Analysis Overview
SHA256
11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619
Threat Level: Likely malicious
The file 11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619 was found to be: Likely malicious.
Malicious Activity Summary
Modifies Installed Components in the registry
Loads dropped DLL
Executes dropped EXE
Writes to the Master Boot Record (MBR)
Checks installed software on the system
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-07 11:17
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-07 11:17
Reported
2024-05-07 11:20
Platform
win7-20240419-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ComponentID = "Windows Roots Update" | C:\Users\Admin\AppData\Local\Temp\KB931125.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A} | C:\Users\Admin\AppData\Local\Temp\KB931125.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ = "RootsUpdate" | C:\Users\Admin\AppData\Local\Temp\KB931125.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\IsInstalled = "1" | C:\Users\Admin\AppData\Local\Temp\KB931125.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Version = "28,0,2195,0" | C:\Users\Admin\AppData\Local\Temp\KB931125.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Locale = "*" | C:\Users\Admin\AppData\Local\Temp\KB931125.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\KB931125.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\LuDaShi\{1D5ACA73-5FA4-4329-AF43-98A22D86C232}.tf | C:\Users\Admin\AppData\Local\Temp\11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\INF\setupapi.app.log | C:\Users\Admin\AppData\Local\Temp\KB931125.exe | N/A |
Enumerates physical storage devices
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\40E78C1D523D1CD9954FAC1A1AB3BD3CBAA15BFC\Blob = 03000000010000001400000040e78c1d523d1cd9954fac1a1ab3bd3cbaa15bfc090000000100000020000000301e06082b0601050507030206082b0601050507030406082b060105050703030b000000010000000e0000007400680061007700740065000000200000000100000025030000308203213082028aa003020102020100300d06092a864886f70d01010405003081cb310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74696e6731283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3121301f0603550403131854686177746520506572736f6e616c2042617369632043413128302606092a864886f70d0109011619706572736f6e616c2d6261736963407468617774652e636f6d301e170d3936303130313030303030305a170d3230313233313233353935395a3081cb310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74696e6731283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3121301f0603550403131854686177746520506572736f6e616c2042617369632043413128302606092a864886f70d0109011619706572736f6e616c2d6261736963407468617774652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100bcbc93536dc0504f8215e6489435a65abe6f42fa0f47ee777572dd8d499b9657a078d4ca3f51b3690b9176172207976ac451934be08def3795a10c4dda34901d178997e03538574ac0f40870e93c447b507e619a90e323d388114627f50b070ebbddd17f200a88b9560b2e1c80daf1e39e29ef14bd0a44fb1b5b18d1bf2393210203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d0101040500038181002de2996bb03d7a89d759a294011f2bdd124b53c2ad7faaa7005c914057254a38aa8470b9d9800fa57b5cfb73c6bdd78a615c03e32d27a817e0848542dc5e9bc6b7b26dbb74afe43fcba7b7b0e05dbe78832594d2db810f79076d4ff439155a52017bde32d64d38f6125c0650df055bbd144ba1df29ba3b418df76356a1df22b1 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\70179B868C00A4FA609152223F9F3E32BDE00562 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\67650DF17E8E7E5B8240A4F4564BCFE23D69C6F0 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob = 0b00000001000000320000004d006900630072006f0073006f00660074002000540069006d0065007300740061006d007000200052006f006f007400000009000000010000000c000000300a06082b06010505070308030000000100000014000000245c97df7514e7cf2df8be72ae957b9e04741e852000000001000000b1020000308202ad30820216020101300d06092a864886f70d010104050030819e3120301e060355040a13174d6963726f736f6674205472757374204e6574776f726b311e301c060355040b13154d6963726f736f667420436f72706f726174696f6e312d302b060355040b13244d6963726f736f66742054696d65205374616d70696e67205365727669636520526f6f74312b3029060355040b1322436f70797269676874202863292031393937204d6963726f736f667420436f72702e301e170d3937303531333136313235395a170d3939313233303233353935395a30819e3120301e060355040a13174d6963726f736f6674205472757374204e6574776f726b311e301c060355040b13154d6963726f736f667420436f72706f726174696f6e312d302b060355040b13244d6963726f736f66742054696d65205374616d70696e67205365727669636520526f6f74312b3029060355040b1322436f70797269676874202863292031393937204d6963726f736f667420436f72702e30819f300d06092a864886f70d010101050003818d0030818902818100b75a38f51f37cca943c4dc2418bef28552b41d5b5f18b90b8f4b6da8ffcd40506cd3a0d35c47c2b9f786e4cd7d350569371faf3ddd1ffd8f1534c2c479cc59748a6f8c0ec3e811eb8438479853e1f10c0de4010cf01b1e20da2a7a3dc215528e8aff7b32bf581e25988326cb8ac9c4071424bc499ed77ab3871a2533bc6d08470203010001300d06092a864886f70d010104050003818100505bc56b6f8d525b0dc9bdac347398ca0a87caae4c4aba14a4eb52709521e0b5a1604ef743025101af1e3a70cebf18b686289967eb08e897405c1682fdb825fb366f6f763ec54c8ee2a751facac163ba5e8324470b9372f6449acea7953a8f50109e1db15916abcf3edf838bc7fac36bdc649f402b1f452404ae492ff6df0c91 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\9FC796E8F8524F863AE1496D381242105F1B78F5 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\22D5D8DF8F0231D18DF79DB7CF8A2D64C93F6C3A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8250BED5A214433A66377CBC10EF83F669DA3A67 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5D003860F002ED829DEAA41868F788186D62127F\Blob = 0300000001000000140000005d003860f002ed829deaa41868f788186d62127f090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802020b000000010000003800000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300200049006e0063002e00000053000000010000004800000030463021060b6086480186fd6e0107180230123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107180230123010060a2b0601040182373c0101030200c02000000001000000820400003082047e30820366a003020102020100300d06092a864886f70d01010505003081cf310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313a3038060355040b1331687474703a2f2f6365727469666963617465732e737461726669656c64746563682e636f6d2f7265706f7369746f72792f313630340603550403132d537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479301e170d3038303630323030303030305a170d3239313233313233353935395a3081cf310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313a3038060355040b1331687474703a2f2f6365727469666963617465732e737461726669656c64746563682e636f6d2f7265706f7369746f72792f313630340603550403132d537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100f2cc562a4de616375a97ea6d3538d1109bdbb8dca9040995332e09c5007b1a78428fc8f4058efed268831e4e99cd17db473e50f389d2e7dc98fb05f8aad663f4544dc17103b01f1b76b31a343073f128326083fdb49cd7b6d222377c19aa3bde1310696e5c06d36fa3f2665a764248af80d154593dd4b9d4dbedb9ab3999f4ee62abe178727bd8388d40b6ccdc120070438569d818e3ca57729fb4df3ffc22a84252f5775b99f0562d2670163612c2279e57a67cd023f179dca3935828383d9fad3643ee37fbf8f943adc856f294125e42eb73b8130dcba6d586b9aa286a5403a13f0f29eb0900e83f5ea27f173da12bf8bed0751da484e3ab1765065200afb10203010001a3633061300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414b4c67f1a43cc9b755d2fc44bf28b9810e9f15110301f0603551d23041830168014b4c67f1a43cc9b755d2fc44bf28b9810e9f15110300d06092a864886f70d01010505000382010100ac80bbc425050b58a4e47e297eafbc3bec2dc0442ef991e0d23b3227902df680095cc2ab6524da381046c449d2fd9aab28487788c6e96fd14791d5354f1409a85b40071d7c7156cb8942d4bf61c022f72edfabf372438b40e894ebb026dad113d3abd0362d2e3a95b3772e1539180c69baaa80edf1534e339b6804e2a0302ed7d15dd4a6669d84e6e7bb3c89bb369dfc17a93d552b8afb9bc44c84ffdfd2be691b74b0a8f6eab09cb22974814c683a9a7f732539f513e0669169d4574bb7eead45e02cc388d3be9449891fff70d55b6d3913b01dcb98e667630d63f6fbc3d7617283883f707e53c99e8954d64f7f7d71b9aef1608b7760ecf8bffa6aa39c0122 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8C96BAEBDD2B070748EE303266A0F3986E7CAE58\Blob = 0300000001000000140000008c96baebdd2b070748ee303266a0f3986e7cae5809000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030306082b060105050703040b0000000100000058000000450042004700200045006c0065006b00740072006f006e0069006b00200053006500720074006900660069006b0061002000480069007a006d006500740020005300610067006c00610079006900630069007300690000002000000001000000eb050000308205e7308203cfa00302010202084caf73421c8e7402300d06092a864886f70d01010505003081803138303606035504030c2f45424720456c656b74726f6e696b20536572746966696b612048697a6d6574205361c49f6c6179c4b163c4b173c4b131373035060355040a0c2e4542472042696c69c59f696d2054656b6e6f6c6f6a696c6572692076652048697a6d65746c65726920412ec59e2e310b3009060355040613025452301e170d3036303831373030323130395a170d3136303831343030333130395a3081803138303606035504030c2f45424720456c656b74726f6e696b20536572746966696b612048697a6d6574205361c49f6c6179c4b163c4b173c4b131373035060355040a0c2e4542472042696c69c59f696d2054656b6e6f6c6f6a696c6572692076652048697a6d65746c65726920412ec59e2e310b300906035504061302545230820222300d06092a864886f70d01010105000382020f003082020a0282020100eea08461d03a6a661032d831387fa7a7e5fda1e1fb9777b87196e8139646834fb6f25f72566e1360a50191e25bc5cd571f776351ff2f3ddbb93faaa935e779d0f5d024b621eaeb2394fe29bffb89910c649a054a2bcc0ceef13d9b8269a44cf89a6fe722da10ba5f92fc18270aa8aa44fa2e2cb4fb469a08038372ab88e46a72c9e5651f6e2a0f9db3e83be40c6e7ada57fdd7eb798b5e2006d3760b6c0295a396e4cb7651d1289da11afc44a24dcc7a76a80d3dbf174f228850fdaeb6ec90504a5b9f9541aaca0fb24afe80994ea34615abf873426ac26676b10a2615dd9392ecdba95f54225291705d13ea48ec6e036cd9dd6cfceb0d03ffa683129bf1a9930fc5264c31b263996172e72a6499d2b8e975e27ca9a99a1aaac356db109a3c8352b67b96b7ac8777a8b9f2670b9443b3af3e73fa4236b125c50a3126375667baa30b7dd6f789cd67a1b73a1e664ff6a05514254c2c330da6418cbd04316a10720a9d0e2e76bd5ef351898ba83