b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 15:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe
Size

4.8MB
MD5

35d215e36f7b7b09f1a60e1b45fab112
SHA1

5d4a9ed9994f512b8bd5e308ceff5aec60ba6bcd
SHA256

b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0
SHA512

2596e6f3b104a83d810e4a3332f5d6d43cc58d92ba80c877b0fc82aa094813bb23eff6527b59517c99499045d08ff9f4a0c70046f81fc8c7e1d8fe034fee252a
SSDEEP

98304:OX3oVSsYFZ2xtp/BZXxkIpPG1f5e8M/Cw/khc5FbKEQ26PVR7m6gZ1MRGNCyI5AB:IF2lBZBkIOhe8M/Cw/khc5FbKEV6PVRa

Score

8^/10

bootkit persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 12 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Version = "28,0,2195,0"	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Locale = "*"	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ComponentID = "Windows Roots Update"	KB931125.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ = "RootsUpdate"	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Version = "28,0,2195,0"	KB931125.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}	KB931125.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\IsInstalled = "1"	KB931125.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\IsInstalled = "1"	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Locale = "*"	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ComponentID = "Windows Roots Update"	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ = "RootsUpdate"	KB931125.exe

Executes dropped EXE 10 IoCs

pid	Process
2628	KB931125.exe
2440	updroots.exe
2420	updroots.exe
2488	updroots.exe
2872	updroots.exe
2744	KB931125.exe
1776	updroots.exe
1760	updroots.exe
380	updroots.exe
2352	updroots.exe

