File name:

EasyFixSysCerts.exe

Full analysis: https://app.any.run/tasks/04c7f26b-daf2-4a01-a06c-1830e2954fdd
Verdict: Malicious activity
Analysis date: April 30, 2024, 14:45:50
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
python
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

98EA7622F1422EB5B9DA110A4085E4D2

SHA1:

893C7B847D70091A895D79D43A7E4D43D3C47A04

SHA256:

8D094E6B307F8577BDE4E101EB8ED575DF614D287C1449C85F924872FF9EDC3C

SSDEEP:

98304:gp7sxwaUpFf6DewLTbqz0b+YGc+auhOrqLKCvgPin/5OsdeOu89sfIgitiAX+KRn:iLWnZ238S3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Drops the executable file immediately after the start

      • EasyFixSysCerts.exe (PID: 1020)
  • SUSPICIOUS

    • Process drops legitimate windows executable

      • EasyFixSysCerts.exe (PID: 1020)
    • Application launched itself

      • EasyFixSysCerts.exe (PID: 1020)
    • The process drops C-runtime libraries

      • EasyFixSysCerts.exe (PID: 1020)
    • Executable content was dropped or overwritten

      • EasyFixSysCerts.exe (PID: 1020)
    • Process drops python dynamic module

      • EasyFixSysCerts.exe (PID: 1020)
    • Loads Python modules

      • EasyFixSysCerts.exe (PID: 820)
    • Starts CMD.EXE for commands execution

      • EasyFixSysCerts.exe (PID: 820)
    • Adds/modifies Windows certificates

      • certutil.exe (PID: 2032)
      • certutil.exe (PID: 1800)
      • certutil.exe (PID: 308)
      • certutil.exe (PID: 1680)
      • certutil.exe (PID: 1840)
      • certutil.exe (PID: 284)
  • INFO

    • Create files in a temporary directory

      • EasyFixSysCerts.exe (PID: 1020)
      • EasyFixSysCerts.exe (PID: 820)
    • Reads the computer name

      • EasyFixSysCerts.exe (PID: 1020)
      • EasyFixSysCerts.exe (PID: 820)
    • Checks supported languages

      • EasyFixSysCerts.exe (PID: 1020)
      • EasyFixSysCerts.exe (PID: 820)
    • Reads the machine GUID from the registry