f5573bfdb3ac62405969248aa4b8d2a03e5579110f46a28156e4777845c51749f19e9e61e631639e31115e3581a44bdcbc46c66d78406df30f437a2432279d2106cdfbbe61311fc9d840a137bf03bd0fca30ad789ea967e8d48851e645fdb54a2acd57a02796bd28af067da65720d1470e4e98e788f32747c57f2d6d6f436891bf8296c8bb9f697d1a42eaabe0b19c245e9705d0203009dd9a3633061300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414e7cec64ffc166796fa4aa307c104a7cb6adeda47301f0603551d23041830168014e7cec64ffc166796fa4aa307c104a7cb6adeda47300d06092a864886f70d010105050003820201009b989a5dbef3282376c66cf77fe6409ec036dc950d1dad15c536d8d539eff21e225eb382b45dbb4c1aca920ddf47241eb324da9188e98370dd93d7e9bab3df165a3edee0c8fbd3fd6c29f81546a06826cc9352ae82019390ca77ca4d49efe25ad92abd30ce4cb281b630ce594fda591d6a7aa445b08226818676f5f51000b8eeb309e84f870207ae245cf05fac0a30cc8a40a07304c1fb8924f69a1c5cb73c0a6736050831b3afd801682ae0788f74deb851a48c6c203da2fbb3d409fd7bc280aa936c299821a8bb16f3a9125f74b58798f29526df34ef8a5391885d1a94a33f7c22f8d788baa68c96a83d5234629f001e54554267c64d468fbb14453d0a96168e10a19799d5d33085ccdeb472b7bc8a3c182968fddc7107ee24396afaeda5ac382ff91e100e06711a104cfe757eff1e573942cad7e115a15655591bd1a3af11d84ec3a52bef90bfc0ec82135b8dd6722c934e8f6a29df853cd30de0a21812cc552f47b7a79b02fe41f6884c6ddaa90147836427621082d6127b5e031f34a9c991feaf5d6d8627b723aa7518ca20e7b00fd7890ea6672263f483412b064bbb58d5d1d7b7b91063d8894ab4aadd1663f56ebe60a1f8ede8d6904f1ac6c5a029d3a721a8f55a3cf7c749a2219a4a95522096729a66cbf7d286437c22be96f9bd01a847dde53b40f9752b9b2b4664868d1ef48ffb0777d0ea49a21c8d5214a60a93 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob = 0b000000010000000e000000740068006100770074006500000009000000010000000c000000300a06082b06010505070308030000000100000014000000be36a4562fb2ee05dbb3d32323adf445084ed6562000000001000000a5020000308202a13082020aa003020102020100300d06092a864886f70d010104050030818b310b3009060355040613025a41311530130603550408130c5765737465726e2043617065311430120603550407130b44757262616e76696c6c65310f300d060355040a1306546861777465311d301b060355040b13145468617774652043657274696669636174696f6e311f301d060355040313165468617774652054696d657374616d70696e67204341301e170d3937303130313030303030305a170d3230313233313233353935395a30818b310b3009060355040613025a41311530130603550408130c5765737465726e2043617065311430120603550407130b44757262616e76696c6c65310f300d060355040a1306546861777465311d301b060355040b13145468617774652043657274696669636174696f6e311f301d060355040313165468617774652054696d657374616d70696e6720434130819f300d06092a864886f70d010101050003818d0030818902818100d62b587861458653ea347b519cedb0e62e180efee05fa827d3b4c9e07c594e160e735460c17ff69f2ee93a8524153cdb470463c39ec4941a5adf4c7af3d9431d3c107a7925db90fef051e730d64100fd9f28df79be94bb9db614e32385d7a941e04ca479b02b1a8bf2f83b8a3e45ac719200b4904198fb5fedfab72e8af888370203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010405000381810067dbe2c2e6873d40838637357d1fce9ac30c6620a8baaa048986c2f510080dbfcba2058ad04d363ef4d7ef69c65ee4b0946f4ab9e7de5b88b67bdbe327e576c3f035c1cbb5279b3379dc90a6009e77fafccd279442169cd31c68ecbf5cdde5a97b100a32745413318b85038491b75801301438af28cafcb150191909ac8949d3 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4054DA6F1C3F4074ACED0FECCDDB79D153FB901D\Blob = 0b000000010000001e000000440053005400200041004300450053002000430041002000580036000000090000000100000016000000301406082b0601050507030406082b060105050703010300000001000000140000004054da6f1c3f4074aced0feccddb79d153fb901d20000000010000000d04000030820409308202f1a00302010202100d5e990ad69db778ecd807563b8615d9300d06092a864886f70d0101050500305b310b30090603550406130255533120301e060355040a13174469676974616c205369676e61747572652054727573743111300f060355040b13084453542041434553311730150603550403130e4453542041434553204341205836301e170d3033313132303231313935385a170d3137313132303231313935385a305b310b30090603550406130255533120301e060355040a13174469676974616c205369676e61747572652054727573743111300f060355040b13084453542041434553311730150603550403130e445354204143455320434120583630820122300d06092a864886f70d01010105000382010f003082010a0282010100b93df52cc994dc758a955d63e884777666b959915c46dd923e9ff90e03b43d6192bd2326b563ee92d29ed63cc80d905f6481b1a8080d4cd8f9d3052852b40125c5951c0c7e3e108475cfc1199163cfe8a89188b94352bb80b155898b31fad0b776be413d309aa422251773e81ee2d3ac2abd5b3821d52a4bd7557de33a55bdd76d6b02576be6477c08c882badea7873da16db83056c2b302815f2df5e29a301828b866d3cb01966fea8a4555d6e09dff672b1702a64e1a6a110b7eb77be798d68c766fc13bdb50937ee5d08e1f37b8bdbac69f6ce97c33f2323c2647fa272402c97e1d5b8842136a357c7d35e92e66917293d53226c474f553a3b35d9af609cb0203010001a381c83081c5300f0603551d130101ff040530030101ff300e0603551d0f0101ff0404030201c6301f0603551d11041830168114706b692d6f70734074727573746473742e636f6d30620603551d20045b30593057060a608648016503020101013049304706082b06010505070201163b687474703a2f2f7777772e74727573746473742e636f6d2f6365727469666963617465732f706f6c6963792f414345532d696e6465782e68746d6c301d0603551d0e041604140972064e18430fe5d6ccc36a8b317b788fa883b8300d06092a864886f70d01010505000382010100a3d88ed6b2dbce05e732cd01d30403e576e4562b9c9990e808306cdf7d3deee5bfb524408449e1d128aec4c23a533088f1f5776e51cafaff99af245f1ba0fdf2ac84cadfa9f05f042ead16bf219710813de3ff878d32dc94e5478a5e6a13c994953dd2eec83495d080d4ad320880543ce0bd5253d7527cb2693f7f7acf6a74cafa042a9c4c5a06a5e920ad45660f69f1ddbfe9e3328bfae0c1864d723c2ed893780a2af8d8d2273d19895f5a7b8a3bcc0cda51aec70bf72bb03705ecbc5723e238d29b68f35612884f427cb831c4b5dbe4c82134e9481135eefac79257c59f34e4c7f6f70e0b4c9c68787b7131c7eb1ee06741f3b7a0a7cde57a33366afa9a2b | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E0AB059420725493056062023670F7CD2EFC6666 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CB44A097857C45FA187ED952086CB9841F2D51B5 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6B2F34AD8958BE62FDB06B5CCEBB9DD94F4E39F3\Blob = 0300000001000000140000006b2f34ad8958be62fdb06b5ccebb9dd94f4e39f3090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080b000000010000003c00000054004300200054007200750073007400430065006e00740065007200200055006e006900760065007200730061006c002000430041002000490000002000000001000000e1030000308203dd308202c5a003020102020e1da200010002ecb76080788db606300d06092a864886f70d01010505003079310b3009060355040613024445311c301a060355040a1313544320547275737443656e74657220476d624831243022060355040b131b544320547275737443656e74657220556e6976657273616c204341312630240603550403131d544320547275737443656e74657220556e6976657273616c2043412049301e170d3036303332323135353432385a170d3235313233313232353935395a3079310b3009060355040613024445311c301a060355040a1313544320547275737443656e74657220476d624831243022060355040b131b544320547275737443656e74657220556e6976657273616c204341312630240603550403131d544320547275737443656e74657220556e6976657273616c204341204930820122300d06092a864886f70d01010105000382010f003082010a0282010100a477239644af90f431a710f426879cf338d90f5edecf41e831adc674912496781e09a09b9a954a4af5627c02a8caacfb5a047639de5ff1f9b3bff3035855d2aab7e30422d1f894da2208008dd37c265dcc7779e72c7839a826730ea25d2569854f550e9aefc6b944e1573ddf1f5422e56f65aa33843af3ce7abe5597ae8d120f1433e25070c3498713bc51ded798125aef3a83339206758b927c12687b706a0fb59bb6775b48599de4ef5aadf3c19ed4d7454eca563421bc3e175b6f770c48014329b0dd3f966ee695aa0cc020b6fd3e36279ce35ccf4e81dc19bb91907dece697041e93cc2249d79786b6130a3c4323777ef0dce6cd241f3b839b343a8334e30203010001a3633061301f0603551d2304183016801492a4752ca49ebe8144eb79fc8ac595a5eb107573300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e0416041492a4752ca49ebe8144eb79fc8ac595a5eb107573300d06092a864886f70d0101050500038201010028d2e086d5e6f87bf097dc226b3b9514560f1130a59a4f3ab03ae006cb65f5edc69727fe25f257e65e958c3e6460155a7f2f0d01c5b160fd4535cff0b2bf06d9ef5abeb36221b4d7ab357c533ea627f1a12dda1a239dccddec3c2d9e27345d0fc23679bcc94a622ded6bd97d41437cb6aacaed61b1378215091a8a1630d8ecc9d64772784b1046148e5f0eafecc72fab10d7b6f16eec86b2c2e80d9273dca2f40f3abf612310899c48406e7000b3d3ba374458117a026a88f03734f019e9acd46573f6698c64943a798529b0162b0c823f069cc7fd102b9e0f2cb69ee315bfd9361cba251a523d1aec220c1ce0a4a23df0e839cf81c07bed5d1f6fc5d00bd798 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\FA0882595F9CA6A11ECCBEAF65C764C0CCC311D0 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1B4B396126276B6491A2686DD70243212D1F1D96 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5F3AFC0A8B64F686673474DF7EA9A2FEF9FA7A51 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2388C9D371CC9E963DFF7D3CA7CEFCD625EC190D | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\9ED18028FB1E8A9701480A7890A59ACD73DFF871\Blob = 0300000001000000140000009ed18028fb1e8a9701480a7890a59acd73dff87109000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030b0000000100000042000000530065007200610073006100200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790020004900490049000000200000000100000029040000308204253082030da00302010202083b57fc376d701fb4300d06092a864886f70d01010505003066310b300906035504061302425231143012060355040a130b53657261736120532e412e31163014060355040b130d53657261736120434120494949312930270603550403132053657261736120436572746966696361746520417574686f7269747920494949301e170d3034313132363133313431345a170d3234313132313133323431345a3066310b300906035504061302425231143012060355040a130b53657261736120532e412e31163014060355040b130d53657261736120434120494949312930270603550403132053657261736120436572746966696361746520417574686f726974792049494930820122300d06092a864886f70d01010105000382010f003082010a0282010100f247c400a81e1aefef4fc03f6f45343e38ea97bd4e34087943978c1464932461198b18500ccc1fb237c1b8bfc4b55940ad9556370492fc5b3eac213ed1db06e092cd85ee06f6815f86e35f94b56c7edae24fe7262632bda8635d029a39df3be8ce4c658409ef788d04a5498a7bc3517e6b01e0e9ebd29213cc00d7c6261f04e360efec1814ef18f63c0344433870360d9620d4437ebfd486d8f92cdccb2c7b2e1d5e83176fce12354d4f8c9d20d8356acfdafc0c4604012e037a454e840b2d26cbab2e587f684395b7b24ed4ff975ef9a7b22f94215cf37e3ec00007f7ff8c2db5814ef6f92885b7fbbee3ceb2be1f461d96a0e48debfaec34c6b4b49609f2090203010001a381d63081d330310603551d25042a302806082b0601050507030106082b0601050507030206082b0601050507030306082b06010505070304305e0603551d1f045730553053a051a04f864d687474703a2f2f7777772e636572746966696361646f6469676974616c2e636f6d2e62722f7265706f7369746f72696f2f73657261736163612f63726c2f53657261736143414949492e63726c301d0603551d0e0416041446c278ab54e0f8682739df42b3f354c3067d26a1300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106300d06092a864886f70d0101050500038201010080391c9d3d892006f4ed095c8f2e1f612965b06c3b2178d83193d8aefca780ed5525573804e81ceabb5e992758b43d70034fee065465fb5d0ad447905100ed82df97f6d790af18796033a048155cfa52c00d196c26c2731bbe1b033870188e953c7ae0f4ee38c2e630c3b6016c52078a295f549d5c8f2cfd3eb90acf6e57ffdc90f8f4d72657c602ca0b05adc670c74816aa65e0965bcaebfb5d3bb1c65fbc1e38eba040d0a8d896e26f3492853e960415aa240c3855b66922347c41d810bc349bcf1f4c2507562091423919510b3c90d37918daef1d9feee2ba01145e1583833bcea705f340c73b469cc00fd3d62a4f930707f5ff8ad4a706e52eae0c488b70 