Loads dropped DLL 31 IoCs

pid	Process
1520	b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe
1520	b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe
2628	KB931125.exe
2628	KB931125.exe
2628	KB931125.exe
2628	KB931125.exe
2440	updroots.exe
2628	KB931125.exe
2628	KB931125.exe
2420	updroots.exe
2628	KB931125.exe
2628	KB931125.exe
2488	updroots.exe
2628	KB931125.exe
2628	KB931125.exe
2872	updroots.exe
1520	b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe
2744	KB931125.exe
2744	KB931125.exe
2744	KB931125.exe
2744	KB931125.exe
1776	updroots.exe
2744	KB931125.exe
2744	KB931125.exe
1760	updroots.exe
2744	KB931125.exe
2744	KB931125.exe
380	updroots.exe
2744	KB931125.exe
2744	KB931125.exe
2352	updroots.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.app.log	KB931125.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	KB931125.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 64 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\37F76DE6077C90C5B13E931AB74110B4F2E49A27\Blob = 0b000000010000002200000053006f006e00650072006100200043006c006100730073003200200043004100000009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030303000000010000001400000037f76de6077c90c5b13e931ab74110b4f2e49a272000000001000000240300003082032030820208a00302010202011d300d06092a864886f70d01010505003039310b3009060355040613024649310f300d060355040a1306536f6e6572613119301706035504031310536f6e65726120436c61737332204341301e170d3031303430363037323934305a170d3231303430363037323934305a3039310b3009060355040613024649310f300d060355040a1306536f6e6572613119301706035504031310536f6e65726120436c6173733220434130820122300d06092a864886f70d01010105000382010f003082010a028201010090174a359dcaf00d96c744fa1637fc48bdbd7f802d353be16fa867a9bf031c4d8c6f3247d54168a41304c1350c9a8443fc5c1dff89b3e81718cd915ffb89e3eabf4e5d7c1b26d37579ede684e357e5ad29c4f43a28e7a57b843669b3fd5e76bda32d99d3904e23287d1863f1543b269d765b9742b2ffaef04eecdd39954e83067fe74940c8c501b2545a661d3dfcf9e93c0a9e81b870f0018be423547cc8aef8901e009672d454cf6123bceafb9d0295d1b6b9713a69083f0fb4e142c788f53f98a8a7ba1ce07171ef585781507a5c6b74460e830398c38ea86ef276326e2783c273f3dc18e8b493ea75446b0460207157879df3bea090233d8a24e1da21dbc30203010001a3333031300f0603551d130101ff040530030101ff30110603551d0e040a04084aa0aa5884d35e3c300b0603551d0f040403020106300d06092a864886f70d010105050003820101005ace87f9167215574b1dd99be7a22630ec9367dfd62dd234aff738a5ceab16b9ab2f7c35cbacd00fb44c2bfc80ef6b8c915f3676f7dbb31b19eaf4b211fd617144bf28b33a1dbfb343e89fbfdc310871b09d8dd634473290c66524f7a04a7c04738f396f178c72b5bd4bc87af87b83c3284e9c09ea673fb267041bc314daf8e7492491d01d6afa6139ef6be721750607d812b4212070427181da3c9a36bea65b0d6a6c9a1f917bf9f9ef42ba4e4e9ecc0c8d94dcd9459c5eec425063aef45dc4b112dcca3ba82e9d145a0575b7ecd763e2ba35b6040891e8da9d9cf666b518ac0aa654263433d21bc1d47f1a3a8e0baa326edbfc4f259fd932c7965a70acdf4c	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D29F6C98BEFC6D986521543EE8BE56CEBC288CF3	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6E3A55A4190C195C93843CC0DB722E313061F0B1	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\90DEDE9E4C4E9F6FD88617579DD391BC65A68964	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 0b00000001000000140000005500530045005200540072007500730074000000090000000100000022000000302006082b0601050507030306082b06010505070308060a2b0601040182370a0304030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4620000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8250BED5A214433A66377CBC10EF83F669DA3A67	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFE	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B435D4E1119D1C6690A749EBB394BD637BA782B7	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6E3A55A4190C195C93843CC0DB722E313061F0B1\Blob = 0b000000010000004c0000004300680061006d006200650072007300690067006e0020004300680061006d00620065007200730020006f006600200043006f006d006d006500720063006500200052006f006f0074000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080300000001000000140000006e3a55a4190c195c93843cc0db722e313061f0b12000000001000000c1040000308204bd308203a5a003020102020100300d06092a864886f70d0101050500307f310b300906035504061302455531273025060355040a131e41432043616d65726669726d61205341204349462041383237343332383731233021060355040b131a687474703a2f2f7777772e6368616d6265727369676e2e6f726731223020060355040313194368616d62657273206f6620436f6d6d6572636520526f6f74301e170d3033303933303136313334335a170d3337303933303136313334345a307f310b300906035504061302455531273025060355040a131e41432043616d65726669726d61205341204349462041383237343332383731233021060355040b131a687474703a2f2f7777772e6368616d6265727369676e2e6f726731223020060355040313194368616d62657273206f6620436f6d6d6572636520526f6f7430820120300d06092a864886f70d01010105000382010d00308201080282010100b73655e5a55d1830e0da895491fcc8c752f82f50d9efb1757365477d1b5bba75c5fca18824fa2fedca084a3954c4517ab5da60ea383c81b2cbf1bbd991233f48017075a9052aad1f71f3c9543d1d066a403eb30c85ee5c1b79c262c4b8368e355d010c23044735aa9b604ea0663dcb260a9c40a1f45d98bf71aba500682aed837a0fa214b5d422b380b03c0c5a51692d58188fed999ef1aee295e6f647a8d60c0fb05858dbc366379e9b91543337d2941c6a48c9c9f2a5daa50c23f7230e9c32555e719c8405519a2dfde64e2a345adeca4037670c54215577da0a0ccc97ae80dc94364af43ece36131e53e4ac4e3a05ecdbae729c388bd0393b890a3e77fe75020103a38201443082014030120603551d130101ff040830060101ff02010c303c0603551d1f043530333031a02fa02d862b687474703a2f2f63726c2e6368616d6265727369676e2e6f72672f6368616d62657273726f6f742e63726c301d0603551d0e04160414e394f5b14de9dba1295b578b4d760676e1d1a28a300e0603551d0f0101ff040403020106301106096086480186f842010104040302000730270603551d110420301e811c6368616d62657273726f6f74406368616d6265727369676e2e6f726730270603551d120420301e811c6368616d62657273726f6f74406368616d6265727369676e2e6f726730580603551d200451304f304d060b2b0601040181872e0a0301303e303c06082b060105050702011630687474703a2f2f6370732e6368616d6265727369676e2e6f72672f6370732f6368616d62657273726f6f742e68746d6c300d06092a864886f70d010105050003820101000c4197c21a86c0227c9ffb90f31ad103b1ef13f9215f049cdac9a58d276c968791be4190017293e71e7d5ff689c65da740093dac494545dc2e8d3068b209bafbc32fccba0bdf3f777b467d3a12248e968f3c050a6fd294281d6d0cc02e8822d5d8cf1d13c7f048d7d705a7cfc7479e3b3c34c8804fd414bbfc0d50f7fab3ec425fa9dd6dc8f475cf7bc17226b1011c5c2cfd7a4eb401c50557b9e73caa05d988e9074641ceef4181ae58df83a2aecad7771fe7003c9d6f8ee432091d4d783478343c949b26ed4f71c6197abd2022485afe4b7d03b7e758bec6324e741e68dda8685bb33eee627dd980e80a757ab7eeb4659a2190e0aad098bc38b5733c8bf8dc	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8EFDCABC93E61E925D4D1DED181A4320A467A139	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B12E13634586A46F1AB2606837582DC4ACFD9497	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F18B538D1BE903B6A6F056435B171589CAF36BF2\Blob = 0b000000010000003800000074006800610077007400650020005000720069006d00610072007900200052006f006f00740020004300410020002d002000470033000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308030000000100000014000000f18b538d1be903b6a6f056435b171589caf36bf220000000010000002e0400003082042a30820312a0030201020210600197b746a7eab4b49ad64b2ff790fb300d06092a864886f70d01010b05003081ae310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303038207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79312430220603550403131b746861777465205072696d61727920526f6f74204341202d204733301e170d3038303430323030303030305a170d3337313230313233353935395a3081ae310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303038207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79312430220603550403131b746861777465205072696d61727920526f6f74204341202d20473330820122300d06092a864886f70d01010105000382010f003082010a0282010100b2bf272cfbdbd85bdd787b1b9e776681cb3ebc7caef3a6279a34a3683171383362e4f3716679b1a965a3a58bd58f602d3f42ccaa6b32c023cb2c41dde4dffc619ce273b222951143185fc4b61f576c0a055822c8364c3a7ca5d1cf86af88a74402137471730a425902f81b146b42df6f5fba6b82a29d5be74abd1e0172db4b74e83b7f7f7d1f04b4269be0b45aac473d55b8d7b026522801314066d8d924bdf62ad8ec21495c9bf67ae97f55357e966b8d939327cb92bbeaac40c09fc2f880cf5df45adcce7486a63e6c0b53cabd92ce190672e60c5c3869c704d6bc6cce5bf6f7689cdc25154888a1e9a9f8989ce0f3d5312861116c67968d3999cbc24524390203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414ad6caa94609cede4fffa3e0a742b6303f7b659bf300d06092a864886f70d01010b050003820101001a40d89565ac099289c639f410e5a90e66535d78defa2491bbe74451dfc616340aef6a4451ea2b078a037ac3eb3f0a2c5216a02b43b925903f70a933256d451a283b27cfaac329421bdf3b4cc033345b4188bf6b2b65af28efb2f5c3aa66ce7b56eeb7c8cb67c1c99c1a18b8c4c34903f1600e50cd46c5f37779f7b615e038dbc72f28a00c3f772674d92512da31da1a1edc294191223c69a7bb02f2b65c270389f406ea9be47282e3a109c1e90019d33ed4706bba71a6aa58aef4bbe96cb6ef87cc9bbbff39e65661d30aa7c45c4c607b0577267abfd807522c62f77063d939bc6f1cc279dc7629afcec52c64045e88366e31d4401a6234363f3501aeac63a0	