      • EasyFixSysCerts.exe (PID: 820)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (54.3)
.exe | Win64 Executable (generic) (34.8)
.exe | Win32 Executable (generic) (5.6)
.exe | Generic Win/DOS Executable (2.5)
.exe | DOS Executable Generic (2.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:11:09 18:16:34+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 147968
InitializedDataSize: 555008
UninitializedDataSize: -
EntryPoint: 0x96fc
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1010
ProductVersionNumber: 1.0.0.1010
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Trend Micro Inc.
CoverageBuild: NO
CompileOption: Release
BuildType: Rel
FileDescription: Trend Micro Easy Fix for System Certificates
FileVersion: 1.0.0.1010
LegalCopyright: Copyright (C) 2023 Trend Micro Incorporated. All rights reserved.
LegalTrademarks: Copyright (C) Trend Micro Inc.
PrivateBuild: Build 10/18 - 10/18/2023
ProductName: Easy Fix for System Certificates
ProductVersion: 1.0.0
SpecialBuild: 1010
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
55
Monitored processes
15
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start easyfixsyscerts.exe easyfixsyscerts.exe no specs cmd.exe no specs certutil.exe no specs cmd.exe no specs certutil.exe no specs cmd.exe no specs certutil.exe no specs cmd.exe no specs certutil.exe no specs cmd.exe no specs certutil.exe no specs cmd.exe no specs certutil.exe no specs easyfixsyscerts.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116C:\Windows\system32\cmd.exe /c "certutil -addstore CA "C:\Users\admin\AppData\Local\Temp\_MEI10202/Sources/Certificates/Certs/DigiCertEVCodeSigningCA-SHA2.crt""C:\Windows\System32\cmd.exeEasyFixSysCerts.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
284certutil -addstore CA "C:\Users\admin\AppData\Local\Temp\_MEI10202/Sources/Certificates/Certs/SymantecClass3SHA256CodeSigningCA.crt"C:\Windows\System32\certutil.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
CertUtil.exe
Exit code:
0
Version:
6.1.7601.18151 (win7sp1_gdr.130512-1533)
Modules
Images
c:\windows\system32\certutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\certcli.dll
c:\windows\system32\atl.dll
308certutil -addstore CA "C:\Users\admin\AppData\Local\Temp\_MEI10202/Sources/Certificates/Certs/DigiCertEVCodeSigningCA.crt"C:\Windows\System32\certutil.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
CertUtil.exe
Exit code:
0
Version:
6.1.7601.18151 (win7sp1_gdr.130512-1533)
Modules
Images
c:\windows\system32\certutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\certcli.dll
c:\windows\system32\atl.dll
728C:\Windows\system32\cmd.exe /c "certutil -addstore CA "C:\Users\admin\AppData\Local\Temp\_MEI10202/Sources/Certificates/Certs/DigiCertHighAssuranceCodeSigningCA-1.crt""C:\Windows\System32\cmd.exeEasyFixSysCerts.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
820"C:\Users\admin\AppData\Local\Temp\EasyFixSysCerts.exe" C:\Users\admin\AppData\Local\Temp\EasyFixSysCerts.exeEasyFixSysCerts.exe
User:
admin
Company:
Trend Micro Inc.
Integrity Level:
HIGH
Description:
Trend Micro Easy Fix for System Certificates
Exit code:
0
Version:
1.0.0.1010
Modules
Images
c:\users\admin\appdata\local\temp\easyfixsyscerts.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
1020"C:\Users\admin\AppData\Local\Temp\EasyFixSysCerts.exe" C:\Users\admin\AppData\Local\Temp\EasyFixSysCerts.exe
explorer.exe
User:
admin
Company:
Trend Micro Inc.
Integrity Level:
HIGH
Description:
Trend Micro Easy Fix for System Certificates
Exit code:
0
Version:
1.0.0.1010
Modules
Images
c:\users\admin\appdata\local\temp\easyfixsyscerts.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
1116C:\Windows\system32\cmd.exe /c "certutil -addstore AuthRoot "C:\Users\admin\AppData\Local\Temp\_MEI10202/Sources/Certificates/Certs/microsoft identity verification root certificate authority 2020.crt""C:\Windows\System32\cmd.exeEasyFixSysCerts.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1592C:\Windows\system32\cmd.exe /c "certutil -addstore CA "C:\Users\admin\AppData\Local\Temp\_MEI10202/Sources/Certificates/Certs/SymantecClass3SHA256CodeSigningCA.crt""C:\Windows\System32\cmd.exeEasyFixSysCerts.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1680certutil -addstore CA "C:\Users\admin\AppData\Local\Temp\_MEI10202/Sources/Certificates/Certs/DigiCertEVCodeSigningCA-SHA2.crt"C:\Windows\System32\certutil.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
CertUtil.exe
Exit code:
0
Version:
6.1.7601.18151 (win7sp1_gdr.130512-1533)
Modules
Images
c:\windows\system32\certutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\certcli.dll
c:\windows\system32\atl.dll
1800certutil -addstore CA "C:\Users\admin\AppData\Local\Temp\_MEI10202/Sources/Certificates/Certs/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt"C:\Windows\System32\certutil.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
CertUtil.exe
Exit code:
0
Version:
6.1.7601.18151 (win7sp1_gdr.130512-1533)
Modules
Images
c:\windows\system32\certutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\certcli.dll
c:\windows\system32\atl.dll
Total events
2 336
Read events
2 240
Write events
90
Delete events
6