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7639C71847E151B5C7EA01C758FBF12ABA298F7A\Blob = 0b000000010000002a0000004400530054002000280041004e00580020004e006500740077006f0072006b0029002000430041000000090000000100000016000000301406082b0601050507030406082b060105050703010300000001000000140000007639c71847e151b5c7ea01c758fbf12aba298f7a2000000001000000510300003082034d308202b6a0030201020204366ea26f300d06092a864886f70d01010505003052310b300906035504061302555331243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311d301b060355040b13144453542028414e58204e6574776f726b29204341301e170d3938313230393135343634385a170d3138313230393136313634385a3052310b300906035504061302555331243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311d301b060355040b13144453542028414e58204e6574776f726b2920434130819d300d06092a864886f70d010101050003818b0030818702818100b448118058a0d5a5990ff6372c44b66ed17cf32a6b9e11b68823045c71259e6a1277116ebf683965a8f6b2f6a218b28915a067b77a8c22486bf684341fb6caf71b72cbf25b48d3871e22761304b4ac6c967fe70e08c93251302dd580e82167baf35e08242c07599d901aee46c9b5a41e96b44191d47fd28d3826b06f436e097d020103a38201303082012c301106096086480186f842010104040302000730740603551d1f046d306b3069a067a065a4633061310b300906035504061302555331243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311d301b060355040b13144453542028414e58204e6574776f726b29204341310d300b0603550403130443524c31302b0603551d1004243022800f31393938313230393135343634385a810f32303138313230393135343634385a300b0603551d0f040403020106301f0603551d230418301680148c165570cc160a5364c2a584aab36417433f8236301d0603551d0e041604148c165570cc160a5364c2a584aab36417433f8236300c0603551d13040530030101ff301906092a864886f67d074100040c300a1b0456342e3003020490300d06092a864886f70d0101050500038181004925c960b10c5fa93910d3c534557dcf79c329ebdef9c240f9e856c5f02fecf4d9ec4851b863385e936e189685b9ca509ca4b8ea66266893856f6f4c71d0be7a0b3c31b9f7be699e10d7d140e8ac1671abaeab38e170b1ca9216e05d85a6188006009ce1a6184251a7686859ef26945fad310cfe291e170184375be81232a35d | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\634C3B0230CF1B78B4569FECF2C04A8652EFEF0E | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\64902AD7277AF3E32CD8CC1DC79DE1FD7F8069EA\Blob = 03000000010000001400000064902ad7277af3e32cd8cc1dc79de1fd7f8069ea09000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b060105050703090b000000010000004c00000049002e004300410020005000720076006e00ed00200063006500720074006900660069006b0061000d016e00ed0020006100750074006f007200690074006100200061002e0073002e00000020000000010000003d0400003082043930820321a0030201020204009d2a60300d06092a864886f70d01010505003068310b300906035504061302435a312a302806035504030c21492e4341202d205175616c696669656420726f6f74206365727469666963617465312d302b060355040a0c245072766ec3ad20636572746966696b61c48d6ec3ad206175746f726974612c20612e732e301e170d3038303430313030303030305a170d3138303430313030303030305a3068310b300906035504061302435a312a302806035504030c21492e4341202d205175616c696669656420726f6f74206365727469666963617465312d302b060355040a0c245072766ec3ad20636572746966696b61c48d6ec3ad206175746f726974612c20612e732e30820122300d06092a864886f70d01010105000382010f003082010a0282010100ab0888a4f074f29ff8dbd6778d30193ea6c5c78ac5bddde602ae8e3d5075b8af7d36abfef5ed0867b4008a98c103638851f21b3689745a2dc8c482c43fb988fd6cfd3a1d15054495801aa686cb217590855cb070008734a8d11f49fd6c386d6aacb8459fbc14d766d421e3270a8d75e05a2f0a4bb4e77e73a32abd70f19186088fbf90841c87a9f599252594c1e36e07c14b075b54fc34cb46379cc5a120cea6ac87a9833c384fc040f3e9ff9bd73976e4132375b5ffa142ae5c864fc54e43b6990b525320a8b3c24cd3002c15d2596c0a9f21b57316791e8625ee1afb939ead63f14ce276315e37effcd0a936e4f911e97afc50e741230334b87dba0ecfdd530203010001a381ea3081e7300f0603551d130101ff040530030101ff300e0603551d0f0101ff0404030201063081a40603551d2004819c308199308196060c2b0601040181b8480104000130818530818206082b0601050507020230761a7454656e746f20636572746966696b6174206a6520767964616e206a616b6f206b76616c6966696b6f76616e792073797374656d6f767920636572746966696b6174207620736f756c616475207365207a616b6f6e656d203232372f323030302053622e207620706c61746e656d207a6e656e692e301d0603551d0e04160414689d7ed6c42539fb3ba037d64fdc8cd17af05659300d06092a864886f70d0101050500038201010072f5bc068dd22c96f282db587b47f04064e52e1beffae0fad3f172480144f288f4de98815384e77d4e47e7313756aeb3c1306fc6ab4883f5985352692a28c14065eb65e7b4300bf0ab0ea51225bff4505dbfa37ee5d174f80a28ae429cb01452c4a0605df7451742ba422d9b92fb6e94b3704720089d53f0b0adbda9845add072a0ccd2b6d6128df3b9228ec51817f517c8e2e7f9de9bcc1343d8bad81adf11e7466433c414db82e334fb13a1edb12df368e71ff5763b1d68fb43d86126acf4230b49316ea99ea025bfe08eeb24f70bf3300e77a4a38a1f24891a61ecb23b2389df02e49a2c9885665658e3a67458c8c0be2aab14b07ffb11fba14cf72faa778 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABB51672400588E6419F1D40878D0403AA20264\Blob = 0b000000010000006c0000004a006100700061006e002000430065007200740069006600690063006100740069006f006e002000530065007200760069006300650073002c00200049006e0063002e0020005300650063007500720065005300690067006e00200052006f006f0074004300410031000000090000000100000016000000301406082b0601050507030406082b06010505070301030000000100000014000000cabb51672400588e6419f1d40878d0403aa2026420000000010000002d030000308203293082021102085f60585f00000000300d06092a864886f70d01010505003057310b3009060355040613024a50312b3029060355040a13224a6170616e2043657274696669636174696f6e2053657276696365732c20496e632e311b3019060355040313125365637572655369676e20526f6f74434131301e170d3939303931353135303030315a170d3230303931353134353935395a3057310b3009060355040613024a50312b3029060355040a13224a6170616e2043657274696669636174696f6e2053657276696365732c20496e632e311b3019060355040313125365637572655369676e20526f6f7443413130820122300d06092a864886f70d01010105000382010f003082010a028201010094900c4b71291cdaf668797aa4bae7d2cc8dafe84790991fc62aea9763e81fce1757c61ab3a8c77c87ed353580baba6e6dbe17fecc2d1b6cef8a004916e1ee065e4a075dab3dd150b89146d4d4da15d8945c0ecad7dabfa0f7493cc8bbceea26810a142d9c0d37456b41ca578b38f0261f31fccf348e8f77c13fe3ab543c27b4ce324c551362fcfe3a1625cf1b6ba223b7e0ea0269bbf722716d7c0b1993a1979ce391691f68e42f7d106d8f67aec110a2b05e634a97f7e678a9ad26bb54c9dfb4eec59ed325dd136853f98fe8ece5de81d6783eee5040b4013cac15c1823b2e7ff152278b72e0e7dbf98b29c3c34a2b3389ab5c2a07fc7c231e2b4f0822fec10203010001300d06092a864886f70d0101050500038201010055ed6f7b93e545314e68d55581a2081f6cdd09c5781a7057c8df0881ae6677c6750fe4ef498b035c6cff1c90a472b2d31612b206f84686aebfa715db854dfac22d4db3b5b043ef7c7e07db5fb357465176078644fd07eaf1cb4b454d66a73326c4f943aa8d12b3d48d68b6f70279b42d5ad70398042c6999aff4663b64acb2c02bc869549e4c4e48188dce57b53b51e51bd7fa3960db564513bee766d523f67c4800b04cef348d22acb22ed14c38cdfa580306ee3a73870a053acae4afd4c1ee1c857f2516cf27011f848a7708d0d346e820ec9fa48cf1bccdc41236801ec70928afe808bec0d3b23ed72e673da3cebb34fae285cdacce551d455b7885d3857a | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E3D73606996CDFEF61FA04C335E98EA96104264A\Blob = 0b000000010000001a00000044002d0054005200550053005400200047006d00620048000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308030000000100000014000000e3d73606996cdfef61fa04c335e98ea96104264a2000000001000000eb040000308204e7308203cfa00302010202030326da300d06092a864886f70d01010505003052310b300906035504061302444531153013060355040a0c0c442d547275737420476d6248312c302a06035504030c23442d5452555354205175616c696669656420526f6f74204341203120323030373a504e301e170d3037303630383131343734365a170d3132303630383131343734365a3052310b300906035504061302444531153013060355040a0c0c442d547275737420476d6248312c302a06035504030c23442d5452555354205175616c696669656420526f6f74204341203120323030373a504e30820124300d06092a864886f70d010101050003820111003082010c028201010089d9ffd3ff37fc57881560c1bd2f681080b72d59a5a24ac70ad62f8e40377b2a32aac6b6130d20e74ffe3f0e6eadf954cf6b050bfe69f2fabc813fdeedb333bb392c74c434f6b4fac3d3d258ca79708f63e39534f839579f01748b979cadea1cbb65fd4ae62438493e9eb2c650e35cd63be9873977d9a41e0728a05d92872b4c8b75c54003bd3f400d943c3b14a7e0ae72bd2bebd2f1b0de08e2d1a411d638c24ef212771fcf48460bf817339b831f08b805e746534b887b87fcd2a33d4572e90e19b4058a6a1f370c0f0cccc8a8b95b02baf3b8a30d0fc314eb6b7b3781ea9e58d1b0b7474b053104e94c0aa1c09214bd2337d221f6e4c0ec4e997f8d8de851020500e9cc4529a38201c2308201be300f0603551d130101ff040530030101ff301d0603551d0e041604142c4cf69a2a9f288201c1990611afb34b7cb79afe303806082b06010505070101042c302a302806082b06010505073001861c687474703a2f2f7175616c2e6f6373702e642d74727573742e6e657430170603551d200410300e300c060a2b06010401a534021f0130330603551d11042c302a8110696e666f40642d74727573742e6e65748616687474703a2f2f7777772e642d74727573742e6e6574301806082b06010505070103040c300a3008060604008e460101300e0603551d0f0101ff0404030201063081d90603551d1f0481d13081ce3081cba081c8a081c5867f6c6461703a2f2f6469726563746f72792e642d74727573742e6e65742f434e3d442d54525553542532305175616c6966696564253230526f6f7425323043412532303125323032303037253341504e2c4f3d442d5472757374253230476d62482c433d44453f63657274696669636174657265766f636174696f6e6c6973748642687474703a2f2f7777772e642d74727573742e6e65742f63726c2f642d74727573745f7175616c69666965645f726f6f745f63615f315f323030375f706e2e63726c300d06092a864886f70d0101050500038201010069a9f184c8b6069d1a170765f3aa479cf772aa3daf2666e514210ece1b893e8a54c8ff36c91d2c8a11e5cdc772a4845b1e5bc33535b1b16d4baa08d4d9d4e2fd074be4565bf6ca70c875ba9c7e440e058afdd61b74d3bbd2e55ae4daf60fb21f8d54cc1565fe761a2c10b9c6d424263b0cad68496f63acac585ed617b906680cb430cce1b7e63fc0eed20f4da0d8a25f7c80c8e0178a54f7450872774a4bb329a093a0e1ca43c1732dbbdab492f15ce61026d588f186e73e1b622726ccbbcecc30decfd8baff8c82371e6c4584d923b58696970ec7aa228d4fa2fb2903b01adc105463bd9cd69e9ce41f329790d0d79abb79a3238fb475ae64c87797fa2c238d | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8D08FC43C0770CA84F4DCCB2D41A5D956D786DC4\Blob = 0300000001000000140000008d08fc43c0770ca84f4dccb2d41a5d956d786dc4090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b000000010000003c000000530077006900730073005300690067006e002000530069006c00760065007200200052006f006f0074002000430041002000132020004700330000002000000001000000820500003082057e30820366a003020102020900aa88b05a0bb1769b300d06092a864886f70d01010b0500304c310b300906035504061302434831153013060355040a130c53776973735369676e204147312630240603550403131d53776973735369676e2053696c76657220526f6f74204341202d204733301e170d3039303830343133313931345a170d3337303830343133313931345a304c310b300906035504061302434831153013060355040a130c53776973735369676e204147312630240603550403131d53776973735369676e2053696c76657220526f6f74204341202d20473330820222300d06092a864886f70d01010105000382020f003082020a0282020100be879b05e6717c526f6dec37a9e9b3dccc5f7fd350ea219b04f03dbfbe8ec9a514163210cf99fcec70ad483667240c1732d629e54a39b137eba6780c6c6f19ca4ef751da1ae8fa21386c959c2fd68bcc3b029bbf269b1145b6b8345a1da6544852c89d7871ce484acca77883dc68ab661e7707d3361808d7d46d60f8f079d33336099263b7049af5a796da45af741afc82e3a85b0e3a3f5257987ebc9c8cc1c0b25adfc47efe0ca65476837ebadde72af44a364f87652ea5ba398d596129f3d38e24708c539b11a54707b275055c0d84d944d9cdc92644576e027d9501d4ab2486ee3d70fb57fab02914d09df2c597cb09caf1f23de7d84b96e9882f9e47518a54659848d212e454770c07e6be5b9cf1dd037e8d84fcbec962d5fcc93ae889b55fc2055261f09c3eec2e4d8c72918ec843c1a2285ef58024dce22f873b5300e5cbf0b27c8d7919a088cd78f8c58a5a77e506acdd4adee6706ebeafbef5b1ab0e08b0dba03f94c5be12b9bc7b2779b532295daec5202392037b5439b08922546d12e3c378ea3a40fda493ace92d883cdba647664cdfd817ed16de1ad6d74166bf1d80f1a4e06411295e0c270562ebe5c40462d1c49f0c6a55d658389c660f9dfbab5480999cec49d6829fda45d63f530603b7fd1fec867d74e0a4b4e832b6aa0723f8ef24419e633078f454dd8ef05a388e127f78c76f02562133ceb8b8ad69550203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414a18c45930a12630ba7575f324a7de121e7b73e66301f0603551d23041830168014a18c45930a12630ba7575f324a7de121e7b73e66300d06092a864886f70d01010b0500038202010087ae616d48382ac61cdc4a2e847849c0232a45b8354dd105fab90533c464bddbad54162ab03e0d5a28daa61a80730cc4416fafb834b677d45b8e1d0b8b469044b5b3ee491889c14b34b3873574a29e4567ed457166b6b9a12573d7c2ac88fbd21da76bdac05ae6d85964349765203133034fcead099eaee9c23e1875b4332512bb05ec50ba7140e2bdde88460521848ba32b1eeb303089bf11f55c44f8918b4b59450b300dca0c4f6f63be04fec1ede087fec8cd56bfe5dc8e7ad4d6294e80dbab9b3f8e650722f744cd961f2dc7f509b69870ff38dc501511843b7fa9f0d82454c8178c2b1349d6997f45d10f8ebf6972375307f4e6aefd5b3e79b906cdb88178b44da0d035bae4aeffd349bc35ed63c6b3fce3ab615a05b60be4ffa92abedf544ec24b5c68daa332a2c94d57185334593c6699d73c0278a74c71d0bfdbf1c43ce701e604f244f648263033c9b10119eb02f1cc21fa3a0230179dc85f803fdd25ac029be317debdca9214d2528153e6eafc306732a962f693171507315e0f1b69f5f4a9b77c2db3ed8444324728073b866945a9c73696907274d812a67323d14eb9b67a3ac429a1500611b9d9f4266e6208122016f0015717d405366797eb51f9ff33240c050f56bfef3d1c528e8ade690f5a1ff0d5033144b392c6ea75a8aebbc760038898ffc70484529086e1b493a9502fe8ebd236ac3060a7d00313b50a | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4A3F8D6BDC0E1ECFCD72E377DEF2D7FF92C19BC7\Blob = 0300000001000000140000004a3f8d6bdc0e1ecfcd72e377def2d7ff92c19bc709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030b000000010000001800000049005a0045004e0050004500200053002e0041002e0000002000000001000000630400003082045f30820347a003020102020101300d06092a864886f70d01010505003081d0310b300906035504061302455331483046060355040a133f495a454e504520532e412e202d2043494620412d30313333373236302d524d6572632e5669746f7269612d4761737465697a205431303535204636322053383142304006035504071339417664612064656c204d65646974657272616e656f2045746f7262696465612033202d203031303130205669746f7269612d4761737465697a311330110603550403130a497a656e70652e636f6d311e301c06092a864886f70d010901160f496e666f40697a656e70652e636f6d301e170d3033303133303233303030305a170d3138303133303233303030305a3081d0310b300906035504061302455331483046060355040a133f495a454e504520532e412e202d2043494620412d30313333373236302d524d6572632e5669746f7269612d4761737465697a205431303535204636322053383142304006035504071339417664612064656c204d65646974657272616e656f2045746f7262696465612033202d203031303130205669746f7269612d4761737465697a311330110603550403130a497a656e70652e636f6d311e301c06092a864886f70d010901160f496e666f40697a656e70652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b56eda025d7869df12160fe07197c9d40b193289acd67e9b747baf2df90b7dfa566329949d130d8e9a3e2abebfa8bd19835cede25a95953960e5dc91c98c0cc509ef191013431fe40d63064798f05a31814e60575b0055475afcacd79d82df4f2170527ac565869a3be5d9e322125f4fda74762d6b9edfaf030aef9a93b8f782301768239d3f56bb05fafe456dd7d920b94785f2a7c88794be493c7243fd60642eb7b3c3340f7400b0f26f441bbabd914c253692f7da644eba34b76644fa9904f326278b884dd7d38b34b8852a5649393218dc1c57fb6a5d0de42ce3b537275d824a37667d10356c924e289407468b8e9e4a86576e350e3f9824123eb05590170203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414ea564fec3c83a114887881b22b0522c007415b42300d06092a864886f70d01010505000382010100629ee6133ce1c3aa391dfe7e4f991c23eb78049ca2216cbbbc794bb3f1bc74b6173bcd5a37f33383ddbc78c4d14f1c5864bf1d77dbb0b09e744d57d7e8bd11e03cb0eb08a48777c746b6adf6e7d78bade3e4af7562cafb697aa7177f1d880807624af00b792ec4705bf42d0a073ea1f10e39fca0b237b777ef0580ab7f32ca13c395a3afca813a6dd52e2b98539b91180392663f2ae14359a80cecae7960408f1ccc10c8fe3806351fdd1c2efeb0b33b2a7abc51add4ce1c176fecc8c1108a6f1044245d4c555c0cc5bae4fa9b6b7dd4b7e7c1f97f22f9631da542ec3972ca14581c3e83e11c7ee102a9e2d58bbe9c3a2e423e80a349fd874c0ac45943310414 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A3E31E20B2E46A328520472D0CDE9523E7260C6D | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DBAC3C7AA4254DA1AA5CAAD68468CB88EEDDEEA8\Blob = 0b000000010000002800000047005400450020004300790062006500720054007200750073007400200052006f006f0074000000090000000100000020000000301e06082b0601050507030406082b0601050507030206082b06010505070301030000000100000014000000dbac3c7aa4254da1aa5caad68468cb88eeddeea82000000001000000500200003082024c308201b5020200fd300d06092a864886f70d0101040500306e310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e311c301a06035504031313475445204379626572547275737420526f6f74301e170d3938303430333134353230315a170d3034303430333233353930305a306e310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e311c301a06035504031313475445204379626572547275737420526f6f7430819f300d06092a864886f70d010101050003818d0030818902818100ba8ebd759012fae57974b2d9f726d40e411de936075672d5b869da54d4b1d6786daae33b3da3843725c7afaf04dcb322b1e96dbe826deb8d2fbdb4ae701ea2d66e203151e6565c7352b223504ebcfb9a6740c4861146c74322baea004f6c72cd619cdecbfaee30d2e6fa5b9dc599dc20f839bf648c07563bbddc6c5ef6bfe1d90203010001300d06092a864886f70d010104050003818100965f1d3cc67595b66baf8700cda5412b8bbfd08d315b3965d3f1d18f581e5222c33d86f2c29af6dd485e71c3451c7c4ca259eea151963df7d534243aaafd822665c54c420f0c8f69607ce7d6d51a4b79faee5ab54ca6cca36b46d6d1c83254a03067d25d861191bcc3ba2a9cd578511ad45ddd769122456b31593ef985594ecb | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\21FCBD8E7F6CAF051BD1B343ECA8E76147F20F8A\Blob = 0b000000010000000c000000440061006e0049004400000009000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b0601050507030903000000010000001400000021fcbd8e7f6caf051bd1b343eca8e76147f20f8a20000000010000002f0400003082042b30820313a00302010202043acca54c300d06092a864886f70d01010505003043310b300906035504061302444b31153013060355040a130c54444320496e7465726e6574311d301b060355040b131454444320496e7465726e657420526f6f74204341301e170d3031303430353136333331375a170d3231303430353137303331375a3043310b300906035504061302444b31153013060355040a130c54444320496e7465726e6574311d301b060355040b131454444320496e7465726e657420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c4b840bc91d5631fd799a08b0c401e74b7489d468c02b2e0245ff01913a737836b5dc78ef98430ce1a3bfafbce8b6d23c6c36e669f89a5dfe0425067fa1f6c1ef4d005d6bfcad64ee468606c46aa1c5d63e107860e6500a72ea671c6bcb981a83a7d1ad2f9d1ac4bcbce75afdc7bfa8173d4fcbabd4188d474b3f95e383a3c43a8d2954e776d130c9d8f7801b75a201f033735e22cdb4b2b2c78b949dbc4d0c79c9ce48a200921165666ff05ec5be3f0cfab24245ec37f707a12c4d2b510a0b621e18d7869554469f5ca961c3485172577e2f62f279878fd79063aa2d65a43c1ffec043bee13efd3585aff92ebecaedaf237034741b697c92d0a4122bbbbe6a70203010001a382012530820121301106096086480186f842010104040302000730650603551d1f045e305c305aa058a056a4543052310b300906035504061302444b31153013060355040a130c54444320496e7465726e6574311d301b060355040b131454444320496e7465726e657420526f6f74204341310d300b0603550403130443524c31302b0603551d1004243022800f32303031303430353136333331375a810f32303231303430353137303331375a300b0603551d0f040403020106301f0603551d230418301680146c6401c7fd856dacc8da9e50088508b53c56a850301d0603551d0e041604146c6401c7fd856dacc8da9e50088508b53c56a850300c0603551d13040530030101ff301d06092a864886f67d0741000410300e1b0856352e303a342e3003020490300d06092a864886f70d010105050003820101004e43ccd1dd1d101b067fb7a4fad3d94dfb239f23545be68b2f04288bb5276d89a1ec9869dce78d2683057974ecb4b9a397c13500fd15da39813a953190de97e986a899770ce55aa084ff1216ac6eb88dc37b92c2ac2ed07d28ecb6f36038696f3ed804553e9ecc55d2bafebb4704d70ad9160a3429f55813d54fcf8f564bb31eeed39879da081e0c6fb8f81627efc26f3df6a34b3e0ee46d6cdb3b41129bbd0d47237f3c4ad0afc0aff6ef1bb515c4eb83c4095f748bd911fbc256b13cf870ca348d4340138cfd99035479c62eea86a1f63ad409bcf4bc66cc3d58d057490aee25e241ee13f99b3834d100f57ee7941dfc690362b89905053d6b7812bdb06f65 