Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
07/05/2024, 11:17
Static task
static1
Behavioral task
behavioral1
Sample
11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe
Resource
win10v2004-20240426-en
General
-
Target
11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe
-
Size
2.4MB
-
MD5
9204715f161063695663602d1d43da82
-
SHA1
2773332561e14710fd4514c6a6cdcb3384863fd2
-
SHA256
11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619
-
SHA512
c068570b6fe947bd10676fc31efcf21ee79ab7eb19bc763919bbc7526515a6ccb5673cf32b0a75c8d86d67c338ca07016feb78c2802bc58e934a1eba788bb640
-
SSDEEP
49152:8VDZKvw4H8LMonNhJ+DkJE6GFVfoPRNJzaBt8:SDEvw4qjj2ENJ
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 6 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ComponentID = "Windows Roots Update" KB931125.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A} KB931125.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ = "RootsUpdate" KB931125.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\IsInstalled = "1" KB931125.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Version = "28,0,2195,0" KB931125.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Locale = "*" KB931125.exe -
Executes dropped EXE 5 IoCs
pid Process 2728 KB931125.exe 2916 updroots.exe 1632 updroots.exe 1528 updroots.exe 2540 updroots.exe -
Loads dropped DLL 16 IoCs
pid Process 1968 11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe 1968 11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe 2728 KB931125.exe 2728 KB931125.exe 2728 KB931125.exe 2728 KB931125.exe 2916 updroots.exe 2728 KB931125.exe 2728 KB931125.exe 1632 updroots.exe 2728 KB931125.exe 2728 KB931125.exe 1528 updroots.exe 2728 KB931125.exe 2728 KB931125.exe 2540 updroots.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files (x86)\LuDaShi\{1D5ACA73-5FA4-4329-AF43-98A22D86C232}.tf 11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\INF\setupapi.app.log KB931125.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\40E78C1D523D1CD9954FAC1A1AB3BD3CBAA15BFC\Blob = 03000000010000001400000040e78c1d523d1cd9954fac1a1ab3bd3cbaa15bfc090000000100000020000000301e06082b0601050507030206082b0601050507030406082b060105050703030b000000010000000e0000007400680061007700740065000000200000000100000025030000308203213082028aa003020102020100300d06092a864886f70d01010405003081cb310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74696e6731283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3121301f0603550403131854686177746520506572736f6e616c2042617369632043413128302606092a864886f70d0109011619706572736f6e616c2d6261736963407468617774652e636f6d301e170d3936303130313030303030305a170d3230313233313233353935395a3081cb310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74696e6731283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3121301f0603550403131854686177746520506572736f6e616c2042617369632043413128302606092a864886f70d0109011619706572736f6e616c2d6261736963407468617774652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100bcbc93536dc0504f8215e6489435a65abe6f42fa0f47ee777572dd8d499b9657a078d4ca3f51b3690b9176172207976ac451934be08def3795a10c4dda34901d178997e03538574ac0f40870e93c447b507e619a90e323d388114627f50b070ebbddd17f200a88b9560b2e1c80daf1e39e29ef14bd0a44fb1b5b18d1bf2393210203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d0101040500038181002de2996bb03d7a89d759a294011f2bdd124b53c2ad7faaa7005c914057254a38aa8470b9d9800fa57b5cfb73c6bdd78a615c03e32d27a817e0848542dc5e9bc6b7b26dbb74afe43fcba7b7b0e05dbe78832594d2db810f79076d4ff439155a52017bde32d64d38f6125c0650df055bbd144ba1df29ba3b418df76356a1df22b1 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\70179B868C00A4FA609152223F9F3E32BDE00562 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\67650DF17E8E7E5B8240A4F4564BCFE23D69C6F0 updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob = 0b00000001000000320000004d006900630072006f0073006f00660074002000540069006d0065007300740061006d007000200052006f006f007400000009000000010000000c000000300a06082b06010505070308030000000100000014000000245c97df7514e7cf2df8be72ae957b9e04741e852000000001000000b1020000308202ad30820216020101300d06092a864886f70d010104050030819e3120301e060355040a13174d6963726f736f6674205472757374204e6574776f726b311e301c060355040b13154d6963726f736f667420436f72706f726174696f6e312d302b060355040b13244d6963726f736f66742054696d65205374616d70696e67205365727669636520526f6f74312b3029060355040b1322436f70797269676874202863292031393937204d6963726f736f667420436f72702e301e170d3937303531333136313235395a170d3939313233303233353935395a30819e3120301e060355040a13174d6963726f736f6674205472757374204e6574776f726b311e301c060355040b13154d6963726f736f667420436f72706f726174696f6e312d302b060355040b13244d6963726f736f66742054696d65205374616d70696e67205365727669636520526f6f74312b3029060355040b1322436f70797269676874202863292031393937204d6963726f736f667420436f72702e30819f300d06092a864886f70d010101050003818d0030818902818100b75a38f51f37cca943c4dc2418bef28552b41d5b5f18b90b8f4b6da8ffcd40506cd3a0d35c47c2b9f786e4cd7d350569371faf3ddd1ffd8f1534c2c479cc59748a6f8c0ec3e811eb8438479853e1f10c0de4010cf01b1e20da2a7a3dc215528e8aff7b32bf581e25988326cb8ac9c4071424bc499ed77ab3871a2533bc6d08470203010001300d06092a864886f70d010104050003818100505bc56b6f8d525b0dc9bdac347398ca0a87caae4c4aba14a4eb52709521e0b5a1604ef743025101af1e3a70cebf18b686289967eb08e897405c1682fdb825fb366f6f763ec54c8ee2a751facac163ba5e8324470b9372f6449acea7953a8f50109e1db15916abcf3edf838bc7fac36bdc649f402b1f452404ae492ff6df0c91 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\9FC796E8F8524F863AE1496D381242105F1B78F5 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\22D5D8DF8F0231D18DF79DB7CF8A2D64C93F6C3A updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8250BED5A214433A66377CBC10EF83F669DA3A67 updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5D003860F002ED829DEAA41868F788186D62127F\Blob = 0300000001000000140000005d003860f002ed829deaa41868f788186d62127f090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802020b000000010000003800000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300200049006e0063002e00000053000000010000004800000030463021060b6086480186fd6e0107180230123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107180230123010060a2b0601040182373c0101030200c02000000001000000820400003082047e30820366a003020102020100300d06092a864886f70d01010505003081cf310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313a3038060355040b1331687474703a2f2f6365727469666963617465732e737461726669656c64746563682e636f6d2f7265706f7369746f72792f313630340603550403132d537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479301e170d3038303630323030303030305a170d3239313233313233353935395a3081cf310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313a3038060355040b1331687474703a2f2f6365727469666963617465732e737461726669656c64746563682e636f6d2f7265706f7369746f72792f313630340603550403132d537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100f2cc562a4de616375a97ea6d3538d1109bdbb8dca9040995332e09c5007b1a78428fc8f4058efed268831e4e99cd17db473e50f389d2e7dc98fb05f8aad663f4544dc17103b01f1b76b31a343073f128326083fdb49cd7b6d222377c19aa3bde1310696e5c06d36fa3f2665a764248af80d154593dd4b9d4dbedb9ab3999f4ee62abe178727bd8388d40b6ccdc120070438569d818e3ca57729fb4df3ffc22a84252f5775b99f0562d2670163612c2279e57a67cd023f179dca3935828383d9fad3643ee37fbf8f943adc856f294125e42eb73b8130dcba6d586b9aa286a5403a13f0f29eb0900e83f5ea27f173da12bf8bed0751da484e3ab1765065200afb10203010001a3633061300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414b4c67f1a43cc9b755d2fc44bf28b9810e9f15110301f0603551d23041830168014b4c67f1a43cc9b755d2fc44bf28b9810e9f15110300d06092a864886f70d01010505000382010100ac80bbc425050b58a4e47e297eafbc3bec2dc0442ef991e0d23b3227902df680095cc2ab6524da381046c449d2fd9aab28487788c6e96fd14791d5354f1409a85b40071d7c7156cb8942d4bf61c022f72edfabf372438b40e894ebb026dad113d3abd0362d2e3a95b3772e1539180c69baaa80edf1534e339b6804e2a0302ed7d15dd4a6669d84e6e7bb3c89bb369dfc17a93d552b8afb9bc44c84ffdfd2be691b74b0a8f6eab09cb22974814c683a9a7f732539f513e0669169d4574bb7eead45e02cc388d3be9449891fff70d55b6d3913b01dcb98e667630d63f6fbc3d7617283883f707e53c99e8954d64f7f7d71b9aef1608b7760ecf8bffa6aa39c0122 updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8C96BAEBDD2B070748EE303266A0F3986E7CAE58\Blob = 0300000001000000140000008c96baebdd2b070748ee303266a0f3986e7cae5809000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030306082b060105050703040b0000000100000058000000450042004700200045006c0065006b00740072006f006e0069006b00200053006500720074006900660069006b0061002000480069007a006d006500740020005300610067006c00610079006900630069007300690000002000000001000000eb050000308205e7308203cfa00302010202084caf73421c8e7402300d06092a864886f70d01010505003081803138303606035504030c2f45424720456c656b74726f6e696b20536572746966696b612048697a6d6574205361c49f6c6179c4b163c4b173c4b131373035060355040a0c2e4542472042696c69c59f696d2054656b6e6f6c6f6a696c6572692076652048697a6d65746c65726920412ec59e2e310b3009060355040613025452301e170d3036303831373030323130395a170d3136303831343030333130395a3081803138303606035504030c2f45424720456c656b74726f6e696b20536572746966696b612048697a6d6574205361c49f6c6179c4b163c4b173c4b131373035060355040a0c2e4542472042696c69c59f696d2054656b6e6f6c6f6a696c6572692076652048697a6d65746c65726920412ec59e2e310b300906035504061302545230820222300d06092a864886f70d01010105000382020f003082020a0282020100eea08461d03a6a661032d831387fa7a7e5fda1e1fb9777b87196e8139646834fb6f25f72566e1360a50191e25bc5cd571f776351ff2f3ddbb93faaa935e779d0f5d024b621eaeb2394fe29bffb89910c649a054a2bcc0ceef13d9b8269a44cf89a6fe722da10ba5f92fc18270aa8aa44fa2e2cb4fb469a08038372ab88e46a72c9e5651f6e2a0f9db3e83be40c6e7ada57fdd7eb798b5e2006d3760b6c0295a396e4cb7651d1289da11afc44a24dcc7a76a80d3dbf174f228850fdaeb6ec90504a5b9f9541aaca0fb24afe80994ea34615abf873426ac26676b10a2615dd9392ecdba95f54225291705d13ea48ec6e036cd9dd6cfceb0d03ffa683129bf1a9930fc5264c31b263996172e72a6499d2b8e975e27ca9a99a1aaac356db109a3c8352b67b96b7ac8777a8b9f2670b9443b3af3e73fa4