Modification events

(PID) Process:(2032) certutil.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2032) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
Operation:delete valueName:F40042E2E5F7E8EF8189FED15519AECE42C3BFA2
Value:
(PID) Process:(2032) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2
Operation:writeName:Blob
Value:
030000000100000014000000F40042E2E5F7E8EF8189FED15519AECE42C3BFA22000000001000000D0050000308205CC308203B4A00302010202105498D2D1D45B1995481379C811C08799300D06092A864886F70D01010C05003077310B3009060355040613025553311E301C060355040A13154D6963726F736F667420436F72706F726174696F6E314830460603550403133F4D6963726F736F6674204964656E7469747920566572696669636174696F6E20526F6F7420436572746966696361746520417574686F726974792032303230301E170D3230303431363138333631365A170D3435303431363138343434305A3077310B3009060355040613025553311E301C060355040A13154D6963726F736F667420436F72706F726174696F6E314830460603550403133F4D6963726F736F6674204964656E7469747920566572696669636174696F6E20526F6F7420436572746966696361746520417574686F72697479203230323030820222300D06092A864886F70D01010105000382020F003082020A0282020100B3912A07830667FD9E9DE0C7C0B7A4E642047F0FA6DB5FFBD55AD745A0FB770BF080F3A66D5A4D7953D8A08684574520C7A254FBC7A2BF8AC76E35F3A215C42F4EE34A8596490DFFBE99D814F6BC2707EE429B2BF50B9206E4FD691365A89172F29884EB833D0EE4D771124821CB0DEDF64749B79BF9C9C717B6844FFFB8AC9AD773674985E386BD3740D02586D4DEB5C26D626AD5A978BC2D6F49F9E56C1414FD14C7D3651637DECB6EBC5E298DFD629B152CD605E6B9893233A362C7D7D6526708C42EF4562B9E0B87CCECA7B4A6AAEB05CD1957A53A0B04271C91679E2D622D2F1EBEDAC020CB0419CA33FB89BE98E272A07235BE79E19C836FE46D176F90F33D008675388ED0E0499ABBDBD3F830CAD55788684D72D3BF6D7F71D8FDBD0DAE926448B75B6F7926B5CD9B952184D1EF0F323D7B578CF345074C7CE05E180E35768B6D9ECB3674AB05F8E0735D3256946797250AC6353D9497E7C1448B80FDC1F8F47419E530F606FB21573E061C8B6B158627497B8293CA59E87547E83F38F4C75379A0B6B4E25C51EFBD5F38C113E6780C955A2EC5405928CC0F24C0ECBA0977239938A6B61CDAC7BA20B6D737D87F37AF08E33B71DB6E731B7D9972B0E486335974B516007B506DC68613DAFDC439823D24009A60DABA94C005512C34AC50991387BBB30580B24D30025CB826835DB46373EFAE23954F6028BE37D55BA50203010001A3543052300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E04160414C87ED26A852A1BCA1998040727CF50104F68A8A2301006092B06010401823715010403020100300D06092A864886F70D01010C05000382020100AF6ADDE619E72D9443194ECBE9509564A50391028BE236803B15A252C21619B66A5A5D744330F49BFF607409B1211E90166DC5248F5C668863F44FCC7DF2124C40108B019FDAA9C8AEF2951BCF9D05EB493E74A0685BE5562C651C827E53DA56D94617799245C4103608522917CB2FA6F27ED469248A1E8FB0730DCC1C4AABB2AAEDA79163016422A832B87E3228B367732D91B4DC31010BF7470AA6F1D74AED5660C42C08A37B40B0BC74275287D6BE88DD378A896E67881DF5C95DA0FEB6AB3A80D71A973C173622411EAC4DD583E63C38BD4F30E954A9D3B604C3327661BBB018C52B18B3C080D5B795B05E514D22FCEC58AAE8D894B4A52EED92DEE7187C2157DD5563F7BF6DCD1FD2A6772870C7E25B3A5B08D25B4EC80096B3E18336AF860A655C74F6EAEC7A6A74A0F04BEEEF94A3AC50F287EDD73A3083C9FB7D57BEE5E3F841CAE564AEB3A3EC58EC859ACCEFB9EAF35618B95C739AAFC577178359DB371A187254A541D2B62375A3439AE5777C9679B7418DBFECDC80A09FD17775585F3513E0251A670B7DCE25FA070AE46121D8D41CE507C63699F496D0C615FE4ECDD7AE8B9DDB16FD04C692BDD488E6A9A3AABBF764383B5FCC0CD035BE741903A6C5AA4CA26136823E1DF32BBC975DDB4B783B2DF53BEF6023E8F5EC0B233695AF9866BF53D37BB8694A2A966669C494C6F45F6EAC98788880065CA2B2EDA2
(PID) Process:(1680) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
Operation:delete valueName:60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Value:
(PID) Process:(1680) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Operation:writeName:Blob
Value:
03000000010000001400000060EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E32000000001000000C0060000308206BC308205A4A003020102021003F1B4E15F3A82F1149678B3D7D8475C300D06092A864886F70D01010B0500306C310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D312B30290603550403132244696769436572742048696768204173737572616E636520455620526F6F74204341301E170D3132303431383132303030305A170D3237303431383132303030305A306C310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D312B302906035504031322446967694365727420455620436F6465205369676E696E672043412028534841322930820122300D06092A864886F70D01010105000382010F003082010A0282010100A753FA0FB2B513F164CF8480FCAE8035D1B6D7C7A32CAC1A2CACF184AC3A35123A9291BA57E4C4C9F32FA8483CB7D66EDC9722BA517961AF432F0DB79BB44931AE44583EA4A196A7874F237EC36C652490553EA1CA237CC542E9C47A62459B7DDE6374CB9E6325F8849A9AAD454FAE7D1FC813CB759BC9E1E18AF80B0C98F4CA3ED045AA7A1EA558933634BE2B2E2B315866B432109F9DF052A1EFE83ED376F2405ADCFA6A3D1B4BAD76B08C5CEE36BA83EA30A84CDEF10B2A584188AE0089AB03D11682202276EB5E54381262E1D27024DBED1F70D26409802DE2B69DCE1FF2BB21F36CDBD8B3197B8A509FEFEC360A5C9AB74AD308A03979FDDDBF3D3A09250203010001A38203583082035430120603551D130101FF040830060101FF020100300E0603551D0F0101FF04040302018630130603551D25040C300A06082B06010505070303307F06082B0601050507010104733071302406082B060105050730018618687474703A2F2F6F6373702E64696769636572742E636F6D304906082B06010505073002863D687474703A2F2F636163657274732E64696769636572742E636F6D2F4469676943657274486967684173737572616E63654556526F6F7443412E63727430818F0603551D1F0481873081843040A03EA03C863A687474703A2F2F63726C332E64696769636572742E636F6D2F4469676943657274486967684173737572616E63654556526F6F7443412E63726C3040A03EA03C863A687474703A2F2F63726C342E64696769636572742E636F6D2F4469676943657274486967684173737572616E63654556526F6F7443412E63726C308201C40603551D20048201BB308201B7308201B306096086480186FD6C0302308201A4303A06082B06010505070201162E687474703A2F2F7777772E64696769636572742E636F6D2F73736C2D6370732D7265706F7369746F72792E68746D3082016406082B06010505070202308201561E8201520041006E007900200075007300650020006F00660020007400680069007300200043006500720074006900660069006300610074006500200063006F006E0073007400690074007500740065007300200061006300630065007000740061006E006300650020006F00660020007400680065002000440069006700690043006500720074002000430050002F00430050005300200061006E00640020007400680065002000520065006C00790069006E0067002000500061007200740079002000410067007200650065006D0065006E00740020007700680069006300680020006C0069006D006900740020006C0069006100620069006C00690074007900200061006E0064002000610072006500200069006E0063006F00720070006F00720061007400650064002000680065007200650069006E0020006200790020007200650066006500720065006E00630065002E301D0603551D0E041604148FE87EF06D326A000523C770976A3A90FF6BEAD4301F0603551D23041830168014B13EC36903F8BF4701D498261A0802EF63642BC3300D06092A864886F70D01010B0500038201010019334A0C813337DBAD36C9E4C93ABBB51B2E7AA2E2F44342179EBF4EA14DE1B1DBE981DD9F01F2E488D5E9FE09FD21C1EC5D80D2F0D6C143C2FE772BDBF9D79133CE6CD5B2193BE62ED6C9934F88408ECDE1F57EF10FC6595672E8EB6A41BD1CD546D57C49CA663815C1BFE091707787DCC98D31C90C29A233ED8DE287CD898D3F1BFFD5E01A978B7CDA6DFBA8C6B23A666B7B01B3CDD8A634EC1201AB9558A5C45357A860E6E70212A0B92364A24DBB7C81256421BECFEE42184397BBA53706AF4DFF26A54D614BEC4641B865CEB8799E08960B818C8A3B8FC7998CA32A6E986D5E61C696B78AB9612D93B8EB0E0443D7F5FEA6F062D4996AA5C1C1F0649480
(PID) Process:(1680) certutil.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(308) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
Operation:delete valueName:846896AB1BCF45734855C61B63634DFD8719625B
Value:
(PID) Process:(308) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\846896AB1BCF45734855C61B63634DFD8719625B