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\FEB8C432DCF9769ACEAE3DD8908FFD288665647D\Blob = 53000000010000002400000030223020060a2a83088c9b1b6485510130123010060a2b0601040182373c0101030200c00b00000001000000360000005300450043004f004d002000540072007500730074002000530079007300740065006d007300200043004f0020004c00540044000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308030000000100000014000000feb8c432dcf9769aceae3dd8908ffd288665647d2000000001000000810300003082037d30820265a003020102020100300d06092a864886f70d01010505003060310b3009060355040613024a5031253023060355040a131c5345434f4d2054727573742053797374656d7320434f2e2c4c54442e312a3028060355040b1321536563757269747920436f6d6d756e69636174696f6e20455620526f6f74434131301e170d3037303630363032313233325a170d3337303630363032313233325a3060310b3009060355040613024a5031253023060355040a131c5345434f4d2054727573742053797374656d7320434f2e2c4c54442e312a3028060355040b1321536563757269747920436f6d6d756e69636174696f6e20455620526f6f7443413130820122300d06092a864886f70d01010105000382010f003082010a0282010100bc7fec579b24e0fe9cba4279a9888afa80e0f5072943ea8e0a34368d1cfaa7b53978ff9775f72fe4aa6b048444caa6e2688efd5550620fa4710ece07382d428550ad3c966f8bd5a20ecfde49893dd6642e38e51e6cb5578a9eef480ecd7a69168744b590e4069daea104975879ef204a826b8c22bfec1f0fe98471edf10ee4b81813cc56365dd19a1e516b396e607688340bf3b3d1b09dca61e2641dc14607b863dd1e3365b38e0955523db5bdff07ebad6155182ca969984aaa40c53314657400f991deaf0348c54054dc0f84906820c59296dc2ee50245aac05f54f86dea49cf5d6c4bafef9ac2565cc63556426a305fc2abf6e23d3fb3c9118f314cd79f490203010001a3423040301d0603551d0e04160414354af54daf3fd78238acab716517758c9d5593e6300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100a887e9ecf840675dc3c166c7404b97fc8713905ac4efa0ca5f8bb7a7b7f1d6b564b78ab3b81bccdafbac668841cee8fce4db1e88a6ed27501b0230244679fe048770974073d1c0c157199a69a52799ab9d6284f651c12cc92315d828b7ab2513b546e18602ff268cc488921d56fe1967f255e480a36b9cab77e151710d20db109adbbd767907779928ad9a5edab14f442c358ea596c7fd83f058c679d6987ca88dfe863e071692e17be71dec33767e422e4a85f9918968840381a59b9abee337c554ab563b182d41a40cf842db99a0e0726fbb5de1164f530a64f94ef4bf4e54bd786c88eabf9c1324c27069a27f0fc83cad08c9b09840a32ae78883ed778f74 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 53000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b000000010000000e00000043004f004d004f0044004f000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b06010505070307030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb42000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CEA9890D85D80753A626286CDAD78CB566D70CF2 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CBA1C5F8B0E35EB8B94512D3F934A2E90610D336 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\93E6AB220303B52328DCDA569EBAE4D1D1CCFB65\Blob = 03000000010000001400000093e6ab220303b52328dcda569ebae4d1d1ccfb6509000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030306082b060105050703040b000000010000004e000000570065006c006c007300200046006100720067006f00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f007200690074007900000053000000010000002400000030223020060a6086480186fb7b83740930123010060a2b0601040182373c0101030200c02000000001000000e9030000308203e5308202cda003020102020439e4979e300d06092a864886f70d0101050500308182310b300906035504061302555331143012060355040a130b57656c6c7320466172676f312c302a060355040b132357656c6c7320466172676f2043657274696669636174696f6e20417574686f72697479312f302d0603550403132657656c6c7320466172676f20526f6f7420436572746966696361746520417574686f72697479301e170d3030313031313136343132385a170d3231303131343136343132385a308182310b300906035504061302555331143012060355040a130b57656c6c7320466172676f312c302a060355040b132357656c6c7320466172676f2043657274696669636174696f6e20417574686f72697479312f302d0603550403132657656c6c7320466172676f20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100d5a8333b26f934ffcd9b7ee50447ce00e27d77e731c22e27a54d68b931ba8d435997c773aa7f3d5c409e05e5a1e289d94cb83f9bf90cb4c862192c45ae911e737141c44b13fd70c225ac22f5750bb753e4a52bddcebd1c3a7ac3f7138f26549c166b6baffbd896b1609a48e02522247934ce0e26000b4eabfd8bce82d72f087068c1a80af9744f07aba4f9e2837e2773743eb8f93842fca5a85b4823b3ebe325b280ae96d40a9cc2789ac66818ae3762375e5175a85863c051ee40787ea8af1aa0e1b0789d508c7be7b3fc8e23b0db65007084010800146e54869abaccf93710f6e0de842d9da48537d387e315d0c117907e19216a12a976fd1202e94f215e170203010001a361305f300f0603551d130101ff040530030101ff304c0603551d20044530433041060b6086480186fb7b8707010b3032303006082b060105050702011624687474703a2f2f7777772e77656c6c73666172676f2e636f6d2f63657274706f6c696379300d06092a864886f70d01010505000382010100d227dd9c0a772bbb22f202b54a4a91f9d12dbee4bb1a68ef0ea400e9eee7efeef6f9e574a4c2d85258c474fbce6bb53b2979185aef9bed1f6b36ee48252514b656a210e8eea77fd03fa3d0c35d26ee07ccc3c12421871edf2a12536f4116e7edae94fa8c72fa1347f03c7eae7d113a13ecedfa6f72647b9d7d7f26fd7afb25adea3e297f4ce3005732b0b3e9ed5317d98bb2140e30e8e5d513c664afc400d5d85824fcf58fecf1c77da5db0f27d1c6f24088e61ff661a8f442c8b937d3a9be2c5678c2729b595d35408ae84e631ab6e9206a51e2cea490df7670995c70434db7b6a719644e92b7c5913c7f4816657b16fdcbfcfbd9d5d64f21653b4a7f47a3fb | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\58119F0E128287EA50FDD987456F4F78DCFAD6D4\Blob = 53000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b0000000100000014000000550053004500520054007200750073007400000009000000010000000c000000300a06082b0601050507030103000000010000001400000058119f0e128287ea50fdd987456f4f78dcfad6d42000000001000000620400003082045e30820346a003020102021044be0c8b500021b411d32a6806a9ad69300d06092a864886f70d0101050500308193310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311b30190603550403131255544e202d2044415441436f727020534743301e170d3939303632343138353732315a170d3139303632343139303633305a308193310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311b30190603550403131255544e202d2044415441436f72702053474330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfee5810a22b6e55c48ebf2e4609e7e0080f2e2b7a13941bbdf6b6808e650593001ebcafe20f8e190d1247ecacada3fa2e70f8de6efb5642159e2e5cef23de21b9057627190f4fd6c39cb4be941963f2a6110aeb53489cbef2293b16e81aa04ca6c9f4185968c070f25300c05e5082a5566f36f94ae04486a04d4ed6476e494acb67d7a6c405b98e1ef4fcffcde736e09c056cb2332215d0b4e0cc17c0b2c0f4fe323f292a957bd8f2a74e0f547ca10d80b30903c1ff5cdd5e9a3ebcaebc478a6aae71ca1fb12ab85f42050bec4630d1720bcae9566df5efdf78be61bab2a5ae044cbca8ac691597bdefebb48cbf35f8d4c3d1280e5c3a9f7018332077c4a2af0203010001a381ab3081a8300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e041604145332d1b3cf7ffae0f1a05d854e92d29e451db44f303d0603551d1f043630343032a030a02e862c687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d44415441436f72705347432e63726c302a0603551d250423302106082b06010505070301060a2b0601040182370a030306096086480186f8420401300d06092a864886f70d01010505000382010100273597008a8b28bdc633301e29fce2f7d598d440bb60cabfab172c09367f50fa41dcae963a0a233e8959c9a307ed1b37adfc7cbe51495ade3a0a54081645c299b187cd8c68e06903e9c44e98b23b8c16b30ea00c98509b93a97009c82ca38fdf02e4e0713af1b42372a0aa01dfdf983e1450a03126bd28e95a302675f97b601c8df3cd50266d04279adfd50d4547296b2ce676d9a9297d32ddc9363cbdae35f1119e1dbb903f12474e8ed77e0f62731d5226381c1849fd30749ac4e5222fd8c08ded917a4c008f727f5ddadd1b8b456be7dd6997a8c5564c0f0cf69f7a9137f69782e0dd7169ff763f604d3ccff799f9c657f4c9553978ba2c79c9a6882bf408 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\C73026E325FE21916B55C4B53A56B13DCAF3D625 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 0b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d0049002900000009000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b0601050507030903000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e820000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2E14DAEC28F0FA1E8E389A4EABEB26C00AD383C3\Blob = 