236b125c50a3126375667baa30b7dd6f789cd67a1b73a1e664ff6a05514254c2c330da6418cbd04316a10720a9d0e2e76bd5ef351898ba83f5573bfdb3ac62405969248aa4b8d2a03e5579110f46a28156e4777845c51749f19e9e61e631639e31115e3581a44bdcbc46c66d78406df30f437a2432279d2106cdfbbe61311fc9d840a137bf03bd0fca30ad789ea967e8d48851e645fdb54a2acd57a02796bd28af067da65720d1470e4e98e788f32747c57f2d6d6f436891bf8296c8bb9f697d1a42eaabe0b19c245e9705d0203009dd9a3633061300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414e7cec64ffc166796fa4aa307c104a7cb6adeda47301f0603551d23041830168014e7cec64ffc166796fa4aa307c104a7cb6adeda47300d06092a864886f70d010105050003820201009b989a5dbef3282376c66cf77fe6409ec036dc950d1dad15c536d8d539eff21e225eb382b45dbb4c1aca920ddf47241eb324da9188e98370dd93d7e9bab3df165a3edee0c8fbd3fd6c29f81546a06826cc9352ae82019390ca77ca4d49efe25ad92abd30ce4cb281b630ce594fda591d6a7aa445b08226818676f5f51000b8eeb309e84f870207ae245cf05fac0a30cc8a40a07304c1fb8924f69a1c5cb73c0a6736050831b3afd801682ae0788f74deb851a48c6c203da2fbb3d409fd7bc280aa936c299821a8bb16f3a9125f74b58798f29526df34ef8a5391885d1a94a33f7c22f8d788baa68c96a83d5234629f001e54554267c64d468fbb14453d0a96168e10a19799d5d33085ccdeb472b7bc8a3c182968fddc7107ee24396afaeda5ac382ff91e100e06711a104cfe757eff1e573942cad7e115a15655591bd1a3af11d84ec3a52bef90bfc0ec82135b8dd6722c934e8f6a29df853cd30de0a21812cc552f47b7a79b02fe41f6884c6ddaa90147836427621082d6127b5e031f34a9c991feaf5d6d8627b723aa7518ca20e7b00fd7890ea6672263f483412b064bbb58d5d1d7b7b91063d8894ab4aadd1663f56ebe60a1f8ede8d6904f1ac6c5a029d3a721a8f55a3cf7c749a2219a4a95522096729a66cbf7d286437c22be96f9bd01a847dde53b40f9752b9b2b4664868d1ef48ffb0777d0ea49a21c8d5214a60a93 updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob = 0b000000010000000e000000740068006100770074006500000009000000010000000c000000300a06082b06010505070308030000000100000014000000be36a4562fb2ee05dbb3d32323adf445084ed6562000000001000000a5020000308202a13082020aa003020102020100300d06092a864886f70d010104050030818b310b3009060355040613025a41311530130603550408130c5765737465726e2043617065311430120603550407130b44757262616e76696c6c65310f300d060355040a1306546861777465311d301b060355040b13145468617774652043657274696669636174696f6e311f301d060355040313165468617774652054696d657374616d70696e67204341301e170d3937303130313030303030305a170d3230313233313233353935395a30818b310b3009060355040613025a41311530130603550408130c5765737465726e2043617065311430120603550407130b44757262616e76696c6c65310f300d060355040a1306546861777465311d301b060355040b13145468617774652043657274696669636174696f6e311f301d060355040313165468617774652054696d657374616d70696e6720434130819f300d06092a864886f70d010101050003818d0030818902818100d62b587861458653ea347b519cedb0e62e180efee05fa827d3b4c9e07c594e160e735460c17ff69f2ee93a8524153cdb470463c39ec4941a5adf4c7af3d9431d3c107a7925db90fef051e730d64100fd9f28df79be94bb9db614e32385d7a941e04ca479b02b1a8bf2f83b8a3e45ac719200b4904198fb5fedfab72e8af888370203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010405000381810067dbe2c2e6873d40838637357d1fce9ac30c6620a8baaa048986c2f510080dbfcba2058ad04d363ef4d7ef69c65ee4b0946f4ab9e7de5b88b67bdbe327e576c3f035c1cbb5279b3379dc90a6009e77fafccd279442169cd31c68ecbf5cdde5a97b100a32745413318b85038491b75801301438af28cafcb150191909ac8949d3 updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4054DA6F1C3F4074ACED0FECCDDB79D153FB901D\Blob = 0b000000010000001e000000440053005400200041004300450053002000430041002000580036000000090000000100000016000000301406082b0601050507030406082b060105050703010300000001000000140000004054da6f1c3f4074aced0feccddb79d153fb901d20000000010000000d04000030820409308202f1a00302010202100d5e990ad69db778ecd807563b8615d9300d06092a864886f70d0101050500305b310b30090603550406130255533120301e060355040a13174469676974616c205369676e61747572652054727573743111300f060355040b13084453542041434553311730150603550403130e4453542041434553204341205836301e170d3033313132303231313935385a170d3137313132303231313935385a305b310b30090603550406130255533120301e060355040a13174469676974616c205369676e61747572652054727573743111300f060355040b13084453542041434553311730150603550403130e445354204143455320434120583630820122300d06092a864886f70d01010105000382010f003082010a0282010100b93df52cc994dc758a955d63e884777666b959915c46dd923e9ff90e03b43d6192bd2326b563ee92d29ed63cc80d905f6481b1a8080d4cd8f9d3052852b40125c5951c0c7e3e108475cfc1199163cfe8a89188b94352bb80b155898b31fad0b776be413d309aa422251773e81ee2d3ac2abd5b3821d52a4bd7557de33a55bdd76d6b02576be6477c08c882badea7873da16db83056c2b302815f2df5e29a301828b866d3cb01966fea8a4555d6e09dff672b1702a64e1a6a110b7eb77be798d68c766fc13bdb50937ee5d08e1f37b8bdbac69f6ce97c33f2323c2647fa272402c97e1d5b8842136a357c7d35e92e66917293d53226c474f553a3b35d9af609cb0203010001a381c83081c5300f0603551d130101ff040530030101ff300e0603551d0f0101ff0404030201c6301f0603551d11041830168114706b692d6f70734074727573746473742e636f6d30620603551d20045b30593057060a608648016503020101013049304706082b06010505070201163b687474703a2f2f7777772e74727573746473742e636f6d2f6365727469666963617465732f706f6c6963792f414345532d696e6465782e68746d6c301d0603551d0e041604140972064e18430fe5d6ccc36a8b317b788fa883b8300d06092a864886f70d01010505000382010100a3d88ed6b2dbce05e732cd01d30403e576e4562b9c9990e808306cdf7d3deee5bfb524408449e1d128aec4c23a533088f1f5776e51cafaff99af245f1ba0fdf2ac84cadfa9f05f042ead16bf219710813de3ff878d32dc94e5478a5e6a13c994953dd2eec83495d080d4ad320880543ce0bd5253d7527cb2693f7f7acf6a74cafa042a9c4c5a06a5e920ad45660f69f1ddbfe9e3328bfae0c1864d723c2ed893780a2af8d8d2273d19895f5a7b8a3bcc0cda51aec70bf72bb03705ecbc5723e238d29b68f35612884f427cb831c4b5dbe4c82134e9481135eefac79257c59f34e4c7f6f70e0b4c9c68787b7131c7eb1ee06741f3b7a0a7cde57a33366afa9a2b updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E0AB059420725493056062023670F7CD2EFC6666 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CB44A097857C45FA187ED952086CB9841F2D51B5 updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6B2F34AD8958BE62FDB06B5CCEBB9DD94F4E39F3\Blob = 0300000001000000140000006b2f34ad8958be62fdb06b5ccebb9dd94f4e39f3090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080b000000010000003c00000054004300200054007200750073007400430065006e00740065007200200055006e006900760065007200730061006c002000430041002000490000002000000001000000e1030000308203dd308202c5a003020102020e1da200010002ecb76080788db606300d06092a864886f70d01010505003079310b3009060355040613024445311c301a060355040a1313544320547275737443656e74657220476d624831243022060355040b131b544320547275737443656e74657220556e6976657273616c204341312630240603550403131d544320547275737443656e74657220556e6976657273616c2043412049301e170d3036303332323135353432385a170d3235313233313232353935395a3079310b3009060355040613024445311c301a060355040a1313544320547275737443656e74657220476d624831243022060355040b131b544320547275737443656e74657220556e6976657273616c204341312630240603550403131d544320547275737443656e74657220556e6976657273616c204341204930820122300d06092a864886f70d01010105000382010f003082010a0282010100a477239644af90f431a710f426879cf338d90f5edecf41e831adc674912496781e09a09b9a954a4af5627c02a8caacfb5a047639de5ff1f9b3bff3035855d2aab7e30422d1f894da2208008dd37c265dcc7779e72c7839a826730ea25d2569854f550e9aefc6b944e1573ddf1f5422e56f65aa33843af3ce7abe5597ae8d120f1433e25070c3498713bc51ded798125aef3a83339206758b927c12687b706a0fb59bb6775b48599de4ef5aadf3c19ed4d7454eca563421bc3e175b6f770c48014329b0dd3f966ee695aa0cc020b6fd3e36279ce35ccf4e81dc19bb91907dece697041e93cc2249d79786b6130a3c4323777ef0dce6cd241f3b839b343a8334e30203010001a3633061301f0603551d2304183016801492a4752ca49ebe8144eb79fc8ac595a5eb107573300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e0416041492a4752ca49ebe8144eb79fc8ac595a5eb107573300d06092a864886f70d0101050500038201010028d2e086d5e6f87bf097dc226b3b9514560f1130a59a4f3ab03ae006cb65f5edc69727fe25f257e65e958c3e6460155a7f2f0d01c5b160fd4535cff0b2bf06d9ef5abeb36221b4d7ab357c533ea627f1a12dda1a239dccddec3c2d9e27345d0fc23679bcc94a622ded6bd97d41437cb6aacaed61b1378215091a8a1630d8ecc9d64772784b1046148e5f0eafecc72fab10d7b6f16eec86b2c2e80d9273dca2f40f3abf612310899c48406e7000b3d3ba374458117a026a88f03734f019e9acd46573f6698c64943a798529b0162b0c823f069cc7fd102b9e0f2cb69ee315bfd9361cba251a523d1aec220c1ce0a4a23df0e839cf81c07bed5d1f6fc5d00bd798 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\FA0882595F9CA6A11ECCBEAF65C764C0CCC311D0 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1B4B396126276B6491A2686DD70243212D1F1D96 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5F3AFC0A8B64F686673474DF7EA9A2FEF9FA7A51 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2388C9D371CC9E963DFF7D3CA7CEFCD625EC190D updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\9ED18028FB1E8A9701480A7890A59ACD73DFF871\Blob = 0300000001000000140000009ed18028fb1e8a9701480a7890a59acd73dff87109000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030b0000000100000042000000530065007200610073006100200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790020004900490049000000200000000100000029040000308204253082030da00302010202083b57fc376d701fb4300d06092a864886f70d01010505003066310b300906035504061302425231143012060355040a130b53657261736120532e412e31163014060355040b130d53657261736120434120494949312930270603550403132053657261736120436572746966696361746520417574686f7269747920494949301e170d3034313132363133313431345a170d3234313132313133323431345a3066310b300906035504061302425231143012060355040a130b53657261736120532e412e31163014060355040b130d53657261736120434120494949312930270603550403132053657261736120436572746966696361746520417574686f726974792049494930820122300d06092a864886f70d01010105000382010f003082010a0282010100f247c400a81e1aefef4fc03f6f45343e38ea97bd4e34087943978c1464932461198b18500ccc1fb237c1b8bfc4b55940ad9556370492fc5b3eac213ed1db06e092cd85ee06f6815f86e35f94b56c7edae24fe7262632bda8635d029a39df3be8ce4c658409ef788d04a5498a7bc3517e6b01e0e9ebd29213cc00d7c6261f04e360efec1814ef18f63c0344433870360d9620d4437ebfd486d8f92cdccb2c7b2e1d5e83176fce12354d4f8c9d20d8356acfdafc0c4604012e037a454e840b2d26cbab2e587f684395b7b24ed4ff975ef9a7b22f94215cf37e3ec00007f7ff8c2db5814ef6f92885b7fbbee3ceb2be1f461d96a0e48debfaec34c6b4b49609f2090203010001a381d63081d330310603551d25042a302806082b0601050507030106082b0601050507030206082b0601050507030306082b06010505070304305e0603551d1f045730553053a051a04f864d687474703a2f2f7777772e636572746966696361646f6469676974616c2e636f6d2e62722f7265706f7369746f72696f2f73657261736163612f63726c2f53657261736143414949492e63726c301d0603551d0e0416041446c278ab54e0f8682739df42b3f354c3067d26a1300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106300d06092a864886f70d0101050500038201010080391c9d3d892006f4ed095c8f2e1f612965b06c3b2178d83193d8aefca780ed5525573804e81ceabb5e992758b43d70034fee065465fb5d0ad447905100ed82df97f6d790af18796033a048155cfa52c00d196c26c2731bbe1b033870188e953c7ae0f4ee38c2e630c3b6016c52078a295f549d5c8f2cfd3eb90acf6e57ffdc90f8f4d72657c602ca0b05adc670c74816aa65e0965bcaebfb5d3bb1c65fbc1e38eba040d0a8d896e26f3492853e960415aa240c3855b66922347c41d810bc349bcf1f4c2507562091423919510b3c90d37918daef1d9feee2ba01145e1583833bcea705f340c73b469cc00fd3d62a4f930707f5ff8ad4a706e52eae0c488b70 updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7639C71847E151B5C7EA01C758FBF12ABA298F7A\Blob = 0b000000010000002a0000004400530054002000280041004e00580020004e006500740077006f0072006b0029002000430041000000090000000100000016000000301406082b0601050507030406082b060105050703010300000001000000140000007639c71847e151b5c7ea01c758fbf12aba298f7a2000000001000000510300003082034d308202b6a0030201020204366ea26f300d06092a864886f70d01010505003052310b300906035504061302555331243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311d301b060355040b13144453542028414e58204e6574776f726b29204341301e170d3938313230393135343634385a170d3138313230393136313634385a3052310b300906035504061302555331243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311d301b060355040b13144453542028414e58204e6574776f726b2920434130819d300d06092a864886f70d010101050003818b0030818702818100b448118058a0d5a5990ff6372c44b66ed17cf32a6b9e11b68823045c71259e6a1277116ebf683965a8f6b2f6a218b28915a067b77a8c22486bf684341fb6caf71b72cbf25b48d3871e22761304b4ac6c967fe70e08c93251302dd580e82167baf35e08242c07599d901aee46c9b5a41e96b44191d47fd28d3826b06f436e097d020103a38201303082012c301106096086480186f842010104040302000730740603551d1f046d306b3069a067a065a4633061310b300906035504061302555331243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311d301b060355040b13144453542028414e58204e6574776f726b29204341310d300b0603550403130443524c31302b0603551d1004243022800f31393938313230393135343634385a810f32303138313230393135343634385a300b0603551d0f040403020106301f0603551d230418301680148c165570cc160a5364c2a584aab36417433f8236301d0603551d0e041604148c165570cc160a5364c2a584aab36417433f8236300c0603551d13040530030101ff301906092a864886f67d074100040c300a1b0456342e3003020490300d06092a864886f70d0101050500038181004925c960b10c5fa93910d3c534557dcf79c329ebdef9c240f9e856c5f02fecf4d9ec4851b863385e936e189685b9ca509ca4b8ea66266893856f6f4c71d0be7a0b3c31b9f7be699e10d7d140e8ac1671abaeab38e170b1ca9216e05d85a6188006009ce1a6184251a7686859ef26945fad310cfe291e170184375be81232a35d updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\634C3B0230CF1B78B4569FECF2C04A8652EFEF0E updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\64902AD7277AF3E32CD8CC1DC79DE1FD7F8069EA\Blob = 03000000010000001400000064902ad7277af3e32cd8cc1dc79de1fd7f8069ea09000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b060105050703090b000000010000004c00000049002e004300410020005000720076006e00ed00200063006500720074006900660069006b0061000d016e00ed0020006100750074006f007200690074006100200061002e0073002e00000020000000010000003d0400003082043930820321a0030201020204009d2a60300d06092a864886f70d01010505003068310b300906035504061302435a312a302806035504030c21492e4341202d205175616c696669656420726f6f74206365727469666963617465312d302b060355040a0c245072766ec3ad20636572746966696b61c48d6ec3ad206175746f726974612c20612e732e301e170d3038303430313030303030305a170d3138303430313030303030305a3068310b300906035504061302435a312a302806035504030c21492e4341202d205175616c696669656420726f6f74206365727469666963617465312d302b060355040a0c245072766ec3ad20636572746966696b61c48d6ec3ad206175746f726974612c20612e732e30820122300d06092a864886f70d01010105000382010f003082010a0282010100ab0888a4f074f29ff8dbd6778d30193ea6c5c78ac5bddde602ae8e3d5075b8af7d36abfef5ed0867b4008a98c103638851f21b3689745a2dc8c482c43fb988fd6cfd3a1d15054495801aa686cb217590855cb070008734a8d11f49fd6c386d6aacb8459fbc14d766d421e3270a8d75e05a2f0a4bb4e77e73a32abd70f19186088fbf90841c87a9f599252594c1e36e07c14b075b54fc34cb46379cc5a120cea6ac87a9833c384fc040f3e9ff9bd73976e4132375b5ffa142ae5c864fc54e43b6990b525320a8b3c24cd3002c15d2596c0a9f21b57316791e8625ee1afb939ead63f14ce276315e37effcd0a936e4f911e97afc50e741230334b87dba0ecfdd530203010001a381ea3081e7300f0603551d130101ff040530030101ff300e0603551d0f0101ff0404030201063081a40603551d2004819c308199308196060c2b0601040181b8480104000130818530818206082b0601050507020230761a7454656e746f20636572746966696b6174206a6520767964616e206a616b6f206b76616c6966696b6f76616e792073797374656d6f767920636572746966696b6174207620736f756c616475207365207a616b6f6e656d203232372f323030302053622e207620706c61746e656d207a6e656e692e301d0603551d0e04160414689d7ed6c42539fb3ba037d64fdc8cd17af05659300d06092a864886f70d0101050500038201010072f5bc068dd22c96f282db587b47f04064e52e1beffae0fad3f172480144f288f4de98815384e77d4e47e7313756aeb3c1306fc6ab4883f5985352692a28c14065eb65e7b4300bf0ab0ea51225bff4505dbfa37ee5d174f80a28ae429cb01452c4a0605df7451742ba422d9b92fb6e94b3704720089d53f0b0adbda9845add072a0ccd2b6d6128df3b9228ec51817f517c8e2e7f9de9bcc1343d8bad81adf11e7466433c414db82e334fb13a1edb12df368e71ff5763b1d68fb43d86126acf4230b49316ea99ea025bfe08eeb24f70bf3300e77a4a38a1f24891a61ecb23b2389df02e49a2c9885665658e3a67458c8c0be2aab14b07ffb11fba14cf72faa778 updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABB51672400588E6419F1D40878D0403AA20264\Blob = 0b000000010000006c0000004a006100700061006e002000430065007200740069006600690063006100740069006f006e002000530065007200760069006300650073002c00200049006e0063002e0020005300650063007500720065005300690067006e00200052006f006f0074004300410031000000090000000100000016000000301406082b0601050507030406082b06010505070301030000000100000014000000cabb51672400588e6419f1d40878d0403aa2026420000000010000002d030000308203293082021102085f60585f00000000300d06092a864886f70d01010505003057310b3009060355040613024a50312b3029060355040a13224a6170616e2043657274696669636174696f6e2053657276696365732c20496e632e311b3019060355040313125365637572655369676e20526f6f74434131301e170d3939303931353135303030315a170d3230303931353134353935395a3057310b3009060355040613024a50312b3029060355040a13224a6170616e2043657274696669636174696f6e2053657276696365732c20496e632e311b3019060355040313125365637572655369676e20526f6f7443413130820122300d06092a864886f70d01010105000382010f003082010a028201010094900c4b71291cdaf668797aa4bae7d2cc8dafe84790991fc62aea9763e81fce1757c61ab3a8c77c87ed353580baba6e6dbe17fecc2d1b6cef8a004916e1ee065e4a075dab3dd150b89146d4d4da15d8945c0ecad7dabfa0f7493cc8bbceea26810a142d9c0d37456b41ca578b38f0261f31fccf348e8f77c13fe3ab543c27b4ce324c551362fcfe3a1625cf1b6ba223b7e0ea0269bbf722716d7c0b1993a1979ce391691f68e42f7d106d8f67aec110a2b05e634a97f7e678a9ad26bb54c9dfb4eec59ed325dd136853f98fe8ece5de81d6783eee5040b4013cac15c1823b2e7ff152278b72e0e7dbf98b29c3c34a2b3389ab5c2a07fc7c231e2b4f0822fec10203010001300d06092a864886f70d0101050500038201010055ed6f7b93e545314e68d55581a2081f6cdd09c5781a7057c8df0881ae6677c6750fe4ef498b035c6cff1c90a472b2d31612b206f84686aebfa715db854dfac22d4db3b5b043ef7c7e07db5fb357465176078644fd07eaf1cb4b454d66a73326c4f943aa8d12b3d48d68b6f70279b42d5ad70398042c6999aff4663b64acb2c02bc869549e4c4e48188dce57b53b51e51bd7fa3960db564513bee766d523f67c4800b04cef348d22acb22ed14c38cdfa580306ee3a73870a053acae4afd4c1ee1c857f2516cf27011f848a7708d0d346e820ec9fa48cf1bccdc41236801ec70928afe808bec0d3b23ed72e673da3cebb34fae285cdacce551d455b7885d3857a updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E3D73606996CDFEF61FA04C335E98EA96104264A\Blob = 0b000000010000001a00000044002d0054005200550053005400200047006d00620048000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308030000000100000014000000e3d73606996cdfef61fa04c335e98ea96104264a2000000001000000eb040000308204e7308203cfa00302010202030326da300d06092a864886f70d01010505003052310b300906035504061302444531153013060355040a0c0c442d547275737420476d6248312c302a06035504030c23442d5452555354205175616c696669656420526f6f74204341203120323030373a504e301e170d3037303630383131343734365a170d3132303630383131343734365a3052310b300906035504061302444531153013060355040a0c0c442d547275737420476d6248312c302a06035504030c23442d5452555354205175616c696669656420526f6f74204341203120323030373a504e30820124300d06092a864886f70d010101050003820111003082010c028201010089d9ffd3ff37fc57881560c1bd2f681080b72d59a5a24ac70ad62f8e40377b2a32aac6b6130d20e74ffe3f0e6eadf954cf6b050bfe69f2fabc813fdeedb333bb392c74c434f6b4fac3d3d258ca79708f63e39534f839579f01748b979cadea1cbb65fd4ae62438493e9eb2c650e35cd63be9873977d9a41e0728a05d92872b4c8b75c54003bd3f400d943c3b14a7e0ae72bd2bebd2f1b0de08e2d1a411d638c24ef212771fcf48460bf817339b831f08b805e746534b887b87fcd2a33d4572e90e19b4058a6a1f370c0f0cccc8a8b95b02baf3b8a30d0fc314eb6b7b3781ea9e58d1b0b7474b053104e94c0aa1c09214bd2337d221f6e4c0ec4e997f8d8de851020500e9cc4529a38201c2308201be300f0603551d130101ff040530030101ff301d0603551d0e041604142c4cf69a2a9f288201c1990611afb34b7cb79afe303806082b06010505070101042c302a302806082b06010505073001861c687474703a2f2f7175616c2e6f6373702e642d74727573742e6e657430170603551d200410300e300c060a2b06010401a534021f0130330603551d11042c302a8110696e666f40642d74727573742e6e65748616687474703a2f2f7777772e642d74727573742e6e6574301806082b06010505070103040c300a3008060604008e460101300e0603551d0f0101ff0404030201063081d90603551d1f0481d13081ce3081cba081c8a081c5867f6c6461703a2f2f6469726563746f72792e642d74727573742e6e65742f434e3d442d54525553542532305175616c6966696564253230526f6f7425323043412532303125323032303037253341504e2c4f3d442d5472757374253230476d62482c433d44453f63657274696669636174657265766f636174696f6e6c6973748642687474703a2f2f7777772e642d74727573742e6e65742f63726c2f642d74727573745f7175616c69666965645f726f6f745f63615f315f323030375f706e2e63726c300d06092a864886f70d0101050500038201010069a9f184c8b6069d1a170765f3aa479cf772aa3daf2666e514210ece1b893e8a54c8ff36c91d2c8a11e5cdc772a4845b1e5bc33535b1b16d4baa08d4d9d4e2fd074be4565bf6ca70c875ba9c7e440e058afdd61b74d3bbd2e55ae4daf60fb21f8d54cc1565fe761a2c10b9c6d424263b0cad68496f63acac585ed617b906680cb430cce1b7e63fc0eed20f4da0d8a25f7c80c8e0178a54f7450872774a4bb329a093a0e1ca43c1732dbbdab492f15ce61026d588f186e73e1b622726ccbbcecc30decfd8baff8c82371e6c4584d923b58696970ec7aa228d4fa2fb2903b01adc105463bd9cd69e9ce41f329790d0d79abb79a3238fb475ae64c87797fa2c238d updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8D08FC43C0770CA84F4DCCB2D41A5D956D786DC4\Blob = 0300000001000000140000008d08fc43c0770ca84f4dccb2d41a5d956d786dc4090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b000000010000003c000000530077006900730073005300690067006e002000530069006c00760065007200200052006f006f0074002000430041002000132020004700330000002000000001000000820500003082057e30820366a003020102020900aa88b05a0bb1769b300d06092a864886f70d01010b0500304c310b300906035504061302434831153013060355040a130c53776973735369676e204147312630240603550403131d53776973735369676e2053696c76657220526f6f74204341202d204733301e170d3039303830343133313931345a170d3337303830343133313931345a304c310b300906035504061302434831153013060355040a130c53776973735369676e204147312630240603550403131d53776973735369676e2053696c76657220526f6f74204341202d20473330820222300d06092a864886f70d01010105000382020f003082020a0282020100be879b05e6717c526f6dec37a9e9b3dccc5f7fd350ea219b04f03dbfbe8ec9a514163210cf99fcec70ad483667240c1732d629e54a39b137eba6780c6c6f19ca4ef751da1ae8fa21386c959c2fd68bcc3b029bbf269b1145b6b8345a1da6544852c89d7871ce484acca77883dc68ab661e7707d3361808d7d46d60f8f079d33336099263b7049af5a796da45af741afc82e3a85b0e3a3f5257987ebc9c8cc1c0b25adfc47efe0ca65476837ebadde72af44a364f87652ea5ba398d596129f3d38e24708c539b11a54707b275055c0d84d944d9cdc92644576e027d9501d4ab2486ee3d70fb57fab02914d09df2c597cb09caf1f23de7d84b96e9882f9e47518a54659848d212e454770c07e6be5b9cf1dd037e8d84fcbec962d5fcc93ae889b55fc2055261f09c3eec2e4d8c72918ec843c1a2285ef58024dce22f873b5300e5cbf0b27c8d7919a088cd78f8c58a5a77e506acdd4adee6706ebeafbef5b1ab0e08b0dba03f94c5be12b9bc7b2779b532295daec5202392037b5439b08922546d12e3c378ea3a40fda493ace92d883cdba647664cdfd817ed16de1ad6d74166bf1d80f1a4e06411295e0c270562ebe5c40462d1c49f0c6a55d658389c660f9dfbab5480999cec49d6829fda45d63f530603b7fd1fec867d74e0a4b4e832b6aa0723f8ef24419e633078f454dd8ef05a388e127f78c76f02562133ceb8b8ad69550203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414a18c45930a12630ba7575f324a7de121e7b73e66301f0603551d23041830168014a18c45930a12630ba7575f324a7de121e7b73e66300d06092a864886f70d01010b0500038202010087ae616d48382ac61cdc4a2e847849c0232a45b8354dd105fab90533c464bddbad54162ab03e0d5a28daa61a80730cc4416fafb834b677d45b8e1d0b8b469044b5b3ee491889c14b34b3873574a29e4567ed457166b6b9a12573d7c2ac88fbd21da76bdac05ae6d85964349765203133034fcead099eaee9c23e1875b4332512bb05ec50ba7140e2bdde88460521848ba32b1eeb303089bf11f55c44f8918b4b59450b300dca0c4f6f63be04fec1ede087fec8cd56bfe5dc8e7ad4d6294e80dbab9b3f8e650722f744cd961f2dc7f509b69870ff38dc501511843b7fa9f0d82454c8178c2b1349d6997f45d10f8ebf6972375307f4e6aefd5b3e79b906cdb88178b44da0d035bae4aeffd349bc35ed63c6b3fce3ab615a05b60be4ffa92abedf544ec24b5c68daa332a2c94d57185334593c6699d73c0278a74c71d0bfdbf1c43ce701e604f244f648263033c9b10119eb02f1cc21fa3a0230179dc85f803fdd25ac029be317debdca9214d2528153e6eafc306732a962f693171507315e0f1b69f5f4a9b77c2db3ed8444324728073b866945a9c73696907274d812a67323d14eb9b67a3ac429a1500611b9d9f4266e6208122016f0015717d405366797eb51f9ff33240c050f56bfef3d1c528e8ade690f5a1ff0d5033144b392c6ea75a8aebbc760038898ffc70484529086e1b493a9502fe8ebd236ac3060a7d00313b50a updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4A3F8D6BDC0E1ECFCD72E377DEF2D7FF92C19BC7\Blob = 0300000001000000140000004a3f8d6bdc0e1ecfcd72e377def2d7ff92c19bc709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030b000000010000001800000049005a0045004e0050004500200053002e0041002e0000002000000001000000630400003082045f30820347a003020102020101300d06092a864886f70d01010505003081d0310b300906035504061302455331483046060355040a133f495a454e504520532e412e202d2043494620412d30313333373236302d524d6572632e5669746f7269612d4761737465697a205431303535204636322053383142304006035504071339417664612064656c204d65646974657272616e656f2045746f7262696465612033202d203031303130205669746f7269612d4761737465697a311330110603550403130a497a656e70652e636f6d311e301c06092a864886f70d010901160f496e666f40697a656e70652e636f6d301e170d3033303133303233303030305a170d3138303133303233303030305a3081d0310b300906035504061302455331483046060355040a133f495a454e504520532e412e202d2043494620412d30313333373236302d524d6572632e5669746f7269612d4761737465697a205431303535204636322053383142304006035504071339417664612064656c204d65646974657272616e656f2045746f7262696465612033202d203031303130205669746f7269612d4761737465697a311330110603550403130a497a656e70652e636f6d311e301c06092a864886f70d010901160f496e666f40697a656e70652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b56eda025d7869df12160fe07197c9d40b193289acd67e9b747baf2df90b7dfa566329949d130d8e9a3e2abebfa8bd19835cede25a95953960e5dc91c98c0cc509ef191013431fe40d63064798f05a31814e60575b0055475afcacd79d82df4f2170527ac565869a3be5d9e322125f4fda74762d6b9edfaf030aef9a93b8f782301768239d3f56bb05fafe456dd7d920b94785f2a7c88794be493c7243fd60642eb7b3c3340f7400b0f26f441bbabd914c253692f7da644eba34b76644fa9904f326278b884dd7d38b34b8852a5649393218dc1c57fb6a5d0de42ce3b537275d824a37667d10356c924e289407468b8e9e4a86576e350e3f9824123eb05590170203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414ea564fec3c83a114887881b22b0522c007415b42300d06092a864886f70d01010505000382010100629ee6133ce1c3aa391dfe7e4f991c23eb78049ca2216cbbbc794bb3f1bc74b6173bcd5a37f33383ddbc78c4d14f1c5864bf1d77dbb0b09e744d57d7e8bd11e03cb0eb08a48777c746b6adf6e7d78bade3e4af7562cafb697aa7177f1d880807624af00b792ec4705bf42d0a073ea1f10e39fca0b237b777ef0580ab7f32ca13c395a3afca813a6dd52e2b98539b91180392663f2ae14359a80cecae7960408f1ccc10c8fe3806351fdd1c2efeb0b33b2a7abc51add4ce1c176fecc8c1108a6f1044245d4c555c0cc5bae4fa9b6b7dd4b7e7c1f97f22f9631da542ec3972ca14581c3e83e11c7ee102a9e2d58bbe9c3a2e423e80a349fd874c0ac45943310414 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A3E31E20B2E46A328520472D0CDE9523E7260C6D updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DBAC3C7AA4254DA1AA5CAAD68468CB88EEDDEEA8\Blob = 0b000000010000002800000047005400450020004300790062006500720054007200750073007400200052006f006f0074000000090000000100000020000000301e06082b0601050507030406082b0601050507030206082b06010505070301030000000100000014000000dbac3c7aa4254da1aa5caad68468cb88eeddeea82000000001000000500200003082024c308201b5020200fd300d06092a864886f70d0101040500306e310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e311c301a06035504031313475445204379626572547275737420526f6f74301e170d3938303430333134353230315a170d3034303430333233353930305a306e310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e311c301a06035504031313475445204379626572547275737420526f6f7430819f300d06092a864886f70d010101050003818d0030818902818100ba8ebd759012fae57974b2d9f726d40e411de936075672d5b869da54d4b1d6786daae33b3da3843725c7afaf04dcb322b1e96dbe826deb8d2fbdb4ae701ea2d66e203151e6565c7352b223504ebcfb9a6740c4861146c74322baea004f6c72cd619cdecbfaee30d2e6fa5b9dc599dc20f839bf648c07563bbddc6c5ef6bfe1d90203010001300d06092a864886f70d010104050003818100965f1d3cc67595b66baf8700cda5412b8bbfd08d315b3965d3f1d18f581e5222c33d86f2c29af6dd485e71c3451c7c4ca259eea151963df7d534243aaafd822665c54c420f0c8f69607ce7d6d51a4b79faee5ab54ca6cca36b46d6d1c83254a03067d25d861191bcc3ba2a9cd578511ad45ddd769122456b31593ef985594ecb updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\21FCBD8E7F6CAF051BD1B343ECA8E76147F20F8A\Blob = 0b000000010000000c000000440061006e0049004400000009000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b0601050507030903000000010000001400000021fcbd8e7f6caf051bd1b343eca8e76147f20f8a20000000010000002f0400003082042b30820313a00302010202043acca54c300d06092a864886f70d01010505003043310b300906035504061302444b31153013060355040a130c54444320496e7465726e6574311d301b060355040b131454444320496e7465726e657420526f6f74204341301e170d3031303430353136333331375a170d3231303430353137303331375a3043310b300906035504061302444b31153013060355040a130c54444320496e7465726e6574311d301b060355040b131454444320496e7465726e657420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c4b840bc91d5631fd799a08b0c401e74b7489d468c02b2e0245ff01913a737836b5dc78ef98430ce1a3bfafbce8b6d23c6c36e669f89a5dfe0425067fa1f6c1ef4d005d6bfcad64ee468606c46aa1c5d63e107860e6500a72ea671c6bcb981a83a7d1ad2f9d1ac4bcbce75afdc7bfa8173d4fcbabd4188d474b3f95e383a3c43a8d2954e776d130c9d8f7801b75a201f033735e22cdb4b2b2c78b949dbc4d0c79c9ce48a200921165666ff05ec5be3f0cfab24245ec37f707a12c4d2b510a0b621e18d7869554469f5ca961c3485172577e2f62f279878fd79063aa2d65a43c1ffec043bee13efd3585aff92ebecaedaf237034741b697c92d0a4122bbbbe6a70203010001a382012530820121301106096086480186f842010104040302000730650603551d1f045e305c305aa058a056a4543052310b300906035504061302444b31153013060355040a130c54444320496e7465726e6574311d301b060355040b131454444320496e7465726e657420526f6f74204341310d300b0603550403130443524c31302b0603551d1004243022800f32303031303430353136333331375a810f32303231303430353137303331375a300b0603551d0f040403020106301f0603551d230418301680146c6401c7fd856dacc8da9e50088508b53c56a850301d0603551d0e041604146c6401c7fd856dacc8da9e50088508b53c56a850300c0603551d13040530030101ff301d06092a864886f67d0741000410300e1b0856352e303a342e3003020490300d06092a864886f70d010105050003820101004e43ccd1dd1d101b067fb7a4fad3d94dfb239f23545be68b2f04288bb5276d89a1ec9869dce78d2683057974ecb4b9a397c13500fd15da39813a953190de97e986a899770ce55aa084ff1216ac6eb88dc37b92c2ac2ed07d28ecb6f36038696f3ed804553e9ecc55d2bafebb4704d70ad9160a3429f55813d54fcf8f564bb31eeed39879da081e0c6fb8f81627efc26f3df6a34b3e0ee46d6cdb3b41129bbd0d47237f3c4ad0afc0aff6ef1bb515c4eb83c4095f748bd911fbc256b13cf870ca348d4340138cfd99035479c62eea86a1f63ad409bcf4bc66cc3d58d057490aee25e241ee13f99b3834d100f57ee7941dfc690362b89905053d6b7812bdb06f65 updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\FEB8C432DCF9769ACEAE3DD8908FFD288665647D\Blob = 53000000010000002400000030223020060a2a83088c9b1b6485510130123010060a2b0601040182373c0101030200c00b00000001000000360000005300450043004f004d002000540072007500730074002000530079007300740065006d007300200043004f0020004c00540044000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308030000000100000014000000feb8c432dcf9769aceae3dd8908ffd288665647d2000000001000000810300003082037d30820265a003020102020100300d06092a864886f70d01010505003060310b3009060355040613024a5031253023060355040a131c5345434f4d2054727573742053797374656d7320434f2e2c4c54442e312a3028060355040b1321536563757269747920436f6d6d756e69636174696f6e20455620526f6f74434131301e170d3037303630363032313233325a170d3337303630363032313233325a3060310b3009060355040613024a5031253023060355040a131c5345434f4d2054727573742053797374656d7320434f2e2c4c54442e312a3028060355040b1321536563757269747920436f6d6d756e69636174696f6e20455620526f6f7443413130820122300d06092a864886f70d01010105000382010f003082010a0282010100bc7fec579b24e0fe9cba4279a9888afa80e0f5072943ea8e0a34368d1cfaa7b53978ff9775f72fe4aa6b048444caa6e2688efd5550620fa4710ece07382d428550ad3c966f8bd5a20ecfde49893dd6642e38e51e6cb5578a9eef480ecd7a69168744b590e4069daea104975879ef204a826b8c22bfec1f0fe98471edf10ee4b81813cc56365dd19a1e516b396e607688340bf3b3d1b09dca61e2641dc14607b863dd1e3365b38e0955523db5bdff07ebad6155182ca969984aaa40c53314657400f991deaf0348c54054dc0f84906820c59296dc2ee50245aac05f54f86dea49cf5d6c4bafef9ac2565cc63556426a305fc2abf6e23d3fb3c9118f314cd79f490203010001a3423040301d0603551d0e04160414354af54daf3fd78238acab716517758c9d5593e6300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100a887e9ecf840675dc3c166c7404b97fc8713905ac4efa0ca5f8bb7a7b7f1d6b564b78ab3b81bccdafbac668841cee8fce4db1e88a6ed27501b0230244679fe048770974073d1c0c157199a69a52799ab9d6284f651c12cc92315d828b7ab2513b546e18602ff268cc488921d56fe1967f255e480a36b9cab77e151710d20db109adbbd767907779928ad9a5edab14f442c358ea596c7fd83f058c679d6987ca88dfe863e071692e17be71dec33767e422e4a85f9918968840381a59b9abee337c554ab563b182d41a40cf842db99a0e0726fbb5de1164f530a64f94ef4bf4e54bd786c88eabf9c1324c27069a27f0fc83cad08c9b09840a32ae78883ed778f74 updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 53000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b000000010000000e00000043004f004d004f0044004f000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b06010505070307030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb42000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CEA9890D85D80753A626286CDAD78CB566D70CF2 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CBA1C5F8B0E35EB8B94512D3F934A2E90610D336 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\93E6AB220303B52328DCDA569EBAE4D1D1CCFB65\Blob = 03000000010000001400000093e6ab220303b52328dcda569ebae4d1d1ccfb6509000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030306082b060105050703040b000000010000004e000000570065006c006c007300200046006100720067006f00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f007200690074007900000053000000010000002400000030223020060a6086480186fb7b83740930123010060a2b0601040182373c0101030200c02000000001000000e9030000308203e5308202cda003020102020439e4979e300d06092a864886f70d0101050500308182310b300906035504061302555331143012060355040a130b57656c6c7320466172676f312c302a060355040b132357656c6c7320466172676f2043657274696669636174696f6e20417574686f72697479312f302d0603550403132657656c6c7320466172676f20526f6f7420436572746966696361746520417574686f72697479301e170d3030313031313136343132385a170d3231303131343136343132385a308182310b300906035504061302555331143012060355040a130b57656c6c7320466172676f312c302a060355040b132357656c6c7320466172676f2043657274696669636174696f6e20417574686f72697479312f302d0603550403132657656c6c7320466172676f20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100d5a8333b26f934ffcd9b7ee50447ce00e27d77e731c22e27a54d68b931ba8d435997c773aa7f3d5c409e05e5a1e289d94cb83f9bf90cb4c862192c45ae911e737141c44b13fd70c225ac22f5750bb753e4a52bddcebd1c3a7ac3f7138f26549c166b6baffbd896b1609a48e02522247934ce0e26000b4eabfd8bce82d72f087068c1a80af9744f07aba4f9e2837e2773743eb8f93842fca5a85b4823b3ebe325b280ae96d40a9cc2789ac66818ae3762375e5175a85863c051ee40787ea8af1aa0e1b0789d508c7be7b3fc8e23b0db65007084010800146e54869abaccf93710f6e0de842d9da48537d387e315d0c117907e19216a12a976fd1202e94f215e170203010001a361305f300f0603551d130101ff040530030101ff304c0603551d20044530433041060b6086480186fb7b8707010b3032303006082b060105050702011624687474703a2f2f7777772e77656c6c73666172676f2e636f6d2f63657274706f6c696379300d06092a864886f70d01010505000382010100d227dd9c0a772bbb22f202b54a4a91f9d12dbee4bb1a68ef0ea400e9eee7efeef6f9e574a4c2d85258c474fbce6bb53b2979185aef9bed1f6b36ee48252514b656a210e8eea77fd03fa3d0c35d26ee07ccc3c12421871edf2a12536f4116e7edae94fa8c72fa1347f03c7eae7d113a13ecedfa6f72647b9d7d7f26fd7afb25adea3e297f4ce3005732b0b3e9ed5317d98bb2140e30e8e5d513c664afc400d5d85824fcf58fecf1c77da5db0f27d1c6f24088e61ff661a8f442c8b937d3a9be2c5678c2729b595d35408ae84e631ab6e9206a51e2cea490df7670995c70434db7b6a719644e92b7c5913c7f4816657b16fdcbfcfbd9d5d64f21653b4a7f47a3fb updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\58119F0E128287EA50FDD987456F4F78DCFAD6D4\Blob = 53000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b0000000100000014000000550053004500520054007200750073007400000009000000010000000c000000300a06082b0601050507030103000000010000001400000058119f0e128287ea50fdd987456f4f78dcfad6d42000000001000000620400003082045e30820346a003020102021044be0c8b500021b411d32a6806a9ad69300d06092a864886f70d0101050500308193310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311b30190603550403131255544e202d2044415441436f727020534743301e170d3939303632343138353732315a170d3139303632343139303633305a308193310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311b30190603550403131255544e202d2044415441436f72702053474330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfee5810a22b6e55c48ebf2e4609e7e0080f2e2b7a13941bbdf6b6808e650593001ebcafe20f8e190d1247ecacada3fa2e70f8de6efb5642159e2e5cef23de21b9057627190f4fd6c39cb4be941963f2a6110aeb53489cbef2293b16e81aa04ca6c9f4185968c070f25300c05e5082a5566f36f94ae04486a04d4ed6476e494acb67d7a6c405b98e1ef4fcffcde736e09c056cb2332215d0b4e0cc17c0b2c0f4fe323f292a957bd8f2a74e0f547ca10d80b30903c1ff5cdd5e9a3ebcaebc478a6aae71ca1fb12ab85f42050bec4630d1720bcae9566df5efdf78be61bab2a5ae044cbca8ac691597bdefebb48cbf35f8d4c3d1280e5c3a9f7018332077c4a2af0203010001a381ab3081a8300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e041604145332d1b3cf7ffae0f1a05d854e92d29e451db44f303d0603551d1f043630343032a030a02e862c687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d44415441436f72705347432e63726c302a0603551d250423302106082b06010505070301060a2b0601040182370a030306096086480186f8420401300d06092a864886f70d01010505000382010100273597008a8b28bdc633301e29fce2f7d598d440bb60cabfab172c09367f50fa41dcae963a0a233e8959c9a307ed1b37adfc7cbe51495ade3a0a54081645c299b187cd8c68e06903e9c44e98b23b8c16b30ea00c98509b93a97009c82ca38fdf02e4e0713af1b42372a0aa01dfdf983e1450a03126bd28e95a302675f97b601c8df3cd50266d04279adfd50d4547296b2ce676d9a9297d32ddc9363cbdae35f1119e1dbb903f12474e8ed77e0f62731d5226381c1849fd30749ac4e5222fd8c08ded917a4c008f727f5ddadd1b8b456be7dd6997a8c5564c0f0cf69f7a9137f69782e0dd7169ff763f604d3ccff799f9c657f4c9553978ba2c79c9a6882bf408 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\C73026E325FE21916B55C4B53A56B13DCAF3D625 updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 0b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d0049002900000009000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b0601050507030903000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e820000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2E14DAEC28F0FA1E8E389A4EABEB26C00AD383C3\Blob = 0b0000000100000016000000430065007200740069006e006f006d00690073000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070300000001000000140000002e14daec28f0fa1e8e389a4eabeb26c00ad383c32000000001000000a00500003082059c30820384a003020102020101300d06092a864886f70d01010505003063310b300906035504061302465231133011060355040a130a43657274696e6f6d697331173015060355040b130e30303032203433333939383930333126302406035504030c1d43657274696e6f6d6973202d204175746f726974c3a920526163696e65301e170d3038303931373038323835395a170d3238303931373038323835395a3063310b300906035504061302465231133011060355040a130a43657274696e6f6d697331173015060355040b130e30303032203433333939383930333126302406035504030c1d43657274696e6f6d6973202d204175746f726974c3a920526163696e6530820222300d06092a864886f70d01010105000382020f003082020a02820201009d859f86d3e3afc7b26b6e33e09eb74234559df981be63d823760e9754cd994c1af139c788d817500c9e61dac04e55dee75ab87a4e77870de5b8ebfa9e5e7b1ec4cf2874c793f514c6222804f991c3ab27736a0e2e4df32e281f70df552f4eedc7716f09722eedd53297d0f15877d160bc4e5edb9a84f64761452bf650a67f6a71274884359eacfe69a99e7a5e3525fab4a749357796a7365be1cddf2370d85d4ca50883f1a6243813a8ec2fa8a167c7a62d8647ee8afcec9b0e74f42b49027b90758cfc99390139d64a89e59e76ab3e962838268bdd8d8cc0f6011e6fa53112387d95c271eeed74aee436a24375d5f1009be2e4d7cc42034b787ae57dbbb8ae2e2093d3e461df71e17667973fb6df6a735a6422e542dbcf810393d8f4e310e072f60070acf0c17a0f057fcf346945b593e419db52162305890e8d48e4256fb378bf62f507fa9524c296b2e8a323c25d03fcc3d3e57cc97523d7f4f5bcdee4dfcd80bf91887da713b439ba2cbabdd16bccf3a528ed449e7d52a36f962e197e1cf35bc7168ebb607d77664754820011606c32c1a8381beb6e9813d6ee38f5f09f0eeffe3181c1d224952f537a69a2f00f86458e58822b4c22d45ea0e77d262748df25468d4a287c869ef99b1a59b965bf05ddb6425d3de60048825e20f71182decad89fe63747261eeb78f761c34164580241f9dae0d1f8f9e8fd5238b6f589df0203010001a35b3059300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604140d8cb661da44b8d1147dc3be7d5e48f0ceca6ab030170603551d200410300e300c060a2a817a01560202000101300d06092a864886f70d01010505000382020100243e60067e1def3a3edbeaaf1c9a2c010bf4c5b5d94931f45d418d890c4eff6ca2fdffe206c8399ff15aa9dd225815a88ad3b1e6320982036cd73f08c7f8b9ba006db9d6fc52325da47fa43194bbb64c387f283035ff9f2353b7b6ee147000402bda47ab347e5ea75630612b8b43acfdb68828f56bb63e604aba429034678deaeb5f45543b17ac8be4c6650feed08c5d6639ce32a7d81097c07e349c9f94f3f6861fcf1b73ad9479876870c333a570e7d8d538946f6379ebbf0a0e08e7c52f0f42a02b1440ff21e005c527e1841113bad6861d410b132389d3c90be88aba7aa3a3733735807d12b833774038c0fa5e30d2f2b6a3b1d6a29597819b52ed694cff80e453db545b036d545fb1b8ef24bd6f9f11c3c764c20f286285665e1a7bb2b7efae35c91933a8b827db3355bf68e175484456fbcdd348bb47893aac69f580c6e444502f54c4aa43c5313158bd96c5ea756c9a75b14df8f797ff9616f2974de8f6f311f93a7d8a386e04cbe1d34515aaa5d11d9d5d63e824e63614e287ad1b59f5449bfbd7777c1f017062a1201aa2c51a28f42103ee2ed9c180eab9d982d65b76c2cb3bb5d200f0a30ee1ad6e40f7dba0b4d046ae15d744c24d35f9d20bf217f6ac66d524b24fd11c99c06ef57deb7404b8f94d7709d7b4cf073009f1b80056d91716160a2b86df8f01191ae5bb8263ffbe0b76165e3737e6d87497a2994579 