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\22D5D8DF8F0231D18DF79DB7CF8A2D64C93F6C3A	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2964B686135B5DFDDD3253A89BBC24D74B08C64D	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8BAF4C9B1DF02A92F7DA128EB91BACF498604B6F	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\47BEABC922EAE80E78783462A79F45C254FDE68B	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CB44A097857C45FA187ED952086CB9841F2D51B5	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E7B4F69D61EC9069DB7E90A7401A3CF47D4FE8EE\Blob = 030000000100000014000000e7b4f69d61ec9069db7e90a7401a3cf47d4fe8ee090000000100000048000000304606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030606082b0601050507030706082b060105050703090b0000000100000052000000570065006c006c00730053006500630075007200650020005000750062006c0069006300200043006500720074006900660069006300610074006500200041007500740068006f007200690074007900000053000000010000002400000030223020060a6086480186fb7b83740930123010060a2b0601040182373c0101030200c02000000001000000c1040000308204bd308203a5a003020102020101300d06092a864886f70d0101050500308185310b30090603550406130255533120301e060355040a0c1757656c6c7320466172676f2057656c6c73536563757265311c301a060355040b0c1357656c6c7320466172676f2042616e6b204e413136303406035504030c2d57656c6c73536563757265205075626c696320526f6f7420436572746966696361746520417574686f72697479301e170d3037313231333137303735345a170d3232313231343030303735345a308185310b30090603550406130255533120301e060355040a0c1757656c6c7320466172676f2057656c6c73536563757265311c301a060355040b0c1357656c6c7320466172676f2042616e6b204e413136303406035504030c2d57656c6c73536563757265205075626c696320526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ee6fb4bd79e28f08219e38044125efab5b1c5392ac6d9eddc2c42e4594033588677457e3df8cb8a7768f3bf7a8c4db29630e9168368a978e8a71680907e4e8d40e4ff8d62b4ca416f9ef43988fb39e52df6d91398f38bd778b4363ebb793fc304c1c0193b613fbf7a11fbf25e174372c1ea45e3c68f84bbf0db91e2e36e8a9e4a7f80fcb82757c352d22d6c2bf0bf3b4fc6c95611e57d7048132835279e68363cfb7cb638b11e2bd5eebf68ded957228b4ac1262e94a33e68332ae057595bd8495db2a5c9b8e2e0cb8812b41e638569f499b6c76fa8a5df70179817cc1834005fe71fd0c3fcc4e60090e6547102f01c0053f8ff8b341ef5a427e59efd2970c650203010001a382013430820130300f0603551d130101ff040530030101ff30390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e706b692e77656c6c73666172676f2e636f6d2f7773707263612e63726c300e0603551d0f0101ff0404030201c6301d0603551d0e0416041426951910d9e8a19791ffdc19d9b5043ed2730a6a3081b20603551d230481aa3081a7801426951910d9e8a19791ffdc19d9b5043ed2730a6aa1818ba48188308185310b30090603550406130255533120301e060355040a0c1757656c6c7320466172676f2057656c6c73536563757265311c301a060355040b0c1357656c6c7320466172676f2042616e6b204e413136303406035504030c2d57656c6c73536563757265205075626c696320526f6f7420436572746966696361746520417574686f72697479820101300d06092a864886f70d01010505000382010100b915b14491cc23c82b4d77e3f89a7b270dcd72bb9900ca7c661950c6d598edabbf035ae54de51ec84f719786d5e31dfd90c93c7577577a7df8def4d4d5f795e6746e1d3cae7c9ddb0203052c714b253e07e35e9af5661729881a389fcfaa410384976b93387aca30441b244433d0e4d1dc2838f4134335352963a87ca2b5ad38a4edadfdc69a1fff9773fefbb335a79386c6769100e6ac5116c427325cdb73daa593578e3e6d35260859d5e744d7762063e7ac1367c36db170467cd596113d896f5da8a1eb8d0adac31d336ca3ea67199a997f4b3d83512a1dca2f860ca27e102d2bd416950b07aa2e149249b7296fd86d317df5fca1100787ce2f59dc3e58db	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\925A8F8D2C6D04E0665F596AFF22D863E8256F3F	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5D989CDB159611365165641B560FDBEA2AC23EF1\Blob = 0300000001000000140000005d989cdb159611365165641b560fdbea2ac23ef1090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000004a000000550054004e0020002d0020005500530045005200460069007200730074002d004e006500740077006f0072006b0020004100700070006c00690063006100740069006f006e0073000000200000000100000068040000308204643082034ca003020102021044be0c8b500024b411d336304bc03377300d06092a864886f70d01010505003081a3310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d312b30290603550403132255544e2d5553455246697273742d4e6574776f726b204170706c69636174696f6e73301e170d3939303730393138343833395a170d3139303730393138353734395a3081a3310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d312b30290603550403132255544e2d5553455246697273742d4e6574776f726b204170706c69636174696f6e7330820122300d06092a864886f70d01010105000382010f003082010a0282010100b3fb91a1e4365585ac06345ba09a58b2f8b50f057783ae32b1769268ec234ac9763fe39cb6377903b9ab698d0725b61967e4b01b1873614ae87ecdd32f64e3a67c0cfa1780a30d47894f51712feefc3ff9b8168087899325209a4382692476285935a11dc07f83066416202cd349a485b4c0617f5108f868159180cba5d5ee3b3af484045e6059a78c3472eeb878c5d13b124a6f7e6527b9a455c5b96f43a4c51d2c99c052a4784c15b34098086b43c601b07a7bf56b1c223fcbefffa8d03a4b76159ed2d1c62ee3db571b32a2b86fe886a63f70abe57092ab441e4050fb9ca362e46c6ea0c8dee28042fae92fe8ce32048f7c8db71ca3353c15dd9ec3ae97a50203010001a3819130818e300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414fa86c9dbe0bae978f54ba8d615dff0d3e16a143c304f0603551d1f044830463044a042a040863e687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4e6574776f726b4170706c69636174696f6e732e63726c300d06092a864886f70d01010505000382010100a4f325ccd1d4918322d0cc32ab9b964e349154202534615f2a0215e18baaff7d6451cf0affbc7dd8216a78cb2f516ff8421d33bdebb57b94c3c3a9a02ddfd1291f1dfe8f3fbba8452a7fd16e5524e2bb02fb313fbee8bcec402bf801d45638e4ca4482b56120216765f6f00be734f8a5c29ca35c401f85939506de4fd427a9b6a5fc16cd73313fb86527cfd4531af0ac6e9f4f050c0381a78429c45abd645772ad3bcf3718a698c6ad06b4dc08a304d529a4969a12674a8c60459df1239ab0009c68b59850d3ef8e2e9265b1483e21be15302a0db50ca36b3fae7f57f51f967cdf6fdd82302c651b404acd68b972ec7176ec548e1f850c016afaa638ac1fc484	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\74207441729CDD92EC7931D823108DC28192E2BB\Blob = 03000000010000001400000074207441729cdd92ec7931d823108dc28192e2bb090000000100000016000000301406082b0601050507030406082b060105050703010b0000000100000038000000430065007200740050006c0075007300200043006c006100730073002000320020005000720069006d00610072007900200043004100000053000000010000002700000030253023060d2b0601040181ad5a020502030130123010060a2b0601040182373c0101030200c0200000000100000096030000308203923082027aa00302010202110085bd4bf3d8dae369f694d75fc3a54423300d06092a864886f70d0101050500303d310b30090603550406130246523111300f060355040a130843657274706c7573311b301906035504031312436c6173732032205072696d617279204341301e170d3939303730373137303530305a170d3139303730363233353935395a303d310b30090603550406130246523111300f060355040a130843657274706c7573311b301906035504031312436c6173732032205072696d61727920434130820122300d06092a864886f70d01010105000382010f003082010a0282010100dc5096d012f835d208787ab65270fd6feecfb911cb5d77e1ece97e048dd6cc6f73435760ac330a44ec035f1c802491e5a891561282f7e02bf4dbae612e89108d6b6cbab302bdd536c5483723e2f05a3752331712e2d1604dbe2f4111e3f617250c8b91c01b997b99560dafeed2bc4757e379497b3489272484deb1ece9584efe4edf5abe41adac08c5180eefd253ee6cd09d1201138ddc8062f795a944884a714e60559edb23197956070c3f630b5cb0e2be7e15fc943358413874c4e18f8bdf26ac1fb58b3bb743596bb024a66d908bc472ea5d3398b7cbde5e7bef94f11b3ecac921c1c59802aaa2f65b779bf57e9655341c6769c0f142e347acfc281c66550203010001a3818c308189300f0603551d13040830060101ff02010a300b0603551d0f040403020106301d0603551d0e04160414e3732ddfcb0e280cdeddb3a4ca79b88ebbe83089301106096086480186f842010104040302010630370603551d1f0430302e302ca02aa0288626687474703a2f2f7777772e63657274706c75732e636f6d2f43524c2f636c617373322e63726c300d06092a864886f70d01010505000382010100a754cf884419cbdfd47f00df563362b5f7510190ebc33fd18844e9245defe714bd20b79a3c00fe6d9fdb90dcd7f462d68b705de7e50448a9687cc9f142f36c7fc57a7c1d5188bad20a3e275dde2d514ed3136469e42ee3d3e79b0999a6e0959bce1ad77fbe3cce52b31115c10f17cd03bb9c2515baa27689fc06f118d0934b0e7c82b7a5f4f65ffeed40a69d847439b9dc1e8516da291b862300c9bb897e6e80881e2f14b40324a8326f039a472c30be56c6a74202701bea40d8ba05037007a496fffd48330ae1dca581909b4ddd7de7e7b2cd5cc86a95f8a5f68dc45d7808be7b06d649cf193650232e08e69e054d4718d516e9b1d6b610d5bb97bfa28eb454	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85A408C09C193E5D51587DCDD61330FD8CDE37BF	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\11C5B5F75552B011669C2E9717DE6D9BFF5FA810\Blob = 