0b0000000100000016000000430065007200740069006e006f006d00690073000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070300000001000000140000002e14daec28f0fa1e8e389a4eabeb26c00ad383c32000000001000000a00500003082059c30820384a003020102020101300d06092a864886f70d01010505003063310b300906035504061302465231133011060355040a130a43657274696e6f6d697331173015060355040b130e30303032203433333939383930333126302406035504030c1d43657274696e6f6d6973202d204175746f726974c3a920526163696e65301e170d3038303931373038323835395a170d3238303931373038323835395a3063310b300906035504061302465231133011060355040a130a43657274696e6f6d697331173015060355040b130e30303032203433333939383930333126302406035504030c1d43657274696e6f6d6973202d204175746f726974c3a920526163696e6530820222300d06092a864886f70d01010105000382020f003082020a02820201009d859f86d3e3afc7b26b6e33e09eb74234559df981be63d823760e9754cd994c1af139c788d817500c9e61dac04e55dee75ab87a4e77870de5b8ebfa9e5e7b1ec4cf2874c793f514c6222804f991c3ab27736a0e2e4df32e281f70df552f4eedc7716f09722eedd53297d0f15877d160bc4e5edb9a84f64761452bf650a67f6a71274884359eacfe69a99e7a5e3525fab4a749357796a7365be1cddf2370d85d4ca50883f1a6243813a8ec2fa8a167c7a62d8647ee8afcec9b0e74f42b49027b90758cfc99390139d64a89e59e76ab3e962838268bdd8d8cc0f6011e6fa53112387d95c271eeed74aee436a24375d5f1009be2e4d7cc42034b787ae57dbbb8ae2e2093d3e461df71e17667973fb6df6a735a6422e542dbcf810393d8f4e310e072f60070acf0c17a0f057fcf346945b593e419db52162305890e8d48e4256fb378bf62f507fa9524c296b2e8a323c25d03fcc3d3e57cc97523d7f4f5bcdee4dfcd80bf91887da713b439ba2cbabdd16bccf3a528ed449e7d52a36f962e197e1cf35bc7168ebb607d77664754820011606c32c1a8381beb6e9813d6ee38f5f09f0eeffe3181c1d224952f537a69a2f00f86458e58822b4c22d45ea0e77d262748df25468d4a287c869ef99b1a59b965bf05ddb6425d3de60048825e20f71182decad89fe63747261eeb78f761c34164580241f9dae0d1f8f9e8fd5238b6f589df0203010001a35b3059300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604140d8cb661da44b8d1147dc3be7d5e48f0ceca6ab030170603551d200410300e300c060a2a817a01560202000101300d06092a864886f70d01010505000382020100243e60067e1def3a3edbeaaf1c9a2c010bf4c5b5d94931f45d418d890c4eff6ca2fdffe206c8399ff15aa9dd225815a88ad3b1e6320982036cd73f08c7f8b9ba006db9d6fc52325da47fa43194bbb64c387f283035ff9f2353b7b6ee147000402bda47ab347e5ea75630612b8b43acfdb68828f56bb63e604aba429034678deaeb5f45543b17ac8be4c6650feed08c5d6639ce32a7d81097c07e349c9f94f3f6861fcf1b73ad9479876870c333a570e7d8d538946f6379ebbf0a0e08e7c52f0f42a02b1440ff21e005c527e1841113bad6861d410b132389d3c90be88aba7aa3a3733735807d12b833774038c0fa5e30d2f2b6a3b1d6a29597819b52ed694cff80e453db545b036d545fb1b8ef24bd6f9f11c3c764c20f286285665e1a7bb2b7efae35c91933a8b827db3355bf68e175484456fbcdd348bb47893aac69f580c6e444502f54c4aa43c5313158bd96c5ea756c9a75b14df8f797ff9616f2974de8f6f311f93a7d8a386e04cbe1d34515aaa5d11d9d5d63e824e63614e287ad1b59f5449bfbd7777c1f017062a1201aa2c51a28f42103ee2ed9c180eab9d982d65b76c2cb3bb5d200f0a30ee1ad6e40f7dba0b4d046ae15d744c24d35f9d20bf217f6ac66d524b24fd11c99c06ef57deb7404b8f94d7709d7b4cf073009f1b80056d91716160a2b86df8f01191ae5bb8263ffbe0b76165e3737e6d87497a2994579 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\31E2C52CE1089BEFFDDADB26DD7C782EBC4037BD | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CEA9890D85D80753A626286CDAD78CB566D70CF2\Blob = 030000000100000014000000cea9890d85d80753a626286cdad78cb566d70cf2090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b000000010000000e00000041004e00460020004100430000002000000001000000a10600003082069d30820585a003020102020301344b300d06092a864886f70d01010505003081d9310b30090603550406130245533112301006035504080c0942617263656c6f6e613147304506035504070c3e42617263656c6f6e6120287365652063757272656e7420616464726573732061742068747470733a2f2f7777772e616e662e65732f616464726573732f2931283026060355040a0c1f414e46204175746f7269646164206465204365727469666963616369c3b36e31173015060355040b0c0e414e4620436c617365203120434131123010060355040513094736333238373531303116301406035504030c0d414e4620536572766572204341301e170d3039313133303233303030305a170d3231313133303233303030305a3081d9310b30090603550406130245533112301006035504080c0942617263656c6f6e613147304506035504070c3e42617263656c6f6e6120287365652063757272656e7420616464726573732061742068747470733a2f2f7777772e616e662e65732f616464726573732f2931283026060355040a0c1f414e46204175746f7269646164206465204365727469666963616369c3b36e31173015060355040b0c0e414e4620436c617365203120434131123010060355040513094736333238373531303116301406035504030c0d414e462053657276657220434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bfea48a79a88396b2c48400704937cf7b82d7ea537e261d621fc9037cb693e5e8b37df5b6f3bd8b6c3884090f49d0c5c1052b1b3e55f9110e6fda880145fd38bbd5cbd0f23920937e372d266940b5c74942f5ef24ed803c6b3ce56a51cd97bfd4f074cd4b7da5f294d75f21f55cf32231c4609271d45ecf18c3489de7b16a7435e8a2be994431ed73e936d6f893dbceeb1c8b7ffc97de35f0d6f7778f52a2e8dc48b989730b1465a0b6370d478c786b37fff2742aa9f8a6e6da194caec87021cd6544bfdbc899ba66338668c16898997c350e8f64201a7777d10199203e85d45c815c5871b0d91f2c6399c7bf3c00a99f8ee836f7e4277118ec31f1c722f3d1b0203010001a382026a30820266301d0603551d0e04160414be3bf6b431b773244839c557139475aa9f813f2c308201090603551d23048201003081fd8014be3bf6b431b773244839c557139475aa9f813f2ca181dfa481dc3081d9310b30090603550406130245533112301006035504080c0942617263656c6f6e613147304506035504070c3e42617263656c6f6e6120287365652063757272656e7420616464726573732061742068747470733a2f2f7777772e616e662e65732f616464726573732f2931283026060355040a0c1f414e46204175746f7269646164206465204365727469666963616369c3b36e31173015060355040b0c0e414e4620436c617365203120434131123010060355040513094736333238373531303116301406035504030c0d414e4620536572766572204341820301344b300c0603551d13040530030101ff300e0603551d0f0101ff0404030201063031060a2b06010401818f1c2a0604231b2168747470733a2f2f7777772e616e662e65732f41432f41435441532f37383932333018060a2b06010401818f1c1301040a1b083830312d33343030303806082b06010505070101042c302a302806082b06010505073001861c687474703a2f2f7777772e616e662e65732f41432f52432f6f63737030630603551d1f045c305a302ba029a027862568747470733a2f2f7777772e616e662e65732f41432f414e4653657276657243412e63726c302ba029a027862568747470733a2f2f63726c2e616e662e65732f41432f414e4653657276657243412e63726c30160603551d12040f300d810b696e666f40616e662e657330160603551d11040f300d810b696e666f40616e662e6573300d06092a864886f70d01010505000382010100b5c6c7bc46fa425c13c194753356bf2fa70773ec37e34374eaf9664f5e8d7ff0e679c34df5d938a5ccca43f4538086bfbcd0115d90c4c24047ebc58793c1b6785e9aae87f56210594c4c6d06be991315b3b3fa1c727ee022210158353868a2e4f8e1f0f0365091e0b477dc6384339260b8cb16f2d2633b4c5c353ae7ac0253c51c810177c71c111f5430ef548f25fa89279434a30f144f6fe973d91862e7ee08e8c9837bc8339b7c449a7c1a90b5d27189df3df41c4f4e51e0c96bb6aa0b1ed9300fd363d5ed70f4c183ed06459aa8eab48937fd5a3747ef9179a735fff0dc30ed0d1467db7c5ae08f6d33fe3c9e1533c3c32d0e5daa7c0d8e31964d8bff05d5 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c5436090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080b00000001000000120000004400690067006900430065007200740000002000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6A6F2A8B6E2615088DF59CD24C402418AE42A3F1 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B19DD096DCD4E3E0FD676885505A672C438D4E9C | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E621F3354379059A4B68309D8A2F74221587EC79 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7E206939CC5FA883635F64C750EBF5FDA9AEE653\Blob = 0b00000001000000740000004100750074006f0072006900640061006400200043006500720074006900660069006300610064006f007200610020005200610069007a0020006400650020006c006100200053006500630072006500740061007200690061002000640065002000450063006f006e006f006d0069006100000009000000010000004a000000304806082b0601050507030106082b0601050507030206082b06010505070304060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802020300000001000000140000007e206939cc5fa883635f64c750ebf5fda9aee6532000000001000000c8050000308205c4308204aca003020102020103300d06092a864886f70d01010505003082014b31183016060355042d030f005345432d3833303130312d395639311730150603550407130e416c7661726f204f627265676f6e3119301706035504081310446973747269746f204665646572616c310b3009060355040613024d58310e300c060355041113053031303330311d301b06035504091314496e73757267656e74657320537572203139343031423040060355040313394175746f726964616420436572746966696361646f7261205261697a206465206c6120536563726574617269612064652045636f6e6f6d696131343032060355040b132b446972656363696f6e2047656e6572616c206465204e6f726d6174697669646164204d657263616e74696c311f301d060355040a1316536563726574617269612064652045636f6e6f6d69613124302206092a864886f70d010901161561637273654065636f6e6f6d69612e676f622e6d78301e170d3035303530393030303030305a170d3235303530393030303030305a3082014b31183016060355042d030f005345432d3833303130312d395639311730150603550407130e416c7661726f204f627265676f6e3119301706035504081310446973747269746f204665646572616c310b3009060355040613024d58310e300c060355041113053031303330311d301b06035504091314496e73757267656e74657320537572203139343031423040060355040313394175746f726964616420436572746966696361646f7261205261697a206465206c6120536563726574617269612064652045636f6e6f6d696131343032060355040b132b446972656363696f6e2047656e6572616c206465204e6f726d6174697669646164204d657263616e74696c311f301d060355040a1316536563726574617269612064652045636f6e6f6d69613124302206092a864886f70d010901161561637273654065636f6e6f6d69612e676f622e6d7830820122300d06092a864886f70d01010105000382010f003082010a0282010100c164a0f4e75270b2ea9313f4353a1fea3a1cc51b8b58e196d602415e8e8540ff41664053fc98b5d13232976740809dee203f0e54fb4207fb771a99d886f41c2a8825f3e944a34efe07beb1c8ef3c8d87e01eca49103b28ef2451a1fc88174ae71cc8546763e86a31e6436cf6401186c456eebdc91da6463c1e46c2828d2ea9e8ee760a43e0724d8cf4c506fa2c01003360ce3870346b171aeb7a6461a793a4656ad723c7767a94510bec9ea8cf3ba250321c42bd63e187cbb985480ec0d558b6f6ce4bf207cfe304d51fc2d6a36ea3bbb6b76ec4f1a21f16bcb62db0eff45a9b298dbce1fc075b1e09338278cc406d71b363132fd34c36ac394fc6c1b0b6f5850203010001a381ae3081ab302f0603551d1f042830263024a022a020861e61637273652e65636f6e6f6d69612e676f622e6d782f6c6173742e63726c30460603551d20043f303d303b060b6086480186f84501070101302c302a06082b06010505070201161e61637273652e65636f6e6f6d69612e676f622e6d782f6370732e68746d6c300f0603551d130101ff040530030101ff300c0603551d0f04050303070600301106096086480186f8420101040403020007300d06092a864886f70d01010505000382010100c0def5622daea48d311fa77f1479bbd922c8982e8b201d069e5c600a4e7ededf9c133625f889931c9d1de1260a577f4ffddeb21eaa4f23eede3fccf2994417be55af168eb488c696785eff87025b08bce0a7ca6d7ff76f203ba6342a31661adb395c0d0734bec7b81613d10e9b00d8c4b5fba0e9eab7d2e26b9828910432c58274cebc39cb97cc766aef65d83edd72d6105e6d41b8d58814b19788481de20b54d368accb767d0a1ab64886e04cdeae4e78c45d3779eb7223debe95a6850e5cb11cb38105729d162841f805d9973e96fee7e3f3dcf716b40ebffdca1452927d09dbdbd4038c8d3cd8c58bad9cec5300ab402103aedb2fde01028cf4482565e40a | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CB44A097857C45FA187ED952086CB9841F2D51B5\Blob = 