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\31E2C52CE1089BEFFDDADB26DD7C782EBC4037BD updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CEA9890D85D80753A626286CDAD78CB566D70CF2\Blob = 030000000100000014000000cea9890d85d80753a626286cdad78cb566d70cf2090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b000000010000000e00000041004e00460020004100430000002000000001000000a10600003082069d30820585a003020102020301344b300d06092a864886f70d01010505003081d9310b30090603550406130245533112301006035504080c0942617263656c6f6e613147304506035504070c3e42617263656c6f6e6120287365652063757272656e7420616464726573732061742068747470733a2f2f7777772e616e662e65732f616464726573732f2931283026060355040a0c1f414e46204175746f7269646164206465204365727469666963616369c3b36e31173015060355040b0c0e414e4620436c617365203120434131123010060355040513094736333238373531303116301406035504030c0d414e4620536572766572204341301e170d3039313133303233303030305a170d3231313133303233303030305a3081d9310b30090603550406130245533112301006035504080c0942617263656c6f6e613147304506035504070c3e42617263656c6f6e6120287365652063757272656e7420616464726573732061742068747470733a2f2f7777772e616e662e65732f616464726573732f2931283026060355040a0c1f414e46204175746f7269646164206465204365727469666963616369c3b36e31173015060355040b0c0e414e4620436c617365203120434131123010060355040513094736333238373531303116301406035504030c0d414e462053657276657220434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bfea48a79a88396b2c48400704937cf7b82d7ea537e261d621fc9037cb693e5e8b37df5b6f3bd8b6c3884090f49d0c5c1052b1b3e55f9110e6fda880145fd38bbd5cbd0f23920937e372d266940b5c74942f5ef24ed803c6b3ce56a51cd97bfd4f074cd4b7da5f294d75f21f55cf32231c4609271d45ecf18c3489de7b16a7435e8a2be994431ed73e936d6f893dbceeb1c8b7ffc97de35f0d6f7778f52a2e8dc48b989730b1465a0b6370d478c786b37fff2742aa9f8a6e6da194caec87021cd6544bfdbc899ba66338668c16898997c350e8f64201a7777d10199203e85d45c815c5871b0d91f2c6399c7bf3c00a99f8ee836f7e4277118ec31f1c722f3d1b0203010001a382026a30820266301d0603551d0e04160414be3bf6b431b773244839c557139475aa9f813f2c308201090603551d23048201003081fd8014be3bf6b431b773244839c557139475aa9f813f2ca181dfa481dc3081d9310b30090603550406130245533112301006035504080c0942617263656c6f6e613147304506035504070c3e42617263656c6f6e6120287365652063757272656e7420616464726573732061742068747470733a2f2f7777772e616e662e65732f616464726573732f2931283026060355040a0c1f414e46204175746f7269646164206465204365727469666963616369c3b36e31173015060355040b0c0e414e4620436c617365203120434131123010060355040513094736333238373531303116301406035504030c0d414e4620536572766572204341820301344b300c0603551d13040530030101ff300e0603551d0f0101ff0404030201063031060a2b06010401818f1c2a0604231b2168747470733a2f2f7777772e616e662e65732f41432f41435441532f37383932333018060a2b06010401818f1c1301040a1b083830312d33343030303806082b06010505070101042c302a302806082b06010505073001861c687474703a2f2f7777772e616e662e65732f41432f52432f6f63737030630603551d1f045c305a302ba029a027862568747470733a2f2f7777772e616e662e65732f41432f414e4653657276657243412e63726c302ba029a027862568747470733a2f2f63726c2e616e662e65732f41432f414e4653657276657243412e63726c30160603551d12040f300d810b696e666f40616e662e657330160603551d11040f300d810b696e666f40616e662e6573300d06092a864886f70d01010505000382010100b5c6c7bc46fa425c13c194753356bf2fa70773ec37e34374eaf9664f5e8d7ff0e679c34df5d938a5ccca43f4538086bfbcd0115d90c4c24047ebc58793c1b6785e9aae87f56210594c4c6d06be991315b3b3fa1c727ee022210158353868a2e4f8e1f0f0365091e0b477dc6384339260b8cb16f2d2633b4c5c353ae7ac0253c51c810177c71c111f5430ef548f25fa89279434a30f144f6fe973d91862e7ee08e8c9837bc8339b7c449a7c1a90b5d27189df3df41c4f4e51e0c96bb6aa0b1ed9300fd363d5ed70f4c183ed06459aa8eab48937fd5a3747ef9179a735fff0dc30ed0d1467db7c5ae08f6d33fe3c9e1533c3c32d0e5daa7c0d8e31964d8bff05d5 updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c5436090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080b00000001000000120000004400690067006900430065007200740000002000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6A6F2A8B6E2615088DF59CD24C402418AE42A3F1 updroots.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B19DD096DCD4E3E0FD676885505A672C438D4E9C updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E621F3354379059A4B68309D8A2F74221587EC79 updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7E206939CC5FA883635F64C750EBF5FDA9AEE653\Blob = 0b00000001000000740000004100750074006f0072006900640061006400200043006500720074006900660069006300610064006f007200610020005200610069007a0020006400650020006c006100200053006500630072006500740061007200690061002000640065002000450063006f006e006f006d0069006100000009000000010000004a000000304806082b0601050507030106082b0601050507030206082b06010505070304060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802020300000001000000140000007e206939cc5fa883635f64c750ebf5fda9aee6532000000001000000c8050000308205c4308204aca003020102020103300d06092a864886f70d01010505003082014b31183016060355042d030f005345432d3833303130312d395639311730150603550407130e416c7661726f204f627265676f6e3119301706035504081310446973747269746f204665646572616c310b3009060355040613024d58310e300c060355041113053031303330311d301b06035504091314496e73757267656e74657320537572203139343031423040060355040313394175746f726964616420436572746966696361646f7261205261697a206465206c6120536563726574617269612064652045636f6e6f6d696131343032060355040b132b446972656363696f6e2047656e6572616c206465204e6f726d6174697669646164204d657263616e74696c311f301d060355040a1316536563726574617269612064652045636f6e6f6d69613124302206092a864886f70d010901161561637273654065636f6e6f6d69612e676f622e6d78301e170d3035303530393030303030305a170d3235303530393030303030305a3082014b31183016060355042d030f005345432d3833303130312d395639311730150603550407130e416c7661726f204f627265676f6e3119301706035504081310446973747269746f204665646572616c310b3009060355040613024d58310e300c060355041113053031303330311d301b06035504091314496e73757267656e74657320537572203139343031423040060355040313394175746f726964616420436572746966696361646f7261205261697a206465206c6120536563726574617269612064652045636f6e6f6d696131343032060355040b132b446972656363696f6e2047656e6572616c206465204e6f726d6174697669646164204d657263616e74696c311f301d060355040a1316536563726574617269612064652045636f6e6f6d69613124302206092a864886f70d010901161561637273654065636f6e6f6d69612e676f622e6d7830820122300d06092a864886f70d01010105000382010f003082010a0282010100c164a0f4e75270b2ea9313f4353a1fea3a1cc51b8b58e196d602415e8e8540ff41664053fc98b5d13232976740809dee203f0e54fb4207fb771a99d886f41c2a8825f3e944a34efe07beb1c8ef3c8d87e01eca49103b28ef2451a1fc88174ae71cc8546763e86a31e6436cf6401186c456eebdc91da6463c1e46c2828d2ea9e8ee760a43e0724d8cf4c506fa2c01003360ce3870346b171aeb7a6461a793a4656ad723c7767a94510bec9ea8cf3ba250321c42bd63e187cbb985480ec0d558b6f6ce4bf207cfe304d51fc2d6a36ea3bbb6b76ec4f1a21f16bcb62db0eff45a9b298dbce1fc075b1e09338278cc406d71b363132fd34c36ac394fc6c1b0b6f5850203010001a381ae3081ab302f0603551d1f042830263024a022a020861e61637273652e65636f6e6f6d69612e676f622e6d782f6c6173742e63726c30460603551d20043f303d303b060b6086480186f84501070101302c302a06082b06010505070201161e61637273652e65636f6e6f6d69612e676f622e6d782f6370732e68746d6c300f0603551d130101ff040530030101ff300c0603551d0f04050303070600301106096086480186f8420101040403020007300d06092a864886f70d01010505000382010100c0def5622daea48d311fa77f1479bbd922c8982e8b201d069e5c600a4e7ededf9c133625f889931c9d1de1260a577f4ffddeb21eaa4f23eede3fccf2994417be55af168eb488c696785eff87025b08bce0a7ca6d7ff76f203ba6342a31661adb395c0d0734bec7b81613d10e9b00d8c4b5fba0e9eab7d2e26b9828910432c58274cebc39cb97cc766aef65d83edd72d6105e6d41b8d58814b19788481de20b54d368accb767d0a1ab64886e04cdeae4e78c45d3779eb7223debe95a6850e5cb11cb38105729d162841f805d9973e96fee7e3f3dcf716b40ebffdca1452927d09dbdbd4038c8d3cd8c58bad9cec5300ab402103aedb2fde01028cf4482565e40a updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CB44A097857C45FA187ED952086CB9841F2D51B5\Blob = 030000000100000014000000cb44a097857c45fa187ed952086cb9841f2d51b5090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b000000010000001c00000043006f006d006d006f006e00200050006f006c0069006300790000002000000001000000a5030000308203a130820289a0030201020210293647aae38aac864a2356f2cab761af300d06092a864886f70d0101050500304e310b300906035504061302757331183016060355040a130f552e532e20476f7665726e6d656e74310d300b060355040b130446424341311630140603550403130d436f6d6d6f6e20506f6c696379301e170d3037313031353135353830305a170d3237313031353136303830305a304e310b300906035504061302757331183016060355040a130f552e532e20476f7665726e6d656e74310d300b060355040b130446424341311630140603550403130d436f6d6d6f6e20506f6c69637930820122300d06092a864886f70d01010105000382010f003082010a0282010100978dbd3327e4ad5bfb78bd2f47476ec778e9939ca4dec91cfd2f1b3938ac4717c07e7729003b031f680fcd4da5ee77b82c626b31f6fa72097d3029067ce77ca33d84188a1dae2c92a81fe85e4f8d8eeb3f1af89c0a679db0674df02ed030dec394b0a0cf2e0a347f5409d336bda449575273e99dfee44879461b5b8d32e4a54864f3220d929d0815bf603c83f747222522ad2971b777ef17c9a2b6945ec83090a414485c56570b414c05d42a4c3fae129b591175700722692d2cd331cc927ecccda47e9447aa9c0908f64baf52e86a4091c555bd40b1c86d57869517e61f73be472e3e8b4c17b9b9251ca55217360859c042be0a2bb456513c1b55c98c9077eb0203010001a37b3079300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604142f5897d8a90598a5561ffbd9ab75ef023c3634c7301206092b060104018237150104050203010001302306092b06010401823715020416041476b76096dd145629ac7585d37063c1bc47861c8b300d06092a864886f70d0101050500038201010060aef348164072a60888c9bc472c244b5da09173ed657890f067907aa5bf0aadb62af99967df83c5771f340938f97e9e41e04860fee2aa5d8788ea88fd5c45b2c96ada7da4adb14fbf1c0d9f1e9ac0d51473382b8a78406e30f762e1cd99fc5169676c11ddb810a368de26a556fd366c37986cfbee7c3c6c6b703ff74837098f0b4281ad4646b80b8306f41b38a07f4fcd0bef838987971c8a3067dcfd54a1037e01cb854cb10b29c3beec7ce13f0f09523c2fa79a48fe37e9110658e136418ac4b6bf8eddce4ab3bc1ac0cdfa1a99d2719bfacfbcf2c454a3883576cc1b2c466f0cb4d1c36176927411ea4b808d1c89118bec5bff17c948fce7e00611e2845e updroots.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\204285DCF7EB764195578E136BD4B7D1E98E46A5 updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0456F23D1E9C43AECB0D807F1C0647551A05F456\Blob = 0b00000001000000540000004e004c00420020004e006f007600610020004c006a00750062006c006a0061006e0073006b0061002000420061006e006b006100200064002e0064002e0020004c006a00750062006c006a0061006e0061000000090000000100000056000000305406082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a0304060a2b0601040182370a030c06082b060105050703090300000001000000140000000456f23d1e9c43aecb0d807f1c0647551a05f4562000000001000000bb030000308203b73082029fa00302010202043ec3868e300d06092a864886f70d0101050500301d310b3009060355040613025349310e300c060355040a130541434e4c42301e170d3033303531353131353234355a170d3233303531353132323234355a301d310b3009060355040613025349310e300c060355040a130541434e4c4230820122300d06092a864886f70d01010105000382010f003082010a0282010100bf76753d0c7c403a665f4d8cfbdd3c2efe7d9464ed4ad44948a1ee9171b279c88e2b1faaf032b428b2a3c2754fa4e9a61af6a266612327612c6e17900bfade1e71520229049979acc0b0c066989811376410cf9cbc3b421c295c5590f67a224e56af3768bf743a6c3cc698cc6021bfe20827e4d92bbce38495d7d42460fc7e2d2f9d21eb9d91c6bba4d1ebc912ada3e8c8b57f554beb990254c4811c0cae39e46a7a05d84e70a0fa0377b3aed8b81492fb417713356ab7a2ca884bad2d51bc769a6cbb40bde7244c22a6e6fd4e087b9d0b10d612d2a6c6a16432f401739681e248b0c128633d3be767ac6ec514f51713a29c1f2b57f01527755dddb134d693110203010001a381fe3081fb301106096086480186f8420101040403020007303f0603551d1f043830363034a032a030a42e302c310b3009060355040613025349310e300c060355040a130541434e4c42310d300b0603550403130443524c31302b0603551d1004243022800f32303033303531353131353234355a810f32303233303531353132323234355a300b0603551d0f040403020106301f0603551d23041830168014ccbbbb86d66ff8beb4472277b3b6add70159964d301d0603551d0e04160414ccbbbb86d66ff8beb4472277b3b6add70159964d300c0603551d13040530030101ff301d06092a864886f67d0741000410300e1b0856362e303a342e3003020490300d06092a864886f70d010105050003820101001167cbcb9a6b2021dd6f6983d53f0dba9315974e7076265ce89e24e737fe3c50f4d4f92a2f0c13a15d04bcd0b0e9c203178505613dc0a7aa764cc3b83a83a986cf03f9770e2bb23d761b65d16a716071dbbbb87a8ef2f92183f8574ca8c7dd65c6eeef6fb3b699bbb4c3d0ab5fb2a07edd74212cc35aeb8da1cad8f0c817ed76ba84636e5bb9b5ca6dd7fc3439802fba4fdf8dd8fc18c43c8a352f778296ad209218b2e736f4ae3274b847d1d80fd82ccb6ac20075f92cf8420ecbfe7393a98fe1c7ae2137f3cab90cb4e7897e711c563420c3f134b9554bd35352f1072d2b3e5b19409f10edd32933c5af0f105687da3bc8b1ed38d919fb4bf0502da4cdd458 updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\253F775B0E7797AB645F15915597C39E263631D1\Blob = 0b00000001000000240000004200490054002000410064006d0069006e002d0052006f006f0074002d00430041000000090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b06010505080202030000000100000014000000253f775b0e7797ab645f15915597c39e263631d1200000000100000059050000308205553082043da00302010202043bf381d0300d06092a864886f70d0101050500306c310b3009060355040613026368310e300c060355040a130561646d696e3111300f060355040b1308536572766963657331223020060355040b131943657274696669636174696f6e20417574686f726974696573311630140603550403130d41646d696e2d526f6f742d4341301e170d3031313131353038353130375a170d3231313131303037353130375a306c310b3009060355040613026368310e300c060355040a130561646d696e3111300f060355040b1308536572766963657331223020060355040b131943657274696669636174696f6e20417574686f726974696573311630140603550403130d41646d696e2d526f6f742d434130820122300d06092a864886f70d01010105000382010f003082010a0282010100cbe0af441422fe6a1749f25d9dcf5c02620b80b95abfa855337ba312245e4c6f3b41894e833d9fb3952634a6cc12f4cc9d875e3d0c0d172f85263e2a265973a1a8bc3bebe546b8f3597b20b15e40016dba67b36bebefc5e2f935dd0c6a06b69a289a70b3402976c07146116b43afe55641fbe61c39834db7f6a2b166c9a80db2f077be36c1202732b9ccd75acaf61741364dfbbb5581639c935e836b7fb81577727c7d4d096b5995e6ed30ab4446d91501a55b8965b6e028d92808957e0823b222e8df254c3c68f76ee74bc790fd844126be5c833ad72379b71af80719825a6958c5ff88722bc7bef8d32d3377a71612a88b21c642ae7a64aff2b3c0ed77e4690203010001a38201fd308201f9300f0603551d130101ff040530030101ff3081990603551d2004819130818e30818b06086085740111030100307f302b06082b06010505070202301f1a1d54686973206973207468652041646d696e2d526f6f742d434120435053305006082b060105050702011644687474703a2f2f7777772e696e666f726d6174696b2e61646d696e2e63682f504b492f6c696e6b732f4350535f325f31365f3735365f315f31375f335f315f302e706466307f0603551d1f047830763074a072a070a46e306c311630140603550403130d41646d696e2d526f6f742d434131223020060355040b131943657274696669636174696f6e20417574686f7269746965733111300f060355040b13085365727669636573310e300c060355040a130561646d696e310b3009060355040613026368301d0603551d0e04160414829ffa237320f1978bb24c4dbe42c57f66cd64e83081990603551d2304819130818e8014829ffa237320f1978bb24c4dbe42c57f66cd64e8a170a46e306c310b3009060355040613026368310e300c060355040a130561646d696e3111300f060355040b1308536572766963657331223020060355040b131943657274696669636174696f6e20417574686f726974696573311630140603550403130d41646d696e2d526f6f742d434182043bf381d0300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100784f7a5c2611a72eae9a43ca5c3582467ec8368f7a66b5a932081c0ce46ea1f1c8c1d4e480e78cbd63b10cdff2b93ec20b71406946a36cf45b0f0d2144c72a2b3d1a0bc0a0c1cc88ca1c3fac52b6f667cd4c6dc4be23fd412b046e77a51678e99b5c23cf811a0621636adc2951b23af99bf75db12df50417067f9ce837852dee31bc2e01f8c4eb6b8e34c53939f69498bb1f0e1e112fa88c070a48a28c6a998534b72a6185781a29691f9d25505104ca17c339380771e7d1989bd5d1181596bce2f3c9672bf109b2ce9cf4432601fa576b90a9b1bee835d569fff039154ebc5ff0cf3bf4be233f4566c4b4965dbe8f0ddec76d0942f389f9f13ff5744fdfb865 updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\9FAD91A6CE6AC6C50047C44EC9D4A50D92D84979\Blob = 0b0000000100000030000000540068006100770074006500200053006500720076006500720020004300410020002800530048004100310029000000090000000100000020000000301e06082b0601050507030106082b0601050507030306082b060105050703080300000001000000140000009fad91a6ce6ac6c50047c44ec9d4a50d92d84979200000000100000026030000308203223082028ba003020102021034a4fff630af4ca53c331742a1946675300d06092a864886f70d01010505003081c4310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311d301b060355040a131454686177746520436f6e73756c74696e6720636331283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3119301706035504031310546861777465205365727665722043413126302406092a864886f70d01090116177365727665722d6365727473407468617774652e636f6d301e170d3936303830313030303030305a170d3231303130313233353935395a3081c4310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311d301b060355040a131454686177746520436f6e73756c74696e6720636331283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3119301706035504031310546861777465205365727665722043413126302406092a864886f70d01090116177365727665722d6365727473407468617774652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d3a4506ec8ff566be6cf5db6ea0c687547a2aac2da8425fca8f44751da85b5207494861e0f75c9e90861f5066d306e151902e952c062db4d999ee26a0c4438cdfebee3640970c5feb16b29b62f49c83bd427042510972fe7906dc0284299d74c43dec3f5216d549f5dc358e1c0e4d95bb0b8dcb47bdf363ac2b5662212d6870d0203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d010105050003818100be4069416fc6dbc1a7bf07c045e4d0b5431e4c953335e95ec23e28f6a80d50d5ffe20c0ffc50028eae91b9ad348a8d9f2771aa19cc4be804cad4176b121ad6c65fd6cd5eff8976bfd848d859bd088a891d57cd451e52ba129a84fa18895fe8f930356a0160b9998083850a6edaf4c98f5e732d314a63a074f21f8b22d2293eeb updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\971D3486FC1E8E6315F7C6F2E12967C724342214 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CC7EA292AF8715D74CA4B415F320154B24F565FD updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\90DECE77F8C825340E62EBD635E1BE20CF7327DD updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7A74410FB0CD5C972A364B71BF031D88A6510E9E\Blob = 0300000001000000140000007a74410fb0cd5c972a364b71bf031d88a6510e9e090000000100000016000000301406082b0601050507030406082b060105050703010b0000000100000024000000440053005400200028004100420041002e00450043004f004d00290020004300410000002000000001000000b9030000308203b53082029da003020102021100d01e4090000046520000000100000004300d06092a864886f70d0101050500308189310b3009060355040613025553310b3009060355040813024443311330110603550407130a57617368696e67746f6e31173015060355040a130e4142412e45434f4d2c20494e432e31193017060355040313104142412e45434f4d20526f6f742043413124302206092a864886f70d010901161561646d696e4064696773696774727573742e636f6d301e170d3939303731323137333335335a170d3039303730393137333335335a308189310b3009060355040613025553310b3009060355040813024443311330110603550407130a57617368696e67746f6e31173015060355040a130e4142412e45434f4d2c20494e432e31193017060355040313104142412e45434f4d20526f6f742043413124302206092a864886f70d010901161561646d696e4064696773696774727573742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b1d311e079554307084ccb054200e20d83463de493bab606d30d59bd3ec1ce4367018a21a8efbcccd0a2ccb055965384660500da444980d8540aa5258694ed6356ff706ca3a119d278be682a445e2fcfcc185e47bc3ab1463d1ef0b92c345f8c7c4c08299d4055eb3c7d83deb5f0f78a830ea14cb43aa5b35f5a2297ec199bc10568fde6b7a991942ce47848241a25193aeb959c390a8acf42b2f01cd55ffb6bed68567b392c7238b0ee93a9d37b773ceb7103a9384a166c892acada331379c2558ced9cbbf2cb5b10f82e6135c6294c2ad02a63d16559b4f8cdf9f40084b65742859d32a8f92a54fbff7841bcbd7128f4bb90bcff963404e3459ea1462840810203010001a316301430120603551d130101ff040830060101ff020108300d06092a864886f70d01010505000382010100046f2586e4e69627b4d942c0d0c900b17f543e87b26d24a92f0a7efda444b0f85407bd1b9d9dca7b50247b115b49a3a6bf1274d589b7b72f98642514b761e97f60806bd364e8abbd1ad651fac0b45d771a7f64085e79c6054cf17add4d7dcee6487b54d2619281d61bd600f00e9e2877a04d88c7227619c3c79e1ba67778f85f9b56d1f0f217ac8e9d59e61ffe57b6d95ee15d9f45ec61681941e1b22026fe5a307624ff40723c799f7c2248ab46cddbb3862c8fbf0541d3c1e314e3411726d07ca7714c19e84a0f7258317dec607aa32228bd1924603f3b8773c06be4cbaeb7ab2543b2552d7bab060e755d34e55d736d9eb27540a559c94f317188d9887f54 updroots.