03000000010000001400000011c5b5f75552b011669c2e9717de6d9bff5fa810090000000100000048000000304606082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030706082b0601050507030806082b060105050703090b000000010000003000000041004e004300450052005400200043006500720074006900660069006300610064006f0073002000430047004e00000020000000010000002e0500003082052a30820412a003020102020f4474ecc86c721e58ddb82c7ef4fc95300d06092a864886f70d0101050500307c310b3009060355040613024553314b3049060355040a13424167656e636961204e6f74617269616c2064652043657274696669636163696f6e20532e4c2e20556e69706572736f6e616c202d20434946204238333339353938383120301e06035504031317414e4345525420436572746966696361646f732043474e301e170d3034303231313137323731325a170d3234303231313137323731325a307c310b3009060355040613024553314b3049060355040a13424167656e636961204e6f74617269616c2064652043657274696669636163696f6e20532e4c2e20556e69706572736f6e616c202d20434946204238333339353938383120301e06035504031317414e4345525420436572746966696361646f732043474e30820122300d06092a864886f70d01010105000382010f003082010a028201010090753f3f0caccad47cc448a718bb3abba1bbd57bdf8b19e48244fb65ecb612613e692219623524b6d51006a9456a242af5278c783cc8b9f3056cc50203d24e8064ec86ab7894220200b5689bd4e5555fe0c88030e70bbf6bd7048e4e7998704c1c26b9b3a8eaf011a2b98a530226751289e1fb884e597a00d182d816aee5b6bc9525604077251b9eef8de4fdf04f333125bfee7a0a54f0903867127ba560da0c01899a76872ef51b437be5e7264afb1562ab451b7bd50aa54d6c4dab9f284884e18375b818705553dbd0df2990af39c61795c194c55ed9655f5dff6e169598219f5e4df0cd31392103170d911fa1559941ec55c9bb3d995c9bc57fd11c5eea530203010001a38201a7308201a3300f0603551d130101ff040530030101ff308201200603551d2004820117308201133082010f06092b060104018193680430820100302506082b060105050702011619687474703a2f2f7777772e616e636572742e636f6d2f6370733081d606082b060105050702023081c9300d1606414e4345525430030201011a81b74167656e636961204e6f74617269616c2064652043657274696669636163696f6e2e204c61206465636c61726163696f6e2064652070726163746963617320646520636572746966696163696f6e20717565207269676520656c2066756e63696f6e616d69656e746f206465206c612070726573656e7465206175746f726964616420736520656e6375656e74726120646973706f6e69626c6520656e20687474703a2f2f7777772e616e636572742e636f6d2f637073300e0603551d0f0101ff040403020186301c0603551d11041530138111616e6365727440616e636572742e636f6d301f0603551d23041830168014ec579fc876226fcc3aae5bf02da16258d18d02cc301d0603551d0e04160414ec579fc876226fcc3aae5bf02da16258d18d02cc300d06092a864886f70d010105050003820101008b3ddfdc362c7f279cfcb55853710a125d10645171b54a56f45e44671eef1db2f1a4513c676c2c65967aa112a3af0b08370e99d66e28870b62ab4e784e72819bdf114f8960c851a61b060971737c37b71c38379af987e1efa1ee7fd7c0ea3914fa7c6f0bf986cae6c57769a09f8d29a3776ec5ccdaf6dd067ad369663e603be332dfaef01b9e2a9dcc84df1a1047eda556964237b52d720d411293ba328844c8ae09c4bd80edfd600f72b2b664f66320327077872e332e9f35c85fa89256b7ff243a2c5df226056819f25167cfdf5209e982047a6b82a77fe5d2a9746b1826c8bad4d51ea54b3b26c19d22e1fb12bdd56246d5d75dd2ddc3fc610d30054f058b	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0560A2C738FF98D1172A94FE45FB8A47D665371E	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\23E594945195F2414803B4D564D2A3A3F5D88B8C\Blob = 0b000000010000000e0000007400680061007700740065000000090000000100000016000000301406082b0601050507030106082b0601050507030303000000010000001400000023e594945195f2414803b4d564d2a3a3f5d88b8c200000000100000017030000308203133082027ca003020102020101300d06092a864886f70d01010405003081c4310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311d301b060355040a131454686177746520436f6e73756c74696e6720636331283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3119301706035504031310546861777465205365727665722043413126302406092a864886f70d01090116177365727665722d6365727473407468617774652e636f6d301e170d3936303830313030303030305a170d3230313233313233353935395a3081c4310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311d301b060355040a131454686177746520436f6e73756c74696e6720636331283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3119301706035504031310546861777465205365727665722043413126302406092a864886f70d01090116177365727665722d6365727473407468617774652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d3a4506ec8ff566be6cf5db6ea0c687547a2aac2da8425fca8f44751da85b5207494861e0f75c9e90861f5066d306e151902e952c062db4d999ee26a0c4438cdfebee3640970c5feb16b29b62f49c83bd427042510972fe7906dc0284299d74c43dec3f5216d549f5dc358e1c0e4d95bb0b8dcb47bdf363ac2b5662212d6870d0203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010405000381810007fa4c695cfb95cc46ee85834d21308ecad9a86f491ae6da51e360706c846111a11ac8483e59437d4f953da18bb70b62987a758add884e4e9e40dba8cc3274b96f0dc6e3b3440bd98a6f9a299b9918283bd1e340289a5a3cd5b5e7201b8bcaa4ab8de951d9e24c2c59a9dab9b2751bf642f2efc7f218f989bca3ff8a232e7047	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DBAC3C7AA4254DA1AA5CAAD68468CB88EEDDEEA8	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a09000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c02000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE990CED99E0431F60EDC3937E7CD5BF0ED9E5FA\Blob = 0b000000010000001c00000043006900730063006f002000530079007300740065006d0073000000090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050508020206082b0601050507030606082b0601050507030706082b06010505070305030000000100000014000000de990ced99e0431f60edc3937e7cd5bf0ed9e5fa200000000100000047030000308203433082022ba00302010202105ff87b282b54dc8d42a315b568c9adff300d06092a864886f70d0101050500303531163014060355040a130d436973636f2053797374656d73311b301906035504031312436973636f20526f6f742043412032303438301e170d3034303531343230313731325a170d3239303531343230323534325a303531163014060355040a130d436973636f2053797374656d73311b301906035504031312436973636f20526f6f74204341203230343830820120300d06092a864886f70d01010105000382010d00308201080282010100b09ab9aba7af0a77a7e271b6b4666294788847c66255844032bfc0ab2ea51c71d6bc6e7ba8aaba6ed2158848459da2fc83d0ccb98ce02668704a78df21179ef46105c915c8cf16da3561899443a884a83198789bb94e6f2c53126ccd1dad2b24bb31c42bff83446fb63d247709eabf2aa81f6a56f6200f1154978175a725ce596a8265efb7eae7e28d758b6ef2dd4fa65e629ccf100a64d04e6dce2bcc5bf560a527478d69f47fce1b70de701b20d66ecda601a83c12d2a93fa06b5ebb8e208b7a91e3b568eea0e7c40174a8530b2b4a9a0f65120e824d8e63fdefeb9b1adb53a61360afc27dd7c76c1725d473fb4764508180944ce1bfae4b1cdf92ed2e05df020103a351304f300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041427f3c8151e6e9a020916ad2ba089605fda7b2faa301006092b06010401823715010403020100300d06092a864886f70d010105050003820101009d9d8484a341a97c770cb753ca4e445062ef547cd375171ce8e0c6484bb6fe4c3a198156b056ee199662aa5aa364c1f64e5433c677fec51cbae55d25caf5f0939a83112ee6cbf87445fee705b8abe7dfcb4be13784dab98b97701ef0e28bd7b0d80e9db169d62a917ba9494f7ee68e95d883273cd568490ed49df62eeba7beeb30a4ac1f44fc95ab3306fb7d600adeb48a63b09ca9f2a4b9530187d068a4277fabffe9fac940388867b439c6846f57c953dbba8eeec043b2f809836eff66cf3eef17b358182509345ee3cbd614b6ecf2926f74e42f812ad59291e0e0973c326805854bd1f757e2521d931a549f0570c04a71601e430b601efea3ce8119e10b35	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5F3AFC0A8B64F686673474DF7EA9A2FEF9FA7A51\Blob = 0300000001000000140000005f3afc0a8b64f686673474df7ea9a2fef9fa7a5109000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b060105050703090b00000001000000260000005300770069007300730063006f006d00200052006f006f0074002000430041002000310000002000000001000000dd050000308205d9308203c1a00302010202105c0b855c0be75941df57cc3f7f9da836300d06092a864886f70d01010505003064310b30090603550406130263683111300f060355040a13085377697373636f6d31253023060355040b131c4469676974616c204365727469666963617465205365727669636573311b3019060355040313125377697373636f6d20526f6f742043412031301e170d3035303831383132303632305a170d3235303831383232303632305a3064310b30090603550406130263683111300f060355040a13085377697373636f6d31253023060355040b131c4469676974616c204365727469666963617465205365727669636573311b3019060355040313125377697373636f6d20526f6f74204341203130820222300d06092a864886f70d01010105000382020f003082020a0282020100d0b9b0a80cd9bb3f21f81bd533938016652075b23d9b606d46c88c316f17c3fa9a6c56ed3cc59157c3cdab9649902a194b1ea36d57ddf12b622875455eaad65bfa0b25d8a116f91cc42ee6952a67ccd0296e3c8534386149b1009fd63a715f4d6dce5fb9a9e4897f6a52faca9bf2dca9f99d99473f4e295fb4a68d5d7b0b99110303fee7dbdba3ff1da5cd901e011f35b07f00db906fc67e7bd1ee7a7aa7aa0c576fa46dc5133bb0a5d9ed321cb45e678b54dc7387e5d3177c6650725dd41a58c1d9cfd889026fa749b4365dd0a4de072cb675b72891d697be28f5981eea5b26c9bdb09773daae9126eb68c1f93915d6674b0a6d4fcbcfb0e442718c5379e7eee1db1da06e1d8c1a77355c161e2b531f348bd16cfcf267077af5adedd69aaba1b14be1cc375ffd7fcd4daeb81f9c43f92a58554345bc96cd700efcc9e366ba4e8d3b81cb15647bb994e85d335285712e4f8ea2061151c9e3cba16e3108640cc2d23cf536e8d7d00e78232091c9242a65295b22f721ce835ea4f3de4bd3688f46755c83096e296bc4708cf59dd7202fff46d22b38c22f751c3d7edaa5ef1e60856942d3ccf863fe1e433985a6b6634110b3731ebcd3faca7d1647e2a7d5d0a38a0a089662566e34dbd902b93075e304d2e78fc2b011400aacd57102628b31beddc623583142432d74f9c69ea68a0fe9febf83e6435724baef4634aad7120138ed0203010001a38186308183300e0603551d0f0101ff040403020186301d0603551d2104163014301206076085740153000106076085740153000130120603551d130101ff040830060101ff020107301f0603551d2304183016801403252fde6f82013a5c2cdc2ba169b567d48cd3fd301d0603551d0e0416041403252fde6f82013a5c2cdc2ba169b567d48cd3fd300d06092a864886f70d010105050003820201003510cbeca6040d0d0fcdc0dbaba8f288970cdf932f4d7c4056317aeba40f60cd7af3bec3278e033ea4dd12ef7e1e74063c3f31f21c7b913121b4f0d06c97d4e997b224561e56c335bd88050f5b101a64e1c78230f932ad9e502ce77805d031b15a988a754e905c6a142ae052478260e61eda81b1fb140b5af19fd295ba3ed01bd6151da3be86d5db0fc04964bb2e50194bd224f8dd1e0756d038a0957020768cd7dd1ede9f71c423ef83135ca324154d29403c6ac4a9d8b7a644a50df4e09d771e407026fcdad936e479e4b53fbc9b65bebb1196cfdbc628393a08ce475b535ac599fe5da9ddef4cd4c6a5ad02e68c07121e6f03d16fa0a3f329bd12c750a2b07f88a999779ab1c0a5392e5c7c69e22cb0ea376aa4e15ae1f550e583efa5bb2a88e78cdbfd6d5e9719a87e66756b71eabfb1c76fa0f48ea4ec34515b8c260370a177d50112570035db23de0e8a2899fdb1106f4bff382d604e2c9ceb67b5ad49ee4b1facaffb0d905a6660705daacd78d424eec841a09301929c6a9efcb924c5b315827ebeae952bebb1c0dae301600b5e69ac845661be7117fe1d130ffec68745e9fe32a01a0d13a4945571a5168bbaca89b0b2c7fc8fd854b593629dcecf59fb3d18ce2acb3515825dff54225b7152fbb7c9fe609b004164f0aa2aecb64243ce896681c88b9f39540325d316358e84d05ffa301af59a6cf40e53f93a5bd11c	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6782AAE0EDEEE21A5839D3C0CD14680A4F60142A	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B19DD096DCD4E3E0FD676885505A672C438D4E9C	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\BC9219DDC98E14BF1A781F6E280B04C27F902712\Blob = 030000000100000014000000bc9219ddc98e14bf1a781f6e280b04c27f902712090000000100000016000000301406082b0601050507030406082b060105050703010b00000001000000260000004400530054002d0045006e00740072007500730074002000470054004900200043004100000020000000010000004b03000030820347308202b0a0030201020204366dc518300d06092a864886f70d01010505003050310b300906035504061302555331243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311b3019060355040b13124453542d456e747275737420475449204341301e170d3938313230393030303232345a170d3138313230393030333232345a3050310b300906035504061302555331243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311b3019060355040b13124453542d456e74727573742047544920434130819d300d06092a864886f70d010101050003818b0030818702818100b61df74b8d0f13e312f509fe06320eaf4c41f57dd4473d2a0adf8305dede7de60316f6513acb471a4aad7ec4fd1db4be748a78dd0b838eb48413c4fbf86d29aea1e10f0f43e3b55e6069fa8394fc79e6dc76edd1442b8efd12bbfe1777170c89eda7ef517dc4ed38c33ba37afbe24da060b5f2fd1365d3c6ec3fbe359c3d22ef020103a382012e3082012a301106096086480186f842010104040302000730720603551d1f046b30693067a065a063a461305f310b300906035504061302555331243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311b3019060355040b13124453542d456e747275737420475449204341310d300b0603550403130443524c31302b0603551d1004243022800f31393938313230393030303232345a810f32303138313230393030303232345a300b0603551d0f040403020106301f0603551d23041830168014939a44cad0785380294904dfc7af333f99755fae301d0603551d0e04160414939a44cad0785380294904dfc7af333f99755fae300c0603551d13040530030101ff301906092a864886f67d074100040c300a1b0456342e3003020490300d06092a864886f70d0101050500038181006489cc03a7dc0af25820e7fd17a02872cd87b0cd98b524476333311010b2ef8a5772ae4c03e0679fac60438422c1a9a3e5b1a7de09d4cf0d7846235b8f497bfe13229794ea7248e12c207896e9664519cb096563613fd14998b1761055d5634a664ba4076bde7b7fb9e6935b1a025b800edd8d18d48aa3c268f1a3e018d14e4c	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0B972C9EA6E7CC58D93B20BF71EC412E7209FABF	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\61EF43D77FCAD46151BC98E0C35912AF9FEB6311	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\838E30F77FDD14AA385ED145009C0E2236494FAA\Blob = 0b000000010000003400000054004300200054007200750073007400430065006e00740065007200200043006c00610073007300200032002000430041000000090000000100000016000000301406082b0601050507030406082b06010505070301030000000100000014000000838e30f77fdd14aa385ed145009c0e2236494faa2000000001000000600300003082035c308202c5a003020102020203ea300d06092a864886f70d01010405003081bc310b30090603550406130244453110300e0603550408130748616d627572673110300e0603550407130748616d62757267313a3038060355040a1331544320547275737443656e74657220666f7220536563757269747920696e2044617461204e6574776f726b7320476d624831223020060355040b1319544320547275737443656e74657220436c61737320322043413129302706092a864886f70d010901161a636572746966696361746540747275737463656e7465722e6465301e170d3938303330393131353935395a170d3131303130313131353935395a3081bc310b30090603550406130244453110300e0603550408130748616d627572673110300e0603550407130748616d62757267313a3038060355040a1331544320547275737443656e74657220666f7220536563757269747920696e2044617461204e6574776f726b7320476d624831223020060355040b1319544320547275737443656e74657220436c61737320322043413129302706092a864886f70d010901161a636572746966696361746540747275737463656e7465722e646530819f300d06092a864886f70d010101050003818d0030818902818100da38e8ed3200297183010dbf8c01dcdac6ad39a4a98a2fd58b5c685f50c662f566bdca9122ecaa1d51d73db351b2834e5dcb49b0f04c55e56b2dc7850b301c924e82d4ca02edf76fbedce0e314b80553f29af4568b5a9e8593d1b48256ae4dbba84b5716bcfef8589ef8298db07bcd78c94fac8b670cf19cfbfc579b575c4f0d0203010001a36b3069300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186303306096086480186f842010804261624687474703a2f2f7777772e747275737463656e7465722e64652f67756964656c696e6573301106096086480186f8420101040403020007300d06092a864886f70d0101040500038181008452fb28dfff1f7501bc01be0456976a7442243183f946b1068a89cf962c33bf8cb55f7a72a18506ce86f8058ee8f925cada838c06aceb366d8591340436f442f0f8792e0a485cabcc514f7876a0d9ac19bd2ad169042891ca36102780575bd25cf5c25bab6481637451f497bfcd1228f74d667fa7f01c012678b26647705164	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\016897E1A0B8F2C3B134665C20A727B7A158E28F	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3BC0380B33C3F6A60C86152293D9DFF54B81C004	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\56E0FAC03B8F18235518E5D311CAE8C24331AB66	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A9628F4B98A91B4835BAD2C1463286BB66646A8C	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6A6F2A8B6E2615088DF59CD24C402418AE42A3F1	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E5DF743CB601C49B9843DCAB8CE86A81109FE48E	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4313BB96F1D5869BC14E6A92F6CFF63469878237	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5A5A4DAF7861267C4B1F1E67586BAE6ED4FEB93F	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8EFDCABC93E61E925D4D1DED181A4320A467A139\Blob = 0b00000001000000520000004100750074006f00720069006400610064006500200043006500720074006900660069006300610064006f007200610020005200610069007a002000420072006100730069006c0065006900720061000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080300000001000000140000008efdcabc93e61e925d4d1ded181a4320a467a1392000000001000000bc040000308204b8308203a0a003020102020104300d06092a864886f70d01010505003081b4310b300906035504061302425231133011060355040a130a4943502d42726173696c313d303b060355040b1334496e7374697475746f204e6163696f6e616c206465205465636e6f6c6f67696120646120496e666f726d6163616f202d204954493111300f0603550407130842726173696c6961310b30090603550408130244463131302f060355040313284175746f72696461646520436572746966696361646f7261205261697a2042726173696c65697261301e170d3031313133303132353830305a170d3131313133303233353930305a3081b4310b300906035504061302425231133011060355040a130a4943502d42726173696c313d303b060355040b1334496e7374697475746f204e6163696f6e616c206465205465636e6f6c6f67696120646120496e666f726d6163616f202d204954493111300f0603550407130842726173696c6961310b30090603550408130244463131302f060355040313284175746f72696461646520436572746966696361646f7261205261697a2042726173696c6569726130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0f32e7705ff86f9be521d9bfe54007075408ac6a668b916764c0ff7f4bfb4e288811acbe8ecbe6481a539475deae62d93d31aff7a54a6071f3408f4bd89b982cca3428f5e9ac73ec7a9b8556c24f62a8c65208ae4442402afd4b789fb2ae2c4d7e81d7edc1d220c5f52c3ede02c8dad8e74415e7b28cd944fcc79aeb9b3123afb4c8086a52500976815a9eeb16a28be6e6611d50ae659a052006e7d2eb92b8eb62d6d18456e85037b50cafba4fcb392fa93c73ca24a5b1e96bdbde333b43542f6c3c9eb43165e1e9a9d52a8d5470b71b511c8478dbd99de551280014ea8bb07630efc25b1a2b27452b079dd13a10e3b6e650a81c9bec15dde4d1937e943a74f0203010001a381d23081cf304e0603551d200447304530430605604c010100303a303806082b06010505070201162c687474703a2f2f61637261697a2e69637062726173696c2e676f762e62722f44504361637261697a2e706466303d0603551d1f043630343032a030a02e862c687474703a2f2f61637261697a2e69637062726173696c2e676f762e62722f4c435261637261697a2e63726c301d0603551d0e041604148afaf157841113359042fa574954690da4c4f037300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106300d06092a864886f70d010105050003820101001903973553f860221e8e7202c07e2260156a6f983656aa5577d3f6c71698fc881a1b2529b9b83a6ded38ab621d54c5eddf41a1a562325efbdcddfa2ccf45b06a5cf550037e045dcc24e2aa56b9fd611eb8967ddaf1f0072a4aaafa0ae405c12afbe45a2c4b39700c00daef4993ef06630264219d9c76c49eb07d6953f5541f4bffc961e21cec5b9ed8934b774d1439230c6a22bfb7bf5e9ca347100d9fba91f7bc48a07f9121e1b54037956886b4e6e8c639df1ed741966bd4c13b6b9e651449d2793d2e9a53808d1da601bbd23395f9a1264dae67ad773c938f67e508cf020bb30b69bd2491d9e04489540461c5d7f4b99e63db2bef40e3ab1ddf7a2a2bc9fc	