030000000100000014000000cb44a097857c45fa187ed952086cb9841f2d51b5090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b000000010000001c00000043006f006d006d006f006e00200050006f006c0069006300790000002000000001000000a5030000308203a130820289a0030201020210293647aae38aac864a2356f2cab761af300d06092a864886f70d0101050500304e310b300906035504061302757331183016060355040a130f552e532e20476f7665726e6d656e74310d300b060355040b130446424341311630140603550403130d436f6d6d6f6e20506f6c696379301e170d3037313031353135353830305a170d3237313031353136303830305a304e310b300906035504061302757331183016060355040a130f552e532e20476f7665726e6d656e74310d300b060355040b130446424341311630140603550403130d436f6d6d6f6e20506f6c69637930820122300d06092a864886f70d01010105000382010f003082010a0282010100978dbd3327e4ad5bfb78bd2f47476ec778e9939ca4dec91cfd2f1b3938ac4717c07e7729003b031f680fcd4da5ee77b82c626b31f6fa72097d3029067ce77ca33d84188a1dae2c92a81fe85e4f8d8eeb3f1af89c0a679db0674df02ed030dec394b0a0cf2e0a347f5409d336bda449575273e99dfee44879461b5b8d32e4a54864f3220d929d0815bf603c83f747222522ad2971b777ef17c9a2b6945ec83090a414485c56570b414c05d42a4c3fae129b591175700722692d2cd331cc927ecccda47e9447aa9c0908f64baf52e86a4091c555bd40b1c86d57869517e61f73be472e3e8b4c17b9b9251ca55217360859c042be0a2bb456513c1b55c98c9077eb0203010001a37b3079300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604142f5897d8a90598a5561ffbd9ab75ef023c3634c7301206092b060104018237150104050203010001302306092b06010401823715020416041476b76096dd145629ac7585d37063c1bc47861c8b300d06092a864886f70d0101050500038201010060aef348164072a60888c9bc472c244b5da09173ed657890f067907aa5bf0aadb62af99967df83c5771f340938f97e9e41e04860fee2aa5d8788ea88fd5c45b2c96ada7da4adb14fbf1c0d9f1e9ac0d51473382b8a78406e30f762e1cd99fc5169676c11ddb810a368de26a556fd366c37986cfbee7c3c6c6b703ff74837098f0b4281ad4646b80b8306f41b38a07f4fcd0bef838987971c8a3067dcfd54a1037e01cb854cb10b29c3beec7ce13f0f09523c2fa79a48fe37e9110658e136418ac4b6bf8eddce4ab3bc1ac0cdfa1a99d2719bfacfbcf2c454a3883576cc1b2c466f0cb4d1c36176927411ea4b808d1c89118bec5bff17c948fce7e00611e2845e | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\204285DCF7EB764195578E136BD4B7D1E98E46A5 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0456F23D1E9C43AECB0D807F1C0647551A05F456\Blob = 0b00000001000000540000004e004c00420020004e006f007600610020004c006a00750062006c006a0061006e0073006b0061002000420061006e006b006100200064002e0064002e0020004c006a00750062006c006a0061006e0061000000090000000100000056000000305406082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a0304060a2b0601040182370a030c06082b060105050703090300000001000000140000000456f23d1e9c43aecb0d807f1c0647551a05f4562000000001000000bb030000308203b73082029fa00302010202043ec3868e300d06092a864886f70d0101050500301d310b3009060355040613025349310e300c060355040a130541434e4c42301e170d3033303531353131353234355a170d3233303531353132323234355a301d310b3009060355040613025349310e300c060355040a130541434e4c4230820122300d06092a864886f70d01010105000382010f003082010a0282010100bf76753d0c7c403a665f4d8cfbdd3c2efe7d9464ed4ad44948a1ee9171b279c88e2b1faaf032b428b2a3c2754fa4e9a61af6a266612327612c6e17900bfade1e71520229049979acc0b0c066989811376410cf9cbc3b421c295c5590f67a224e56af3768bf743a6c3cc698cc6021bfe20827e4d92bbce38495d7d42460fc7e2d2f9d21eb9d91c6bba4d1ebc912ada3e8c8b57f554beb990254c4811c0cae39e46a7a05d84e70a0fa0377b3aed8b81492fb417713356ab7a2ca884bad2d51bc769a6cbb40bde7244c22a6e6fd4e087b9d0b10d612d2a6c6a16432f401739681e248b0c128633d3be767ac6ec514f51713a29c1f2b57f01527755dddb134d693110203010001a381fe3081fb301106096086480186f8420101040403020007303f0603551d1f043830363034a032a030a42e302c310b3009060355040613025349310e300c060355040a130541434e4c42310d300b0603550403130443524c31302b0603551d1004243022800f32303033303531353131353234355a810f32303233303531353132323234355a300b0603551d0f040403020106301f0603551d23041830168014ccbbbb86d66ff8beb4472277b3b6add70159964d301d0603551d0e04160414ccbbbb86d66ff8beb4472277b3b6add70159964d300c0603551d13040530030101ff301d06092a864886f67d0741000410300e1b0856362e303a342e3003020490300d06092a864886f70d010105050003820101001167cbcb9a6b2021dd6f6983d53f0dba9315974e7076265ce89e24e737fe3c50f4d4f92a2f0c13a15d04bcd0b0e9c203178505613dc0a7aa764cc3b83a83a986cf03f9770e2bb23d761b65d16a716071dbbbb87a8ef2f92183f8574ca8c7dd65c6eeef6fb3b699bbb4c3d0ab5fb2a07edd74212cc35aeb8da1cad8f0c817ed76ba84636e5bb9b5ca6dd7fc3439802fba4fdf8dd8fc18c43c8a352f778296ad209218b2e736f4ae3274b847d1d80fd82ccb6ac20075f92cf8420ecbfe7393a98fe1c7ae2137f3cab90cb4e7897e711c563420c3f134b9554bd35352f1072d2b3e5b19409f10edd32933c5af0f105687da3bc8b1ed38d919fb4bf0502da4cdd458 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\253F775B0E7797AB645F15915597C39E263631D1\Blob = 0b00000001000000240000004200490054002000410064006d0069006e002d0052006f006f0074002d00430041000000090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b06010505080202030000000100000014000000253f775b0e7797ab645f15915597c39e263631d1200000000100000059050000308205553082043da00302010202043bf381d0300d06092a864886f70d0101050500306c310b3009060355040613026368310e300c060355040a130561646d696e3111300f060355040b1308536572766963657331223020060355040b131943657274696669636174696f6e20417574686f726974696573311630140603550403130d41646d696e2d526f6f742d4341301e170d3031313131353038353130375a170d3231313131303037353130375a306c310b3009060355040613026368310e300c060355040a130561646d696e3111300f060355040b1308536572766963657331223020060355040b131943657274696669636174696f6e20417574686f726974696573311630140603550403130d41646d696e2d526f6f742d434130820122300d06092a864886f70d01010105000382010f003082010a0282010100cbe0af441422fe6a1749f25d9dcf5c02620b80b95abfa855337ba312245e4c6f3b41894e833d9fb3952634a6cc12f4cc9d875e3d0c0d172f85263e2a265973a1a8bc3bebe546b8f3597b20b15e40016dba67b36bebefc5e2f935dd0c6a06b69a289a70b3402976c07146116b43afe55641fbe61c39834db7f6a2b166c9a80db2f077be36c1202732b9ccd75acaf61741364dfbbb5581639c935e836b7fb81577727c7d4d096b5995e6ed30ab4446d91501a55b8965b6e028d92808957e0823b222e8df254c3c68f76ee74bc790fd844126be5c833ad72379b71af80719825a6958c5ff88722bc7bef8d32d3377a71612a88b21c642ae7a64aff2b3c0ed77e4690203010001a38201fd308201f9300f0603551d130101ff040530030101ff3081990603551d2004819130818e30818b06086085740111030100307f302b06082b06010505070202301f1a1d54686973206973207468652041646d696e2d526f6f742d434120435053305006082b060105050702011644687474703a2f2f7777772e696e666f726d6174696b2e61646d696e2e63682f504b492f6c696e6b732f4350535f325f31365f3735365f315f31375f335f315f302e706466307f0603551d1f047830763074a072a070a46e306c311630140603550403130d41646d696e2d526f6f742d434131223020060355040b131943657274696669636174696f6e20417574686f7269746965733111300f060355040b13085365727669636573310e300c060355040a130561646d696e310b3009060355040613026368301d0603551d0e04160414829ffa237320f1978bb24c4dbe42c57f66cd64e83081990603551d2304819130818e8014829ffa237320f1978bb24c4dbe42c57f66cd64e8a170a46e306c310b3009060355040613026368310e300c060355040a130561646d696e3111300f060355040b1308536572766963657331223020060355040b131943657274696669636174696f6e20417574686f726974696573311630140603550403130d41646d696e2d526f6f742d434182043bf381d0300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100784f7a5c2611a72eae9a43ca5c3582467ec8368f7a66b5a932081c0ce46ea1f1c8c1d4e480e78cbd63b10cdff2b93ec20b71406946a36cf45b0f0d2144c72a2b3d1a0bc0a0c1cc88ca1c3fac52b6f667cd4c6dc4be23fd412b046e77a51678e99b5c23cf811a0621636adc2951b23af99bf75db12df50417067f9ce837852dee31bc2e01f8c4eb6b8e34c53939f69498bb1f0e1e112fa88c070a48a28c6a998534b72a6185781a29691f9d25505104ca17c339380771e7d1989bd5d1181596bce2f3c9672bf109b2ce9cf4432601fa576b90a9b1bee835d569fff039154ebc5ff0cf3bf4be233f4566c4b4965dbe8f0ddec76d0942f389f9f13ff5744fdfb865 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\9FAD91A6CE6AC6C50047C44EC9D4A50D92D84979\Blob = 0b0000000100000030000000540068006100770074006500200053006500720076006500720020004300410020002800530048004100310029000000090000000100000020000000301e06082b0601050507030106082b0601050507030306082b060105050703080300000001000000140000009fad91a6ce6ac6c50047c44ec9d4a50d92d84979200000000100000026030000308203223082028ba003020102021034a4fff630af4ca53c331742a1946675300d06092a864886f70d01010505003081c4310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311d301b060355040a131454686177746520436f6e73756c74696e6720636331283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3119301706035504031310546861777465205365727665722043413126302406092a864886f70d01090116177365727665722d6365727473407468617774652e636f6d301e170d3936303830313030303030305a170d3231303130313233353935395a3081c4310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311d301b060355040a131454686177746520436f6e73756c74696e6720636331283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3119301706035504031310546861777465205365727665722043413126302406092a864886f70d01090116177365727665722d6365727473407468617774652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d3a4506ec8ff566be6cf5db6ea0c687547a2aac2da8425fca8f44751da85b5207494861e0f75c9e90861f5066d306e151902e952c062db4d999ee26a0c4438cdfebee3640970c5feb16b29b62f49c83bd427042510972fe7906dc0284299d74c43dec3f5216d549f5dc358e1c0e4d95bb0b8dcb47bdf363ac2b5662212d6870d0203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d010105050003818100be4069416fc6dbc1a7bf07c045e4d0b5431e4c953335e95ec23e28f6a80d50d5ffe20c0ffc50028eae91b9ad348a8d9f2771aa19cc4be804cad4176b121ad6c65fd6cd5eff8976bfd848d859bd088a891d57cd451e52ba129a84fa18895fe8f930356a0160b9998083850a6edaf4c98f5e732d314a63a074f21f8b22d2293eeb | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\971D3486FC1E8E6315F7C6F2E12967C724342214 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CC7EA292AF8715D74CA4B415F320154B24F565FD | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\90DECE77F8C825340E62EBD635E1BE20CF7327DD | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7A74410FB0CD5C972A364B71BF031D88A6510E9E\Blob = 