5fb12028ceae9772f938e1b98b699f0e02e32718
SHA256 beeaf8b72f7008e9adabacfcd85e32a50747a0dfb5c86802aeb973bd1f5c3d2f
SHA512 5db1e5b78e62cda81a63e8e712e720f87a7c7a539237a55a9098c076f9fb4e0b5adb83383c23657b4ccc90c117e55e3946a399cdf3d15cb94444b203d9d6c45c

\Users\Admin\AppData\Local\Temp\KB931125.exe

MD5 4a4d72d34f9da1fc5019e0748fcde2f5
SHA1 f54752ec63369522f37e545325519ee434cdf439
SHA256 83b660f3f3eaddd4b388ed3f806f7444f03429fb63fc1f8db3d86294914a05ca
SHA512 95986ffbf51483a0d1a256028847c7ee6ac73ffd62f6d838309a69e1833f719a7cfed5422815f4d4a49dbd599c449f8db8f60273136720cb1da5f8b0eb24cb33

\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

MD5 a64e4b204d44548eeb5c3d86eca2ad70
SHA1 e3245bf6dbb2e56d71a9cbad2697aa4fa0df6bbe
SHA256 985a5603ebf94539ac11549999f83b5e6dc008180994898c5daa6fd31ae1e9dc
SHA512 dca4099318954bab5f1204645be0d0e8fea0c2e97ee95496fa884fbed627e376358623fa94c39bf0abe97d07d46a7e6c5e1081496cdd1987e07e595995a46cd5

\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

MD5 9c18ae971cbffb096952177f6804ea31
SHA1 bb255dd1bd9bb39cdbb8671af66054432c686828
SHA256 2703c25453b09c40ee81fdc458b8cc24712e387a12d15ff94e12b02921fe98cb
SHA512 21086509bb4ea5afede55d034955de0bdf8b366d5d8d4bfa7a6c68b0f35fbf217ff3e932f87fc1d37f09022805e79ceeecbaf3dbccbd96d7c93029ffe7370e4c

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\authroots.sst

MD5 bb49ccc10926cdb601eba81afef749a2
SHA1 a4766c9aea8d211e9632148fd4b625cece195be9
SHA256 f013ee3b7fede9a95844e83e83ee298d38cba6efce5a5cafcd8b95255c32f86c
SHA512 94c2809727039d1ed07a3742a4b2f9300e865ea7c49bc1fcf547a30238eeecc88d8dd06a2d4f3112317f948908b9af082b50f412a41a2bcb48d5e30d6d8ecbba

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.sst

MD5 2d9b4498c847715418160bfd7e7c8a2d
SHA1 e0873091d476d2566aa6fc988cb364247c95dc97
SHA256 c49c05b701c390c679e5e3226ec621f22a08155b1065fcfc37b509f648f03b41
SHA512 dcf3208cdd1e4353f82823f796d735c1209f149f183eea827a90753ec55509a1c460a16c120e07c12a5eacf0e67d2661c25638491ecf4403e25d6508983e519b

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\roots.sst

MD5 9e5de0fd1f90486a66dee4bfe89a78d7
SHA1 90e3188ef63495aaa71c85d4ff0f23253c834b40
SHA256 8b95ff56d61586582864d05563762615c8705779578dca3c98a303c3b1f4122e
SHA512 60006fa6f57e4d280642d51055f85f8d27b913ce71373de5b928c515c77647295030ab73ab4a55024de4a40c18f200909f49ffb52c26cf554835fc3d4cc348f1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\delroots.sst

MD5 7b32871e409608ff887b6cf4d87debb0
SHA1 191f9ea1298ee52dbd6f977b3584109a064f57b9
SHA256 3f01268547364d2d60a0f65b46757cccfd9225fc39d581846a8fbffdb5756ff2
SHA512 534a384f7946db4083e639b8e02d83ac97293c60630b8811a84c85e0330e9c293f05f5cf71e0f3580551e7923bc5a3bfb7f0406432ca3cdb7efeb4a950ac5e8a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rootsupd.inf

MD5 421e60325404f5f29ac04c9b9d59096b
SHA1 aace2fd74d799e8af5c8d5b2646361bb67a1620c
SHA256 571a8da5298aacc37700c747ee5d72b5a7797835140e7a4d4f895e9604574d77
SHA512 86693975b1b187ee65b0a23b1f3f8e05d1a3f61e7e47b060f938fe1602bbad96021847b709e64c2d5a295b72f10f4db587a11a1e7ca0a0b64c3bed7fa683b1d2