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1F4914F7D874951DDDAE02C0BEFD3A2D82755185	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\912198EEF23DCAC40939312FEE97DD560BAE49B1	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0B77BEBBCB7AA24705DECC0FBD6A02FC7ABD9B52\Blob = 0b000000010000001200000056006500720069005300690067006e00000009000000010000002a000000302806082b0601050507030406082b0601050507030206082b0601050507030306082b060105050703010300000001000000140000000b77bebbcb7aa24705decc0fbd6a02fc7abd9b52200000000100000006030000308203023082026b021032888e9ad2f5eb1347f87fc4203725f8300d06092a864886f70d01010505003081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732034205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b301e170d3938303531383030303030305a170d3238303830313233353935395a3081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732034205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b30819f300d06092a864886f70d010101050003818d0030818902818100baf0e4cff9c4ae8554b90757f98fc57f6811f8c417b044dce33073d52a622ab8d0cc1ced285b7ebd6adcb39124ca41623cfc0201bf1c1631940597766ea2adbd61176c4e3086f051372a50c7a86281dc5b4aaac1a0b46eeb2fe557c5b12b4070db5a4da18e1fbd031fd803d48f4c9971bce282cc58e8983a86d38638f300291f0203010001300d06092a864886f70d010105050003818100858c12c1a7b950157acb3eacb8438adcaadd14ba89817e013c237121882f82dc63fa0245ac4559d72a58445bb79f813b92683de23724f57b6c8f76359609a8599db9ce23ab74d683fd327327d8693e4374f6aec5899ae7537ce97bf64bf3c16583de8d8a9c3c888d3959fcaa3f228da1c1665081724ced22644f4fca8091b629	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CF9E876DD3EBFC422697A3B5A37AA076A9062348	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B3EAC44776C9C81CEAF29D95B6CCA0081B67EC9D\Blob = 0b000000010000001200000056006500720069005300690067006e000000090000000100000020000000301e06082b0601050507030406082b0601050507030206082b06010505070303030000000100000014000000b3eac44776c9c81ceaf29d95b6cca0081b67ec9d200000000100000007030000308203033082026c021100b92f60cc889fa17a4609b85b706c8aaf300d06092a864886f70d01010505003081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732032205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b301e170d3938303531383030303030305a170d3238303830313233353935395a3081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732032205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b30819f300d06092a864886f70d010101050003818d0030818902818100a7880121742ce71a03f098e1973c0f2108f19cdb97e99afcc2040613be5f52c8cc1e2c12562cb801692ccc991fadb096ae7904f21339c17b98ba082ce8c284132caa69e909f4c7a902a442c2234f4ad8f00ea2fb316cc9e66f992707f5e6f44c789e6deb4686fab986c954f2b2c4afd4461c5ac91530ff0d6cf52d0e6dce7f770203010001300d06092a864886f70d010105050003818100722ef97fd1f171fbc49ef6c55e518a4098b868f89b1c83d8e29dbdffeda1e666ea2f09f4cad7eaa52b95f62460864d442e83a5c42da0d3ae78696f72da6cae08f0639237e6bbc43017ad77cc4935aacfd88fd1beb7189647736a542234642db6169b595bb451593ab30b14f412df67a0f4ad32645eb14672278c127bc544b4ae	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CF9E876DD3EBFC422697A3B5A37AA076A9062348\Blob = 0b00000001000000480000005400570043004100200052006f006f0074002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900200031000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b06010505070307030000000100000014000000cf9e876dd3ebfc422697a3b5a37aa076a906234820000000010000007f0300003082037b30820263a003020102020101300d06092a864886f70d0101050500305f310b300906035504061302545731123010060355040a0c0954414957414e2d43413110300e060355040b0c07526f6f74204341312a302806035504030c215457434120526f6f742043657274696669636174696f6e20417574686f72697479301e170d3038303832383037323433335a170d3330313233313135353935395a305f310b300906035504061302545731123010060355040a0c0954414957414e2d43413110300e060355040b0c07526f6f74204341312a302806035504030c215457434120526f6f742043657274696669636174696f6e20417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100b07e72b8a40394e6a7de0938914a114087a77c5964147bb51110ddfebfd5c0bb56e28525f435720ff853d041e14401c2b41cc33142164785332276b20a6f0fe525504f8586bebf982e10671ebe1105860590c459d07c7810b0805cb7e1c72b75cb7c9faeb5d19d233763a7dc42a22d92041b50c17bb83e1bc956048b2f529bada956e9c1ffada9588730b681f79745fc19573b2b6fe447f49945fe1df1f897a3881d371c5c8fe076259a50f8a054ff44907623d232c6c3ab06bffcfbbff3ad7d9262025b29d335a3939a4364605db2fa32ff3b04af4d406af9c7e3ef23fd6bcbe50f8b380dee0afcfe0f989f3031dd6c5265f98b81be22e11c5803ba911b89070203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a385b268dde8b5af24f7a54831918e30835a6ba300d06092a864886f70d010105050003820101003cd5773ddadf89ba870c08546a205092beb0413db92664830a2fe840c097282782304ac993ff6ae7a6007f89429ad611e553ce2fccf2da05c4fee250c43a867dccda7e10093b92352a53b2feeb2b05d96c5de6d0efd36a669e1528857ae88200ac1ea709695642d3685118be549abf4441ba49be20ba695ceeb877cdce6c1fad8396187d0eb5143984f128e92da39e7b1e7a725a83b3796fefb4fcd00aa5584f46dffb6d7959f2842252ae0fccfb7c3be76aca4761c37af8d392041fb82084e1365416c740de3b8a73dcdfc6094cdfecdaffd45342a1c9f2621d22833c97c5f9196227ac6522d7d33cc6e58eb253cc49cebc30fe7b0e3390fbedd214911f07af	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F9DD19266B2043F1FE4B3DCB0190AFF11F31A69D	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\64902AD7277AF3E32CD8CC1DC79DE1FD7F8069EA	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\23E833233E7D0CC92B7C4279AC19C2F474D604CA	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\ED8DC8386C4886AEEE079158AAC3BFE658E394B4\Blob = 030000000100000014000000ed8dc8386c4886aeee079158aac3bfe658e394b4090000000100000016000000301406082b0601050507030106082b060105050703020b000000010000002800000054007200750073007400690073002000450056005300200052006f006f007400200043004100000053000000010000002400000030223020060a2b06010401a87501010630123010060a2b0601040182373c0101030200c020000000010000007b030000308203773082025fa00302010202102406625f11b64cccda9e9c6cea040268300d06092a864886f70d01010505003045310b300906035504061302474231183016060355040a130f54727573746973204c696d69746564311c301a060355040b1313547275737469732045565320526f6f74204341301e170d3037303130393132303030315a170d3237303130393131353630305a3045310b300906035504061302474231183016060355040a130f54727573746973204c696d69746564311c301a060355040b1313547275737469732045565320526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100d25c94c3cfdc490b7cdf045c0bea79bbe0d0375b8c0ed7cd3918de8c97b8b434106d67adc4b30eed37d4a5bffa43e5da702786479fe2e9b281b9be2d5bb9b128803041dfb894a920a67eaaacca704ca3120ccf606281527a49830bc8222073a09d353c966fedce3d26c24f48caa282a79506a9f62632fef2c1fd23585f713bf8c7d7dd4c331fa0d6c1cf7337ab95fe9d9decec85c3e209bb8957f994562a546289cc04686e648a4fb1857b6cd4a4bd260af527fc133e5d6a330a6739628cfe14fdaa24da4fdeb2b5f27790a191ef29771d719559b6c0e381b8f4ff89ee7aa7fb59fec9d48d6edfd6a99ffc0b35b5dc6ea49979f388306bfa4aa96b38c8614b430203010001a3633061300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414792d7396ceb27d5a730e87562931c528f2eda55f301f0603551d23041830168014792d7396ceb27d5a730e87562931c528f2eda55f300d06092a864886f70d0101050500038201010043c86fdf9bcc09afdc38261d48fbd69673a066df1ae2c0e69dd22f891ce834f2223491f4159f2ebdb472aad7ed3c9fad519f7f1e8566256a42698060375646ba3c56ab6a808098b5ca7a58db0508c7f60781bfa03535c93792bf11f217414f3f41ed13d3af193d718a7eb064c83be7fa931364fe56c3de2bd9eb57cd82d08c9d5252bc6113353f6f9f68f669f76e1acf0b384a43b5400533d2a62b1a360fd38fb1f77b3e1dd2a06dd843aa2b3f690b007e1ae44e6fca6d3191ff7481fcfbe24893765c8b8cc3dca108200b5b6536fc76fb233fd1da97c1d35a90a3bf459bd75b8108a452fc787e182e2d71fddaef0d814689f052f20c5069f7ced5017cb27f28	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4054DA6F1C3F4074ACED0FECCDDB79D153FB901D\Blob = 