0300000001000000140000007a74410fb0cd5c972a364b71bf031d88a6510e9e090000000100000016000000301406082b0601050507030406082b060105050703010b0000000100000024000000440053005400200028004100420041002e00450043004f004d00290020004300410000002000000001000000b9030000308203b53082029da003020102021100d01e4090000046520000000100000004300d06092a864886f70d0101050500308189310b3009060355040613025553310b3009060355040813024443311330110603550407130a57617368696e67746f6e31173015060355040a130e4142412e45434f4d2c20494e432e31193017060355040313104142412e45434f4d20526f6f742043413124302206092a864886f70d010901161561646d696e4064696773696774727573742e636f6d301e170d3939303731323137333335335a170d3039303730393137333335335a308189310b3009060355040613025553310b3009060355040813024443311330110603550407130a57617368696e67746f6e31173015060355040a130e4142412e45434f4d2c20494e432e31193017060355040313104142412e45434f4d20526f6f742043413124302206092a864886f70d010901161561646d696e4064696773696774727573742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b1d311e079554307084ccb054200e20d83463de493bab606d30d59bd3ec1ce4367018a21a8efbcccd0a2ccb055965384660500da444980d8540aa5258694ed6356ff706ca3a119d278be682a445e2fcfcc185e47bc3ab1463d1ef0b92c345f8c7c4c08299d4055eb3c7d83deb5f0f78a830ea14cb43aa5b35f5a2297ec199bc10568fde6b7a991942ce47848241a25193aeb959c390a8acf42b2f01cd55ffb6bed68567b392c7238b0ee93a9d37b773ceb7103a9384a166c892acada331379c2558ced9cbbf2cb5b10f82e6135c6294c2ad02a63d16559b4f8cdf9f40084b65742859d32a8f92a54fbff7841bcbd7128f4bb90bcff963404e3459ea1462840810203010001a316301430120603551d130101ff040830060101ff020108300d06092a864886f70d01010505000382010100046f2586e4e69627b4d942c0d0c900b17f543e87b26d24a92f0a7efda444b0f85407bd1b9d9dca7b50247b115b49a3a6bf1274d589b7b72f98642514b761e97f60806bd364e8abbd1ad651fac0b45d771a7f64085e79c6054cf17add4d7dcee6487b54d2619281d61bd600f00e9e2877a04d88c7227619c3c79e1ba67778f85f9b56d1f0f217ac8e9d59e61ffe57b6d95ee15d9f45ec61681941e1b22026fe5a307624ff40723c799f7c2248ab46cddbb3862c8fbf0541d3c1e314e3411726d07ca7714c19e84a0f7258317dec607aa32228bd1924603f3b8773c06be4cbaeb7ab2543b2552d7bab060e755d34e55d736d9eb27540a559c94f317188d9887f54 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\720FC15DDC27D456D098FABF3CDD78D31EF5A8DA | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\FAA7D9FB31B746F200A85E65797613D816E063B5\Blob = 0b0000000100000022000000560052004b00200047006f0076002e00200052006f006f0074002000430041000000090000000100000020000000301e06082b0601050507030106082b0601050507030206082b06010505070304030000000100000014000000faa7d9fb31b746f200a85e65797613d816e063b520000000010000001e0400003082041a30820302a00302010202030186a0300d06092a864886f70d01010505003081a3310b30090603550406130246493110300e0603550408130746696e6c616e643121301f060355040a131856616573746f72656b6973746572696b65736b757320434131293027060355040b132043657274696669636174696f6e20417574686f7269747920536572766963657331193017060355040b13105661726d656e6e6570616c76656c7574311930170603550403131056524b20476f762e20526f6f74204341301e170d3032313231383133353330305a170d3233313231383133353130385a3081a3310b30090603550406130246493110300e0603550408130746696e6c616e643121301f060355040a131856616573746f72656b6973746572696b65736b757320434131293027060355040b132043657274696669636174696f6e20417574686f7269747920536572766963657331193017060355040b13105661726d656e6e6570616c76656c7574311930170603550403131056524b20476f762e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100b08515dac80337d0a346376c1b1e9630c25a85126723f2bb9fe78a816027f813a93cbcf786aaaaf4f32529b4fe75ae1e81868a05b21d65b238e8b4cc289afb1736f193d579cec1838b214fc30dad41df789d48e31f4244fc3c6d21206bad228424428f174dc2501f64cd2d39225688fdb2639d54da4269c0c84fd718e23ec86984943d2c80c67ccebdd7531feb88b9a6cbbb8557ef57765d0c8bd35e12419f21c039f4266d08fa38b3a177b1ee16d8d068dab498a5a065464a6b8d7eaa4d60b8f8c80dfc713eee398781b4d9f86e90ee3f0e61d71d2b68e62ee1424426782c58f27d167f61c049242a8987b65d2f2919f8a6e78e529e414b5a0eaab8c26642530203010001a3553053300f0603551d130101ff040530030101ff301106096086480186f8420101040403020007300e0603551d0f0101ff0404030201c6301d0603551d0e04160414dbe9e19bd2d1240bfcabe3a067eaae9c4b77f4b0300d06092a864886f70d01010505000382010100ad7d480f54119e58eeaf0d9b122f21a4cd9bba8447e6c9255523e3df18582a2cdb5ef7cd54f551247b6267e1b11f49af34d0ebb1ccd9a20d527f424b886097cf2572b74f292d629f4fa1c05557560ec46897911f9c64c2293201e9d4c8dab88198282e18c72cfceb9b5296dff4c890192d23f3f1bb71da9e8523bd1aef2ee47a79b7c39d86492d63b92d74cf650f326689df3b21ee296f3963d915c16ef6df803e5078198add03a314a537a7b52c7cb61187e705f2bcb6ded4ff97812884fefe6c468510419f4d758c07d499676f758a6fe45092f699d510b8c4a97bf7178d4bbfd7959f09dc440f1e32c3c0cfd3790de4c73b87f09034882162499204041fbc | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\KB931125.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\KB931125.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\KB931125.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\KB931125.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\KB931125.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\KB931125.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\KB931125.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe
"C:\Users\Admin\AppData\Local\Temp\11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe"
C:\Users\Admin\AppData\Local\Temp\KB931125.exe
"C:\Users\Admin\AppData\Local\Temp\KB931125.exe" /Q
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe authroots.sst
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe updroots.sst
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -l roots.sst
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -d delroots.sst
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.ludashi.com | udp |
| CN | 114.115.218.83:80 | api.ludashi.com | tcp |
| US | 8.8.8.8:53 | s.ludashi.com | udp |
| CN | 47.117.76.6:80 | s.ludashi.com | tcp |
Files
memory/1968-1-0x0000000077800000-0x0000000077810000-memory.dmp
memory/1968-0-0x0000000077800000-0x0000000077810000-memory.dmp
\Users\Admin\AppData\Local\Temp\NetBridge.dll
| MD5 | 8786d469338c30e0ba9fedfc62bd5197 |
| SHA1 | 5fb12028ceae9772f938e1b98b699f0e02e32718 |
| SHA256 | beeaf8b72f7008e9adabacfcd85e32a50747a0dfb5c86802aeb973bd1f5c3d2f |
| SHA512 | 5db1e5b78e62cda81a63e8e712e720f87a7c7a539237a55a9098c076f9fb4e0b5adb83383c23657b4ccc90c117e55e3946a399cdf3d15cb94444b203d9d6c45c |
\Users\Admin\AppData\Local\Temp\KB931125.exe
| MD5 | 4a4d72d34f9da1fc5019e0748fcde2f5 |
| SHA1 | f54752ec63369522f37e545325519ee434cdf439 |
| SHA256 | 83b660f3f3eaddd4b388ed3f806f7444f03429fb63fc1f8db3d86294914a05ca |
| SHA512 | 95986ffbf51483a0d1a256028847c7ee6ac73ffd62f6d838309a69e1833f719a7cfed5422815f4d4a49dbd599c449f8db8f60273136720cb1da5f8b0eb24cb33 |
\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
| MD5 | a64e4b204d44548eeb5c3d86eca2ad70 |
| SHA1 | e3245bf6dbb2e56d71a9cbad2697aa4fa0df6bbe |
| SHA256 | 985a5603ebf94539ac11549999f83b5e6dc008180994898c5daa6fd31ae1e9dc |
| SHA512 | dca4099318954bab5f1204645be0d0e8fea0c2e97ee95496fa884fbed627e376358623fa94c39bf0abe97d07d46a7e6c5e1081496cdd1987e07e595995a46cd5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rootsupd.inf
| MD5 | 421e60325404f5f29ac04c9b9d59096b |
| SHA1 | aace2fd74d799e8af5c8d5b2646361bb67a1620c |
| SHA256 | 571a8da5298aacc37700c747ee5d72b5a7797835140e7a4d4f895e9604574d77 |
| SHA512 | 86693975b1b187ee65b0a23b1f3f8e05d1a3f61e7e47b060f938fe1602bbad96021847b709e64c2d5a295b72f10f4db587a11a1e7ca0a0b64c3bed7fa683b1d2 |
\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
| MD5 | 9c18ae971cbffb096952177f6804ea31 |
| SHA1 | bb255dd1bd9bb39cdbb8671af66054432c686828 |
| SHA256 | 2703c25453b09c40ee81fdc458b8cc24712e387a12d15ff94e12b02921fe98cb |
| SHA512 | 21086509bb4ea5afede55d034955de0bdf8b366d5d8d4bfa7a6c68b0f35fbf217ff3e932f87fc1d37f09022805e79ceeecbaf3dbccbd96d7c93029ffe7370e4c |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\authroots.sst
| MD5 | bb49ccc10926cdb601eba81afef749a2 |
| SHA1 | a4766c9aea8d211e9632148fd4b625cece195be9 |
| SHA256 | f013ee3b7fede9a95844e83e83ee298d38cba6efce5a5cafcd8b95255c32f86c |
| SHA512 | 94c2809727039d1ed07a3742a4b2f9300e865ea7c49bc1fcf547a30238eeecc88d8dd06a2d4f3112317f948908b9af082b50f412a41a2bcb48d5e30d6d8ecbba |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.sst
| MD5 | 2d9b4498c847715418160bfd7e7c8a2d |
| SHA1 | e0873091d476d2566aa6fc988cb364247c95dc97 |
| SHA256 | c49c05b701c390c679e5e3226ec621f22a08155b1065fcfc37b509f648f03b41 |
| SHA512 | dcf3208cdd1e4353f82823f796d735c1209f149f183eea827a90753ec55509a1c460a16c120e07c12a5eacf0e67d2661c25638491ecf4403e25d6508983e519b |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\roots.sst
| MD5 | 9e5de0fd1f90486a66dee4bfe89a78d7 |
| SHA1 | 90e3188ef63495aaa71c85d4ff0f23253c834b40 |
| SHA256 | 8b95ff56d61586582864d05563762615c8705779578dca3c98a303c3b1f4122e |
| SHA512 | 60006fa6f57e4d280642d51055f85f8d27b913ce71373de5b928c515c77647295030ab73ab4a55024de4a40c18f200909f49ffb52c26cf554835fc3d4cc348f1 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\delroots.sst
| MD5 | 7b32871e409608ff887b6cf4d87debb0 |
| SHA1 | 191f9ea1298ee52dbd6f977b3584109a064f57b9 |
| SHA256 | 3f01268547364d2d60a0f65b46757cccfd9225fc39d581846a8fbffdb5756ff2 |
| SHA512 | 534a384f7946db4083e639b8e02d83ac97293c60630b8811a84c85e0330e9c293f05f5cf71e0f3580551e7923bc5a3bfb7f0406432ca3cdb7efeb4a950ac5e8a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-07 11:17
Reported
2024-05-07 11:20
Platform
win10v2004-20240426-en
Max time kernel
136s
Max time network
100s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe
"C:\Users\Admin\AppData\Local\Temp\11e96f2449e3fa7cb93e96af68b6fdea11c81f284094daaa067e0ef7df449619.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
memory/2804-1-0x0000000076FC0000-0x0000000076FD0000-memory.dmp
memory/2804-0-0x0000000076FC0000-0x0000000076FD0000-memory.dmp
memory/2804-2-0x0000000077052000-0x0000000077053000-memory.dmp
memory/2804-3-0x00000000008A0000-0x00000000008A7000-memory.dmp