Operation:writeName:Blob
Value:
030000000100000014000000846896AB1BCF45734855C61B63634DFD8719625B2000000001000000B9060000308206B53082059DA00302010202100DD0E3374AC95BDBFA6B434B2A48EC06300D06092A864886F70D0101050500306C310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D312B30290603550403132244696769436572742048696768204173737572616E636520455620526F6F74204341301E170D3132303431383132303030305A170D3237303431383132303030305A3065310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D312430220603550403131B446967694365727420455620436F6465205369676E696E6720434130820122300D06092A864886F70D01010105000382010F003082010A0282010100B906741C5DB420AAA921A82A4246AB25201725CB228F90A2A0316B830575AFB20E7C12497B6A8664840F83DC64B9B16E16053E1C95B9E7E7886DB862819079D4DDF5E296F9C3B58823574A1ACF7129E908008FB598E3A732FDAC2EB8F49353F40A394391AFD56BE8D49F46BD8E3DABE2F92BD4EA00406624B7E87FB444758D789AAE31C137CF4E1F5BF8454AD73FC2C9920664BEDE068AAFD0E88AB1F02C88006F0BDC85A74CCB06BFD62E2A326E2971AF8E22F30FD0D898482DA808CBB68B23C263E0B673EB6F7D264F8BF7343D37860CB77827F4C286DB436B5AF83D3DF4E8B06256C6E7ED78A1FBFD7A724F3265C47CC3C477A0043232ED8F3FAF86DD7ED10203010001A38203583082035430120603551D130101FF040830060101FF020100300E0603551D0F0101FF04040302018630130603551D25040C300A06082B06010505070303307F06082B0601050507010104733071302406082B060105050730018618687474703A2F2F6F6373702E64696769636572742E636F6D304906082B06010505073002863D687474703A2F2F636163657274732E64696769636572742E636F6D2F4469676943657274486967684173737572616E63654556526F6F7443412E63727430818F0603551D1F0481873081843040A03EA03C863A687474703A2F2F63726C332E64696769636572742E636F6D2F4469676943657274486967684173737572616E63654556526F6F7443412E63726C3040A03EA03C863A687474703A2F2F63726C342E64696769636572742E636F6D2F4469676943657274486967684173737572616E63654556526F6F7443412E63726C308201C40603551D20048201BB308201B7308201B306096086480186FD6C0302308201A4303A06082B06010505070201162E687474703A2F2F7777772E64696769636572742E636F6D2F73736C2D6370732D7265706F7369746F72792E68746D3082016406082B06010505070202308201561E8201520041006E007900200075007300650020006F00660020007400680069007300200043006500720074006900660069006300610074006500200063006F006E0073007400690074007500740065007300200061006300630065007000740061006E006300650020006F00660020007400680065002000440069006700690043006500720074002000430050002F00430050005300200061006E00640020007400680065002000520065006C00790069006E0067002000500061007200740079002000410067007200650065006D0065006E00740020007700680069006300680020006C0069006D006900740020006C0069006100620069006C00690074007900200061006E0064002000610072006500200069006E0063006F00720070006F00720061007400650064002000680065007200650069006E0020006200790020007200650066006500720065006E00630065002E301D0603551D0E04160414AD690670FC801B16B3A918946B9402865EF7278C301F0603551D23041830168014B13EC36903F8BF4701D498261A0802EF63642BC3300D06092A864886F70D010105050003820101009E5B963A2E1288ACAB016DA49F75E40187A3A532D7BCBAA97EA3D61417F7C2136B7C738F2B6AE50F265968B08E259B6CEFFA6C939208C14DCF459E9C46D61E74A19B14A3FA012F4AB101E1724048111368B9369D914BD7C2391210C1C4DCBB6214142A615D4F387C661FC61BFFADBE4F7F945B7343000F4D73B751CF0EF677C05BCD348CD96313AA0E6111D6F28E27FCB47BB8B91120918678EA0ED428FF2AD52438E837B2EC96BB9FBC4A1650E15EBF517D23A032C7C1949E7AC9C026A2CC2587A0127E749F2D8DB1C8E784BEB9D1E9DEBB6A4E887371E12238CB2487E9737E51B2FF98EB4E7E2FE0CA0EFAB35ED1BA0542A8489F83F63FC4CAA8DF68A05061
(PID) Process:(308) certutil.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1840) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
Operation:delete valueName:E308F829DC77E80AF15EDD4151EA47C59399AB46
Value:
Executable files
53
Suspicious files
3
Text files
16
Unknown types
23