0b000000010000001e000000440053005400200041004300450053002000430041002000580036000000090000000100000016000000301406082b0601050507030406082b060105050703010300000001000000140000004054da6f1c3f4074aced0feccddb79d153fb901d20000000010000000d04000030820409308202f1a00302010202100d5e990ad69db778ecd807563b8615d9300d06092a864886f70d0101050500305b310b30090603550406130255533120301e060355040a13174469676974616c205369676e61747572652054727573743111300f060355040b13084453542041434553311730150603550403130e4453542041434553204341205836301e170d3033313132303231313935385a170d3137313132303231313935385a305b310b30090603550406130255533120301e060355040a13174469676974616c205369676e61747572652054727573743111300f060355040b13084453542041434553311730150603550403130e445354204143455320434120583630820122300d06092a864886f70d01010105000382010f003082010a0282010100b93df52cc994dc758a955d63e884777666b959915c46dd923e9ff90e03b43d6192bd2326b563ee92d29ed63cc80d905f6481b1a8080d4cd8f9d3052852b40125c5951c0c7e3e108475cfc1199163cfe8a89188b94352bb80b155898b31fad0b776be413d309aa422251773e81ee2d3ac2abd5b3821d52a4bd7557de33a55bdd76d6b02576be6477c08c882badea7873da16db83056c2b302815f2df5e29a301828b866d3cb01966fea8a4555d6e09dff672b1702a64e1a6a110b7eb77be798d68c766fc13bdb50937ee5d08e1f37b8bdbac69f6ce97c33f2323c2647fa272402c97e1d5b8842136a357c7d35e92e66917293d53226c474f553a3b35d9af609cb0203010001a381c83081c5300f0603551d130101ff040530030101ff300e0603551d0f0101ff0404030201c6301f0603551d11041830168114706b692d6f70734074727573746473742e636f6d30620603551d20045b30593057060a608648016503020101013049304706082b06010505070201163b687474703a2f2f7777772e74727573746473742e636f6d2f6365727469666963617465732f706f6c6963792f414345532d696e6465782e68746d6c301d0603551d0e041604140972064e18430fe5d6ccc36a8b317b788fa883b8300d06092a864886f70d01010505000382010100a3d88ed6b2dbce05e732cd01d30403e576e4562b9c9990e808306cdf7d3deee5bfb524408449e1d128aec4c23a533088f1f5776e51cafaff99af245f1ba0fdf2ac84cadfa9f05f042ead16bf219710813de3ff878d32dc94e5478a5e6a13c994953dd2eec83495d080d4ad320880543ce0bd5253d7527cb2693f7f7acf6a74cafa042a9c4c5a06a5e920ad45660f69f1ddbfe9e3328bfae0c1864d723c2ed893780a2af8d8d2273d19895f5a7b8a3bcc0cda51aec70bf72bb03705ecbc5723e238d29b68f35612884f427cb831c4b5dbe4c82134e9481135eefac79257c59f34e4c7f6f70e0b4c9c68787b7131c7eb1ee06741f3b7a0a7cde57a33366afa9a2b	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\36863563FD5128C7BEA6F005CFE9B43668086CCE\Blob = 0b000000010000000e0000007400680061007700740065000000090000000100000020000000301e06082b0601050507030206082b0601050507030406082b0601050507030303000000010000001400000036863563fd5128c7bea6f005cfe9b43668086cce20000000010000002d0300003082032930820292a003020102020100300d06092a864886f70d01010405003081cf310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74696e6731283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e312330210603550403131a54686177746520506572736f6e616c205072656d69756d204341312a302806092a864886f70d010901161b706572736f6e616c2d7072656d69756d407468617774652e636f6d301e170d3936303130313030303030305a170d3230313233313233353935395a3081cf310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74696e6731283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e312330210603550403131a54686177746520506572736f6e616c205072656d69756d204341312a302806092a864886f70d010901161b706572736f6e616c2d7072656d69756d407468617774652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c966d9f80744cfb98c2ef0a1ef13456c05dfde2716513641116c6c3bedfe107d129ee59b429afe6031c366b7733a48ae4ed032379488b50db6d9f3f244d9d58812dd764df21afc6f231e7af1d898454e0710ef1642d043756d4adee2aac931ff1f00707c66cf102508bafaee00e94603662711153baa5bf298dd3642b2da88750203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d010104050003818100693689f7342a33722f6d3bd422b2b86f9ac536660e1b3ca1b1755ae6fd35d3f8a8f2076f85678ede2bb9e217b03aa0f00ea2009adff314156ebbc8855a9880f9ffbe741d3df3fe3025d1373467faa5717930612972c0e02c4cfb56e43aa86fe5325952db752850590cf80b19e4acd9af968d2f50db07c3ea1fab33e0f52b3189	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\968338F113E36A7BABDD08F7776391A68736582E	updroots.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeRestorePrivilege	2628	KB931125.exe
Token: SeRestorePrivilege	2628	KB931125.exe
Token: SeRestorePrivilege	2628	KB931125.exe
Token: SeRestorePrivilege	2628	KB931125.exe
Token: SeRestorePrivilege	2628	KB931125.exe
Token: SeRestorePrivilege	2628	KB931125.exe
Token: SeRestorePrivilege	2628	KB931125.exe
Token: SeRestorePrivilege	2744	KB931125.exe
Token: SeRestorePrivilege	2744	KB931125.exe
Token: SeRestorePrivilege	2744	KB931125.exe
Token: SeRestorePrivilege	2744	KB931125.exe
Token: SeRestorePrivilege	2744	KB931125.exe
Token: SeRestorePrivilege	2744	KB931125.exe
Token: SeRestorePrivilege	2744	KB931125.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 2628	1520	b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe	28
PID 1520 wrote to memory of 2628	1520	b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe	28
PID 1520 wrote to memory of 2628	1520	b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe	28
PID 1520 wrote to memory of 2628	1520	b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe	28
PID 1520 wrote to memory of 2628	1520	b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe	28
PID 1520 wrote to memory of 2628	1520	b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe	28
PID 1520 wrote to memory of 2628	1520	b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe	28
PID 2628 wrote to memory of 2440	2628	KB931125.exe	29
PID 2628 wrote to memory of 2440	2628	KB931125.exe	29
PID 2628 wrote to memory of 2440	2628	KB931125.exe	29
PID 2628 wrote to memory of 2440	2628	KB931125.exe	29
PID 2628 wrote to memory of 2440	2628	KB931125.exe	29
PID 2628 wrote to memory of 2440	2628	KB931125.exe	29
PID 2628 wrote to memory of 2440	2628	KB931125.exe	29
PID 2628 wrote to memory of 2420	2628	KB931125.exe	30
PID 2628 wrote to memory of 2420	2628	KB931125.exe	30
PID 2628 wrote to memory of 2420	2628	KB931125.exe	30
PID 2628 wrote to memory of 2420	2628	KB931125.exe	30
PID 2628 wrote to memory of 2420	2628	KB931125.exe	30
PID 2628 wrote to memory of 2420	2628	KB931125.exe	30
PID 2628 wrote to memory of 2420	2628	KB931125.exe	30
PID 2628 wrote to memory of 2488	2628	KB931125.exe	31
PID 2628 wrote to memory of 2488	2628	KB931125.exe	31
PID 2628 wrote to memory of 2488	2628	KB931125.exe	31
PID 2628 wrote to memory of 2488	2628	KB931125.exe	31
PID 2628 wrote to memory of 2488	2628	KB931125.exe	31
PID 2628 wrote to memory of 2488	2628	KB931125.exe	31
PID 2628 wrote to memory of 2488	2628	KB931125.exe	31
PID 2628 wrote to memory of 2872	2628	KB931125.exe	32
PID 2628 wrote to memory of 2872	2628	KB931125.exe	32
PID 2628 wrote to memory of 2872	2628	KB931125.exe	32
PID 2628 wrote to memory of 2872	2628	KB931125.exe	32
PID 2628 wrote to memory of 2872	2628	KB931125.exe	32
PID 2628 wrote to memory of 2872	2628	KB931125.exe	32
PID 2628 wrote to memory of 2872	2628	KB931125.exe	32
PID 1520 wrote to memory of 2744	1520	b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe	33
PID 1520 wrote to memory of 2744	1520	b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe	33
PID 1520 wrote to memory of 2744	1520	b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe	33
PID 1520 wrote to memory of 2744	1520	b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe	33
PID 1520 wrote to memory of 2744	1520	b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe	33
PID 1520 wrote to memory of 2744	1520	b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe	33
PID 1520 wrote to memory of 2744	1520	b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe	33
PID 2744 wrote to memory of 1776	2744	KB931125.exe	34
PID 2744 wrote to memory of 1776	2744	KB931125.exe	34
PID 2744 wrote to memory of 1776	2744	KB931125.exe	34
PID 2744 wrote to memory of 1776	2744	KB931125.exe	34
PID 2744 wrote to memory of 1776	2744	KB931125.exe	34
PID 2744 wrote to memory of 1776	2744	KB931125.exe	34
PID 2744 wrote to memory of 1776	2744	KB931125.exe	34
PID 2744 wrote to memory of 1760	2744	KB931125.exe	35
PID 2744 wrote to memory of 1760	2744	KB931125.exe	35
PID 2744 wrote to memory of 1760	2744	KB931125.exe	35
PID 2744 wrote to memory of 1760	2744	KB931125.exe	35
PID 2744 wrote to memory of 1760	2744	KB931125.exe	35
PID 2744 wrote to memory of 1760	2744	KB931125.exe	35
PID 2744 wrote to memory of 1760	2744	KB931125.exe	35
PID 2744 wrote to memory of 380	2744	KB931125.exe	36
PID 2744 wrote to memory of 380	2744	KB931125.exe	36
PID 2744 wrote to memory of 380	2744	KB931125.exe	36
PID 2744 wrote to memory of 380	2744	KB931125.exe	36
PID 2744 wrote to memory of 380	2744	KB931125.exe	36
PID 2744 wrote to memory of 380	2744	KB931125.exe	36
PID 2744 wrote to memory of 380	2744	KB931125.exe	36
PID 2744 wrote to memory of 2352	2744	KB931125.exe	37