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\720FC15DDC27D456D098FABF3CDD78D31EF5A8DA updroots.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\FAA7D9FB31B746F200A85E65797613D816E063B5\Blob = 0b0000000100000022000000560052004b00200047006f0076002e00200052006f006f0074002000430041000000090000000100000020000000301e06082b0601050507030106082b0601050507030206082b06010505070304030000000100000014000000faa7d9fb31b746f200a85e65797613d816e063b520000000010000001e0400003082041a30820302a00302010202030186a0300d06092a864886f70d01010505003081a3310b30090603550406130246493110300e0603550408130746696e6c616e643121301f060355040a131856616573746f72656b6973746572696b65736b757320434131293027060355040b132043657274696669636174696f6e20417574686f7269747920536572766963657331193017060355040b13105661726d656e6e6570616c76656c7574311930170603550403131056524b20476f762e20526f6f74204341301e170d3032313231383133353330305a170d3233313231383133353130385a3081a3310b30090603550406130246493110300e0603550408130746696e6c616e643121301f060355040a131856616573746f72656b6973746572696b65736b757320434131293027060355040b132043657274696669636174696f6e20417574686f7269747920536572766963657331193017060355040b13105661726d656e6e6570616c76656c7574311930170603550403131056524b20476f762e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100b08515dac80337d0a346376c1b1e9630c25a85126723f2bb9fe78a816027f813a93cbcf786aaaaf4f32529b4fe75ae1e81868a05b21d65b238e8b4cc289afb1736f193d579cec1838b214fc30dad41df789d48e31f4244fc3c6d21206bad228424428f174dc2501f64cd2d39225688fdb2639d54da4269c0c84fd718e23ec86984943d2c80c67ccebdd7531feb88b9a6cbbb8557ef57765d0c8bd35e12419f21c039f4266d08fa38b3a177b1ee16d8d068dab498a5a065464a6b8d7eaa4d60b8f8c80dfc713eee398781b4d9f86e90ee3f0e61d71d2b68e62ee1424426782c58f27d167f61c049242a8987b65d2f2919f8a6e78e529e414b5a0eaab8c26642530203010001a3553053300f0603551d130101ff040530030101ff301106096086480186f8420101040403020007300e0603551d0f0101ff0404030201c6301d0603551d0e04160414dbe9e19bd2d1240bfcabe3a067eaae9c4b77f4b0300d06092a864886f70d01010505000382010100ad7d480f54119e58eeaf0d9b122f21a4cd9bba8447e6c9255523e3df18582a2cdb5ef7cd54f551247b6267e1b11f49af34d0ebb1ccd9a20d527f424b886097cf2572b74f292d629f4fa1c05557560ec46897911f9c64c2293201e9d4c8dab88198282e18c72cfceb9b5296dff4c890192d23f3f1bb71da9e8523bd1aef2ee47a79b7c39d86492d63b92d74cf650f326689df3b21ee296f3963d915c16ef6df803e5078198add03a314a537a7b52c7cb61187e705f2bcb6ded4ff97812884fefe6c468510419f4d758c07d499676f758a6fe45092f699d510b8c4a97bf7178d4bbfd7959f09dc440f1e32c3c0cfd3790de4c73b87f09034882162499204041fbc updroots.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1968 11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
description pid Process Token: SeRestorePrivilege 2728 KB931125.exe Token: SeRestorePrivilege 2728 KB931125.exe Token: SeRestorePrivilege 2728 KB931125.exe Token: SeRestorePrivilege 2728 KB931125.exe Token: SeRestorePrivilege 2728 KB931125.exe Token: SeRestorePrivilege 2728 KB931125.exe Token: SeRestorePrivilege 2728 KB931125.exe -
Suspicious use of WriteProcessMemory 35 IoCs
description pid Process procid_target PID 1968 wrote to memory of 2728 1968 11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe 29 PID 1968 wrote to memory of 2728 1968 11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe 29 PID 1968 wrote to memory of 2728 1968 11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe 29 PID 1968 wrote to memory of 2728 1968 11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe 29 PID 1968 wrote to memory of 2728 1968 11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe 29 PID 1968 wrote to memory of 2728 1968 11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe 29 PID 1968 wrote to memory of 2728 1968 11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe 29 PID 2728 wrote to memory of 2916 2728 KB931125.exe 30 PID 2728 wrote to memory of 2916 2728 KB931125.exe 30 PID 2728 wrote to memory of 2916 2728 KB931125.exe 30 PID 2728 wrote to memory of 2916 2728 KB931125.exe 30 PID 2728 wrote to memory of 2916 2728 KB931125.exe 30 PID 2728 wrote to memory of 2916 2728 KB931125.exe 30 PID 2728 wrote to memory of 2916 2728 KB931125.exe 30 PID 2728 wrote to memory of 1632 2728 KB931125.exe 31 PID 2728 wrote to memory of 1632 2728 KB931125.exe 31 PID 2728 wrote to memory of 1632 2728 KB931125.exe 31 PID 2728 wrote to memory of 1632 2728 KB931125.exe 31 PID 2728 wrote to memory of 1632 2728 KB931125.exe 31 PID 2728 wrote to memory of 1632 2728 KB931125.exe 31 PID 2728 wrote to memory of 1632 2728 KB931125.exe 31 PID 2728 wrote to memory of 1528 2728 KB931125.exe 32 PID 2728 wrote to memory of 1528 2728 KB931125.exe 32 PID 2728 wrote to memory of 1528 2728 KB931125.exe 32 PID 2728 wrote to memory of 1528 2728 KB931125.exe 32 PID 2728 wrote to memory of 1528 2728 KB931125.exe 32 PID 2728 wrote to memory of 1528 2728 KB931125.exe 32 PID 2728 wrote to memory of 1528 2728 KB931125.exe 32 PID 2728 wrote to memory of 2540 2728 KB931125.exe 33 PID 2728 wrote to memory of 2540 2728 KB931125.exe 33 PID 2728 wrote to memory of 2540 2728 KB931125.exe 33 PID 2728 wrote to memory of 2540 2728 KB931125.exe 33 PID 2728 wrote to memory of 2540 2728 KB931125.exe 33 PID 2728 wrote to memory of 2540 2728 KB931125.exe 33 PID 2728 wrote to memory of 2540 2728 KB931125.exe 33
Processes
-
C:\Users\Admin\AppData\Local\Temp\11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe"C:\Users\Admin\AppData\Local\Temp\11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe"1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1968 -
C:\Users\Admin\AppData\Local\Temp\KB931125.exe"C:\Users\Admin\AppData\Local\Temp\KB931125.exe" /Q2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2728 -
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe authroots.sst3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
PID:2916
-
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe updroots.sst3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
PID:1632
-
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -l roots.sst3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
PID:1528
-
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -d delroots.sst3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2540
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
73KB
MD5bb49ccc10926cdb601eba81afef749a2
SHA1a4766c9aea8d211e9632148fd4b625cece195be9
SHA256f013ee3b7fede9a95844e83e83ee298d38cba6efce5a5cafcd8b95255c32f86c
SHA51294c2809727039d1ed07a3742a4b2f9300e865ea7c49bc1fcf547a30238eeecc88d8dd06a2d4f3112317f948908b9af082b50f412a41a2bcb48d5e30d6d8ecbba
-
Filesize
9KB
MD57b32871e409608ff887b6cf4d87debb0
SHA1191f9ea1298ee52dbd6f977b3584109a064f57b9
SHA2563f01268547364d2d60a0f65b46757cccfd9225fc39d581846a8fbffdb5756ff2
SHA512534a384f7946db4083e639b8e02d83ac97293c60630b8811a84c85e0330e9c293f05f5cf71e0f3580551e7923bc5a3bfb7f0406432ca3cdb7efeb4a950ac5e8a
-
Filesize
7KB
MD59e5de0fd1f90486a66dee4bfe89a78d7
SHA190e3188ef63495aaa71c85d4ff0f23253c834b40
SHA2568b95ff56d61586582864d05563762615c8705779578dca3c98a303c3b1f4122e
SHA51260006fa6f57e4d280642d51055f85f8d27b913ce71373de5b928c515c77647295030ab73ab4a55024de4a40c18f200909f49ffb52c26cf554835fc3d4cc348f1
-
Filesize
1KB
MD5421e60325404f5f29ac04c9b9d59096b
SHA1aace2fd74d799e8af5c8d5b2646361bb67a1620c
SHA256571a8da5298aacc37700c747ee5d72b5a7797835140e7a4d4f895e9604574d77
SHA51286693975b1b187ee65b0a23b1f3f8e05d1a3f61e7e47b060f938fe1602bbad96021847b709e64c2d5a295b72f10f4db587a11a1e7ca0a0b64c3bed7fa683b1d2
-
Filesize
320KB
MD52d9b4498c847715418160bfd7e7c8a2d
SHA1e0873091d476d2566aa6fc988cb364247c95dc97
SHA256c49c05b701c390c679e5e3226ec621f22a08155b1065fcfc37b509f648f03b41
SHA512dcf3208cdd1e4353f82823f796d735c1209f149f183eea827a90753ec55509a1c460a16c120e07c12a5eacf0e67d2661c25638491ecf4403e25d6508983e519b
-
Filesize
89KB
MD5a64e4b204d44548eeb5c3d86eca2ad70
SHA1e3245bf6dbb2e56d71a9cbad2697aa4fa0df6bbe
SHA256985a5603ebf94539ac11549999f83b5e6dc008180994898c5daa6fd31ae1e9dc
SHA512dca4099318954bab5f1204645be0d0e8fea0c2e97ee95496fa884fbed627e376358623fa94c39bf0abe97d07d46a7e6c5e1081496cdd1987e07e595995a46cd5
-
Filesize
5KB
MD59c18ae971cbffb096952177f6804ea31
SHA1bb255dd1bd9bb39cdbb8671af66054432c686828
SHA2562703c25453b09c40ee81fdc458b8cc24712e387a12d15ff94e12b02921fe98cb
SHA51221086509bb4ea5afede55d034955de0bdf8b366d5d8d4bfa7a6c68b0f35fbf217ff3e932f87fc1d37f09022805e79ceeecbaf3dbccbd96d7c93029ffe7370e4c
-
Filesize
349KB
MD54a4d72d34f9da1fc5019e0748fcde2f5
SHA1f54752ec63369522f37e545325519ee434cdf439
SHA25683b660f3f3eaddd4b388ed3f806f7444f03429fb63fc1f8db3d86294914a05ca
SHA51295986ffbf51483a0d1a256028847c7ee6ac73ffd62f6d838309a69e1833f719a7cfed5422815f4d4a49dbd599c449f8db8f60273136720cb1da5f8b0eb24cb33
-
Filesize
238KB
MD58786d469338c30e0ba9fedfc62bd5197
SHA15fb12028ceae9772f938e1b98b699f0e02e32718
SHA256beeaf8b72f7008e9adabacfcd85e32a50747a0dfb5c86802aeb973bd1f5c3d2f
SHA5125db1e5b78e62cda81a63e8e712e720f87a7c7a539237a55a9098c076f9fb4e0b5adb83383c23657b4ccc90c117e55e3946a399cdf3d15cb94444b203d9d6c45c