Dropped files

PID
Process
Filename
Type
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\_bz2.pydexecutable
MD5:7C219950340712FDA71EA90A02F6FCC5
SHA256:B94A140518A28B0F678DCFF03D1562D9E96C2F584B55C0ACCC4A91D58E8C0FF7
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\api-ms-win-core-datetime-l1-1-0.dllexecutable
MD5:4E980EE831C4A37D39D68F7C4A2E52D0
SHA256:23DE107AAB8EA386A1ED1E0BFF84F5E20146C5F1FE608BA34E7C905725F4394D
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\_hashlib.pydexecutable
MD5:09ED45C3379EB3AAFC1C36C9E599F2DF
SHA256:601CBDA5C2A019EBBDFD39987D112D34FCD7D0662390F2374959627F349B483C
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\api-ms-win-core-console-l1-1-0.dllexecutable
MD5:E33715B9DE1A50976A856333063213F7
SHA256:08338379C7C353CD383C89E383A53C714943AAF8D455232EA466D568110477B2
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\VCRUNTIME140.dllexecutable
MD5:A2523EA6950E248CBDF18C9EA1A844F6
SHA256:6823B98C3E922490A2F97F54862D32193900077E49F0360522B19E06E6DA24B4
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\api-ms-win-core-errorhandling-l1-1-0.dllexecutable
MD5:A6E015AD176DCB379335DDB54D165F7E
SHA256:376E175984D6EB03BBB4695DF347A4410FFC573BB6FB5EF8CA3BF160F53C0AFA
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\_lzma.pydexecutable
MD5:97A3A51A648D9132DC9707ABAB163384
SHA256:15575A1CC6333BAEC37FE5D4FECCC08AA18B8E263F2CE70AC8D6F2AC7F557926
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\_win32sysloader.pydexecutable
MD5:E0184C174077ED589E7EC0CC747D4E88
SHA256:566178F9525F4BC5F4194022B2D4A7BE34D05E76CF832A01C5F6BB571D8CAC16
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\api-ms-win-core-debug-l1-1-0.dllexecutable
MD5:014B7858940FBD56C4DDF47BFD014BFA
SHA256:759D46DFBA283DCC604FD8DBABDC8477277D471C0730270CBEC52AF0CB615017
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\api-ms-win-core-handle-l1-1-0.dllexecutable
MD5:D37696B67EF1316CEF238542BFD7FB9A
SHA256:01DABF204E1349AAD1A04A6A70685F739DEABE5C022B26E184C1622F160A138D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
unknown
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info