C:\Users\Admin\AppData\Local\Temp\b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe
"C:\Users\Admin\AppData\Local\Temp\b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Users\Admin\AppData\Local\Temp\{2253E632-7F52-481a-92B2-1EEB0E5330AA}-TemporaryCache\KB931125.exe
  "C:\Users\Admin\AppData\Local\Temp\{2253E632-7F52-481a-92B2-1EEB0E5330AA}-TemporaryCache\KB931125.exe"
  2⤵
  - Modifies Installed Components in the registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe authroots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    PID:2440
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe updroots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    PID:2420
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -l roots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2488
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -d delroots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2872
- C:\Users\Admin\AppData\Local\Temp\{48E05E28-B261-4ddc-89D4-EDB40133D96C}-TemporaryCache\KB931125.exe
  "C:\Users\Admin\AppData\Local\Temp\{48E05E28-B261-4ddc-89D4-EDB40133D96C}-TemporaryCache\KB931125.exe"
  2⤵
  - Modifies Installed Components in the registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe authroots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    PID:1776
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe updroots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    PID:1760
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -l roots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    PID:380
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -d delroots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

Filesize
2KB

MD5
7210d5407a2d2f52e851604666403024

SHA1
242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9

SHA256
337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af

SHA512
1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

Filesize
4KB

MD5
88d01717dc4f1119ea925ff0217c5f49

SHA1
7da9c2e12283800f9896c1f15f789539529e00ec

SHA256
c6407f5792a945bf0948de191e6c54c4fbd2abcc0af3994140fb4319f685dbbd

SHA512
39ecd9d2bb8b4edf88b8882640ec49c061fa34496c026ad19adf4bc4462de3949c72ad00bcc2ca27d53596221c026e978f875bb6cf7e0e8c2d884c1d37a83781

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\authroots.sst

Filesize
73KB

MD5
bb49ccc10926cdb601eba81afef749a2

SHA1
a4766c9aea8d211e9632148fd4b625cece195be9

SHA256
f013ee3b7fede9a95844e83e83ee298d38cba6efce5a5cafcd8b95255c32f86c

SHA512
94c2809727039d1ed07a3742a4b2f9300e865ea7c49bc1fcf547a30238eeecc88d8dd06a2d4f3112317f948908b9af082b50f412a41a2bcb48d5e30d6d8ecbba

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\delroots.sst

Filesize
9KB

MD5
7b32871e409608ff887b6cf4d87debb0

SHA1
191f9ea1298ee52dbd6f977b3584109a064f57b9

SHA256
3f01268547364d2d60a0f65b46757cccfd9225fc39d581846a8fbffdb5756ff2

SHA512
534a384f7946db4083e639b8e02d83ac97293c60630b8811a84c85e0330e9c293f05f5cf71e0f3580551e7923bc5a3bfb7f0406432ca3cdb7efeb4a950ac5e8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\roots.sst

Filesize
7KB

MD5
9e5de0fd1f90486a66dee4bfe89a78d7

SHA1
90e3188ef63495aaa71c85d4ff0f23253c834b40

SHA256
8b95ff56d61586582864d05563762615c8705779578dca3c98a303c3b1f4122e

SHA512
60006fa6f57e4d280642d51055f85f8d27b913ce71373de5b928c515c77647295030ab73ab4a55024de4a40c18f200909f49ffb52c26cf554835fc3d4cc348f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rootsupd.inf

Filesize
1KB

MD5
421e60325404f5f29ac04c9b9d59096b

SHA1
aace2fd74d799e8af5c8d5b2646361bb67a1620c

SHA256
571a8da5298aacc37700c747ee5d72b5a7797835140e7a4d4f895e9604574d77

SHA512
86693975b1b187ee65b0a23b1f3f8e05d1a3f61e7e47b060f938fe1602bbad96021847b709e64c2d5a295b72f10f4db587a11a1e7ca0a0b64c3bed7fa683b1d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.sst

Filesize
320KB

MD5
2d9b4498c847715418160bfd7e7c8a2d

SHA1
e0873091d476d2566aa6fc988cb364247c95dc97

SHA256
c49c05b701c390c679e5e3226ec621f22a08155b1065fcfc37b509f648f03b41

SHA512
dcf3208cdd1e4353f82823f796d735c1209f149f183eea827a90753ec55509a1c460a16c120e07c12a5eacf0e67d2661c25638491ecf4403e25d6508983e519b

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

Filesize
89KB

MD5
a64e4b204d44548eeb5c3d86eca2ad70

SHA1
e3245bf6dbb2e56d71a9cbad2697aa4fa0df6bbe

SHA256
985a5603ebf94539ac11549999f83b5e6dc008180994898c5daa6fd31ae1e9dc

SHA512
dca4099318954bab5f1204645be0d0e8fea0c2e97ee95496fa884fbed627e376358623fa94c39bf0abe97d07d46a7e6c5e1081496cdd1987e07e595995a46cd5

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

Filesize
5KB

MD5
9c18ae971cbffb096952177f6804ea31

SHA1
bb255dd1bd9bb39cdbb8671af66054432c686828

SHA256
2703c25453b09c40ee81fdc458b8cc24712e387a12d15ff94e12b02921fe98cb

SHA512
21086509bb4ea5afede55d034955de0bdf8b366d5d8d4bfa7a6c68b0f35fbf217ff3e932f87fc1d37f09022805e79ceeecbaf3dbccbd96d7c93029ffe7370e4c

Download Submit
\Users\Admin\AppData\Local\Temp\{2253E632-7F52-481a-92B2-1EEB0E5330AA}-TemporaryCache\KB931125.exe

Filesize
349KB

MD5
4a4d72d34f9da1fc5019e0748fcde2f5

SHA1
f54752ec63369522f37e545325519ee434cdf439

SHA256
83b660f3f3eaddd4b388ed3f806f7444f03429fb63fc1f8db3d86294914a05ca

SHA512
95986ffbf51483a0d1a256028847c7ee6ac73ffd62f6d838309a69e1833f719a7cfed5422815f4d4a49dbd599c449f8db8f60273136720cb1da5f8b0eb24cb33

Download Submit
\Users\Admin\AppData\Local\Temp\{FA3C94A0-85D2-4261-A140-8CA65CAF25F7}-TemporaryCache\7z.dll

Filesize
1.1MB

MD5
f0fef6362d4886e85a186a5e3766650a

SHA1
65843b7052a4d1b84762479d79445c46834e18b5

SHA256
15b9fe7d408cbf2204039087526e7df947df57b42ea479e303b682e956638816

SHA512
3f6dfd701cf62b77219f8825a2257c4bd7d44ebafc5654b06abaf906ced2571f4eeb04fe22ae6136c14bddebddb12555aa6efd322e779443d57bb122ea786043

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads