File name:

EasyFixSysCerts.exe

Full analysis: https://app.any.run/tasks/04c7f26b-daf2-4a01-a06c-1830e2954fdd
Verdict: Malicious activity
Analysis date: April 30, 2024, 14:45:50
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
python
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

98EA7622F1422EB5B9DA110A4085E4D2

SHA1:

893C7B847D70091A895D79D43A7E4D43D3C47A04

SHA256:

8D094E6B307F8577BDE4E101EB8ED575DF614D287C1449C85F924872FF9EDC3C

SSDEEP:

98304:gp7sxwaUpFf6DewLTbqz0b+YGc+auhOrqLKCvgPin/5OsdeOu89sfIgitiAX+KRn:iLWnZ238S3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • EasyFixSysCerts.exe (PID: 1020)

  • SUSPICIOUS

    • Adds/modifies Windows certificates

      • certutil.exe (PID: 284)
      • certutil.exe (PID: 1840)
      • certutil.exe (PID: 1800)
      • certutil.exe (PID: 2032)
      • certutil.exe (PID: 1680)
      • certutil.exe (PID: 308)

    • The process drops C-runtime libraries

      • EasyFixSysCerts.exe (PID: 1020)

    • Process drops python dynamic module

      • EasyFixSysCerts.exe (PID: 1020)

    • Executable content was dropped or overwritten

      • EasyFixSysCerts.exe (PID: 1020)

    • Process drops legitimate windows executable

      • EasyFixSysCerts.exe (PID: 1020)

    • Application launched itself

      • EasyFixSysCerts.exe (PID: 1020)

    • Loads Python modules

      • EasyFixSysCerts.exe (PID: 820)

    • Starts CMD.EXE for commands execution

      • EasyFixSysCerts.exe (PID: 820)

  • INFO

    • Create files in a temporary directory

      • EasyFixSysCerts.exe (PID: 1020)
      • EasyFixSysCerts.exe (PID: 820)

    • Reads the computer name

      • EasyFixSysCerts.exe (PID: 1020)
      • EasyFixSysCerts.exe (PID: 820)

    • Checks supported languages

      • EasyFixSysCerts.exe (PID: 1020)
      • EasyFixSysCerts.exe (PID: 820)

    • Reads the machine GUID from the registry

      • EasyFixSysCerts.exe (PID: 820)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (54.3)
.exe | Win64 Executable (generic) (34.8)
.exe | Win32 Executable (generic) (5.6)
.exe | Generic Win/DOS Executable (2.5)
.exe | DOS Executable Generic (2.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:11:09 18:16:34+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 147968
InitializedDataSize: 555008
UninitializedDataSize: -
EntryPoint: 0x96fc
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1010
ProductVersionNumber: 1.0.0.1010
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Trend Micro Inc.
CoverageBuild: NO
CompileOption: Release
BuildType: Rel
FileDescription: Trend Micro Easy Fix for System Certificates
FileVersion: 1.0.0.1010
LegalCopyright: Copyright (C) 2023 Trend Micro Incorporated. All rights reserved.
LegalTrademarks: Copyright (C) Trend Micro Inc.
PrivateBuild: Build 10/18 - 10/18/2023
ProductName: Easy Fix for System Certificates
ProductVersion: 1.0.0
SpecialBuild: 1010
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
55
Monitored processes
15
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start easyfixsyscerts.exe easyfixsyscerts.exe no specs cmd.exe no specs certutil.exe no specs cmd.exe no specs certutil.exe no specs cmd.exe no specs certutil.exe no specs cmd.exe no specs certutil.exe no specs cmd.exe no specs certutil.exe no specs cmd.exe no specs certutil.exe no specs easyfixsyscerts.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116C:\Windows\system32\cmd.exe /c "certutil -addstore CA "C:\Users\admin\AppData\Local\Temp\_MEI10202/Sources/Certificates/Certs/DigiCertEVCodeSigningCA-SHA2.crt""C:\Windows\System32\cmd.exeEasyFixSysCerts.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
284certutil -addstore CA "C:\Users\admin\AppData\Local\Temp\_MEI10202/Sources/Certificates/Certs/SymantecClass3SHA256CodeSigningCA.crt"C:\Windows\System32\certutil.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
CertUtil.exe
Exit code:
0
Version:
6.1.7601.18151 (win7sp1_gdr.130512-1533)
Modules
Images
c:\windows\system32\certutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\certcli.dll
c:\windows\system32\atl.dll
308certutil -addstore CA "C:\Users\admin\AppData\Local\Temp\_MEI10202/Sources/Certificates/Certs/DigiCertEVCodeSigningCA.crt"C:\Windows\System32\certutil.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
CertUtil.exe
Exit code:
0
Version:
6.1.7601.18151 (win7sp1_gdr.130512-1533)
Modules
Images
c:\windows\system32\certutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\certcli.dll
c:\windows\system32\atl.dll
728C:\Windows\system32\cmd.exe /c "certutil -addstore CA "C:\Users\admin\AppData\Local\Temp\_MEI10202/Sources/Certificates/Certs/DigiCertHighAssuranceCodeSigningCA-1.crt""C:\Windows\System32\cmd.exeEasyFixSysCerts.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
820"C:\Users\admin\AppData\Local\Temp\EasyFixSysCerts.exe" C:\Users\admin\AppData\Local\Temp\EasyFixSysCerts.exeEasyFixSysCerts.exe
User:
admin
Company:
Trend Micro Inc.
Integrity Level:
HIGH
Description:
Trend Micro Easy Fix for System Certificates
Exit code:
0
Version:
1.0.0.1010
Modules
Images
c:\users\admin\appdata\local\temp\easyfixsyscerts.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
1020"C:\Users\admin\AppData\Local\Temp\EasyFixSysCerts.exe" C:\Users\admin\AppData\Local\Temp\EasyFixSysCerts.exe
explorer.exe
User:
admin
Company:
Trend Micro Inc.
Integrity Level:
HIGH
Description:
Trend Micro Easy Fix for System Certificates
Exit code:
0
Version:
1.0.0.1010
Modules
Images
c:\users\admin\appdata\local\temp\easyfixsyscerts.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
1116C:\Windows\system32\cmd.exe /c "certutil -addstore AuthRoot "C:\Users\admin\AppData\Local\Temp\_MEI10202/Sources/Certificates/Certs/microsoft identity verification root certificate authority 2020.crt""C:\Windows\System32\cmd.exeEasyFixSysCerts.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1592C:\Windows\system32\cmd.exe /c "certutil -addstore CA "C:\Users\admin\AppData\Local\Temp\_MEI10202/Sources/Certificates/Certs/SymantecClass3SHA256CodeSigningCA.crt""C:\Windows\System32\cmd.exeEasyFixSysCerts.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1680certutil -addstore CA "C:\Users\admin\AppData\Local\Temp\_MEI10202/Sources/Certificates/Certs/DigiCertEVCodeSigningCA-SHA2.crt"C:\Windows\System32\certutil.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
CertUtil.exe
Exit code:
0
Version:
6.1.7601.18151 (win7sp1_gdr.130512-1533)
Modules
Images
c:\windows\system32\certutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\certcli.dll
c:\windows\system32\atl.dll
1800certutil -addstore CA "C:\Users\admin\AppData\Local\Temp\_MEI10202/Sources/Certificates/Certs/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt"C:\Windows\System32\certutil.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
CertUtil.exe
Exit code:
0
Version:
6.1.7601.18151 (win7sp1_gdr.130512-1533)
Modules
Images
c:\windows\system32\certutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\certcli.dll
c:\windows\system32\atl.dll
Total events
2 336
Read events
2 240
Write events
90
Delete events
6

Modification events

(PID) Process:(2032) certutil.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2032) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
Operation:delete valueName:F40042E2E5F7E8EF8189FED15519AECE42C3BFA2
Value:
(PID) Process:(2032) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2
Operation:writeName:Blob
Value:
030000000100000014000000F40042E2E5F7E8EF8189FED15519AECE42C3BFA22000000001000000D0050000308205CC308203B4A00302010202105498D2D1D45B1995481379C811C08799300D06092A864886F70D01010C05003077310B3009060355040613025553311E301C060355040A13154D6963726F736F667420436F72706F726174696F6E314830460603550403133F4D6963726F736F6674204964656E7469747920566572696669636174696F6E20526F6F7420436572746966696361746520417574686F726974792032303230301E170D3230303431363138333631365A170D3435303431363138343434305A3077310B3009060355040613025553311E301C060355040A13154D6963726F736F667420436F72706F726174696F6E314830460603550403133F4D6963726F736F6674204964656E7469747920566572696669636174696F6E20526F6F7420436572746966696361746520417574686F72697479203230323030820222300D06092A864886F70D01010105000382020F003082020A0282020100B3912A07830667FD9E9DE0C7C0B7A4E642047F0FA6DB5FFBD55AD745A0FB770BF080F3A66D5A4D7953D8A08684574520C7A254FBC7A2BF8AC76E35F3A215C42F4EE34A8596490DFFBE99D814F6BC2707EE429B2BF50B9206E4FD691365A89172F29884EB833D0EE4D771124821CB0DEDF64749B79BF9C9C717B6844FFFB8AC9AD773674985E386BD3740D02586D4DEB5C26D626AD5A978BC2D6F49F9E56C1414FD14C7D3651637DECB6EBC5E298DFD629B152CD605E6B9893233A362C7D7D6526708C42EF4562B9E0B87CCECA7B4A6AAEB05CD1957A53A0B04271C91679E2D622D2F1EBEDAC020CB0419CA33FB89BE98E272A07235BE79E19C836FE46D176F90F33D008675388ED0E0499ABBDBD3F830CAD55788684D72D3BF6D7F71D8FDBD0DAE926448B75B6F7926B5CD9B952184D1EF0F323D7B578CF345074C7CE05E180E35768B6D9ECB3674AB05F8E0735D3256946797250AC6353D9497E7C1448B80FDC1F8F47419E530F606FB21573E061C8B6B158627497B8293CA59E87547E83F38F4C75379A0B6B4E25C51EFBD5F38C113E6780C955A2EC5405928CC0F24C0ECBA0977239938A6B61CDAC7BA20B6D737D87F37AF08E33B71DB6E731B7D9972B0E486335974B516007B506DC68613DAFDC439823D24009A60DABA94C005512C34AC50991387BBB30580B24D30025CB826835DB46373EFAE23954F6028BE37D55BA50203010001A3543052300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E04160414C87ED26A852A1BCA1998040727CF50104F68A8A2301006092B06010401823715010403020100300D06092A864886F70D01010C05000382020100AF6ADDE619E72D9443194ECBE9509564A50391028BE236803B15A252C21619B66A5A5D744330F49BFF607409B1211E90166DC5248F5C668863F44FCC7DF2124C40108B019FDAA9C8AEF2951BCF9D05EB493E74A0685BE5562C651C827E53DA56D94617799245C4103608522917CB2FA6F27ED469248A1E8FB0730DCC1C4AABB2AAEDA79163016422A832B87E3228B367732D91B4DC31010BF7470AA6F1D74AED5660C42C08A37B40B0BC74275287D6BE88DD378A896E67881DF5C95DA0FEB6AB3A80D71A973C173622411EAC4DD583E63C38BD4F30E954A9D3B604C3327661BBB018C52B18B3C080D5B795B05E514D22FCEC58AAE8D894B4A52EED92DEE7187C2157DD5563F7BF6DCD1FD2A6772870C7E25B3A5B08D25B4EC80096B3E18336AF860A655C74F6EAEC7A6A74A0F04BEEEF94A3AC50F287EDD73A3083C9FB7D57BEE5E3F841CAE564AEB3A3EC58EC859ACCEFB9EAF35618B95C739AAFC577178359DB371A187254A541D2B62375A3439AE5777C9679B7418DBFECDC80A09FD17775585F3513E0251A670B7DCE25FA070AE46121D8D41CE507C63699F496D0C615FE4ECDD7AE8B9DDB16FD04C692BDD488E6A9A3AABBF764383B5FCC0CD035BE741903A6C5AA4CA26136823E1DF32BBC975DDB4B783B2DF53BEF6023E8F5EC0B233695AF9866BF53D37BB8694A2A966669C494C6F45F6EAC98788880065CA2B2EDA2
(PID) Process:(1680) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
Operation:delete valueName:60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Value:
(PID) Process:(1680) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3
Operation:writeName:Blob
Value:
03000000010000001400000060EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E32000000001000000C0060000308206BC308205A4A003020102021003F1B4E15F3A82F1149678B3D7D8475C300D06092A864886F70D01010B0500306C310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D312B30290603550403132244696769436572742048696768204173737572616E636520455620526F6F74204341301E170D3132303431383132303030305A170D3237303431383132303030305A306C310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D312B302906035504031322446967694365727420455620436F6465205369676E696E672043412028534841322930820122300D06092A864886F70D01010105000382010F003082010A0282010100A753FA0FB2B513F164CF8480FCAE8035D1B6D7C7A32CAC1A2CACF184AC3A35123A9291BA57E4C4C9F32FA8483CB7D66EDC9722BA517961AF432F0DB79BB44931AE44583EA4A196A7874F237EC36C652490553EA1CA237CC542E9C47A62459B7DDE6374CB9E6325F8849A9AAD454FAE7D1FC813CB759BC9E1E18AF80B0C98F4CA3ED045AA7A1EA558933634BE2B2E2B315866B432109F9DF052A1EFE83ED376F2405ADCFA6A3D1B4BAD76B08C5CEE36BA83EA30A84CDEF10B2A584188AE0089AB03D11682202276EB5E54381262E1D27024DBED1F70D26409802DE2B69DCE1FF2BB21F36CDBD8B3197B8A509FEFEC360A5C9AB74AD308A03979FDDDBF3D3A09250203010001A38203583082035430120603551D130101FF040830060101FF020100300E0603551D0F0101FF04040302018630130603551D25040C300A06082B06010505070303307F06082B0601050507010104733071302406082B060105050730018618687474703A2F2F6F6373702E64696769636572742E636F6D304906082B06010505073002863D687474703A2F2F636163657274732E64696769636572742E636F6D2F4469676943657274486967684173737572616E63654556526F6F7443412E63727430818F0603551D1F0481873081843040A03EA03C863A687474703A2F2F63726C332E64696769636572742E636F6D2F4469676943657274486967684173737572616E63654556526F6F7443412E63726C3040A03EA03C863A687474703A2F2F63726C342E64696769636572742E636F6D2F4469676943657274486967684173737572616E63654556526F6F7443412E63726C308201C40603551D20048201BB308201B7308201B306096086480186FD6C0302308201A4303A06082B06010505070201162E687474703A2F2F7777772E64696769636572742E636F6D2F73736C2D6370732D7265706F7369746F72792E68746D3082016406082B06010505070202308201561E8201520041006E007900200075007300650020006F00660020007400680069007300200043006500720074006900660069006300610074006500200063006F006E0073007400690074007500740065007300200061006300630065007000740061006E006300650020006F00660020007400680065002000440069006700690043006500720074002000430050002F00430050005300200061006E00640020007400680065002000520065006C00790069006E0067002000500061007200740079002000410067007200650065006D0065006E00740020007700680069006300680020006C0069006D006900740020006C0069006100620069006C00690074007900200061006E0064002000610072006500200069006E0063006F00720070006F00720061007400650064002000680065007200650069006E0020006200790020007200650066006500720065006E00630065002E301D0603551D0E041604148FE87EF06D326A000523C770976A3A90FF6BEAD4301F0603551D23041830168014B13EC36903F8BF4701D498261A0802EF63642BC3300D06092A864886F70D01010B0500038201010019334A0C813337DBAD36C9E4C93ABBB51B2E7AA2E2F44342179EBF4EA14DE1B1DBE981DD9F01F2E488D5E9FE09FD21C1EC5D80D2F0D6C143C2FE772BDBF9D79133CE6CD5B2193BE62ED6C9934F88408ECDE1F57EF10FC6595672E8EB6A41BD1CD546D57C49CA663815C1BFE091707787DCC98D31C90C29A233ED8DE287CD898D3F1BFFD5E01A978B7CDA6DFBA8C6B23A666B7B01B3CDD8A634EC1201AB9558A5C45357A860E6E70212A0B92364A24DBB7C81256421BECFEE42184397BBA53706AF4DFF26A54D614BEC4641B865CEB8799E08960B818C8A3B8FC7998CA32A6E986D5E61C696B78AB9612D93B8EB0E0443D7F5FEA6F062D4996AA5C1C1F0649480
(PID) Process:(1680) certutil.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(308) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
Operation:delete valueName:846896AB1BCF45734855C61B63634DFD8719625B
Value:
(PID) Process:(308) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\846896AB1BCF45734855C61B63634DFD8719625B
Operation:writeName:Blob
Value:
030000000100000014000000846896AB1BCF45734855C61B63634DFD8719625B2000000001000000B9060000308206B53082059DA00302010202100DD0E3374AC95BDBFA6B434B2A48EC06300D06092A864886F70D0101050500306C310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D312B30290603550403132244696769436572742048696768204173737572616E636520455620526F6F74204341301E170D3132303431383132303030305A170D3237303431383132303030305A3065310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D312430220603550403131B446967694365727420455620436F6465205369676E696E6720434130820122300D06092A864886F70D01010105000382010F003082010A0282010100B906741C5DB420AAA921A82A4246AB25201725CB228F90A2A0316B830575AFB20E7C12497B6A8664840F83DC64B9B16E16053E1C95B9E7E7886DB862819079D4DDF5E296F9C3B58823574A1ACF7129E908008FB598E3A732FDAC2EB8F49353F40A394391AFD56BE8D49F46BD8E3DABE2F92BD4EA00406624B7E87FB444758D789AAE31C137CF4E1F5BF8454AD73FC2C9920664BEDE068AAFD0E88AB1F02C88006F0BDC85A74CCB06BFD62E2A326E2971AF8E22F30FD0D898482DA808CBB68B23C263E0B673EB6F7D264F8BF7343D37860CB77827F4C286DB436B5AF83D3DF4E8B06256C6E7ED78A1FBFD7A724F3265C47CC3C477A0043232ED8F3FAF86DD7ED10203010001A38203583082035430120603551D130101FF040830060101FF020100300E0603551D0F0101FF04040302018630130603551D25040C300A06082B06010505070303307F06082B0601050507010104733071302406082B060105050730018618687474703A2F2F6F6373702E64696769636572742E636F6D304906082B06010505073002863D687474703A2F2F636163657274732E64696769636572742E636F6D2F4469676943657274486967684173737572616E63654556526F6F7443412E63727430818F0603551D1F0481873081843040A03EA03C863A687474703A2F2F63726C332E64696769636572742E636F6D2F4469676943657274486967684173737572616E63654556526F6F7443412E63726C3040A03EA03C863A687474703A2F2F63726C342E64696769636572742E636F6D2F4469676943657274486967684173737572616E63654556526F6F7443412E63726C308201C40603551D20048201BB308201B7308201B306096086480186FD6C0302308201A4303A06082B06010505070201162E687474703A2F2F7777772E64696769636572742E636F6D2F73736C2D6370732D7265706F7369746F72792E68746D3082016406082B06010505070202308201561E8201520041006E007900200075007300650020006F00660020007400680069007300200043006500720074006900660069006300610074006500200063006F006E0073007400690074007500740065007300200061006300630065007000740061006E006300650020006F00660020007400680065002000440069006700690043006500720074002000430050002F00430050005300200061006E00640020007400680065002000520065006C00790069006E0067002000500061007200740079002000410067007200650065006D0065006E00740020007700680069006300680020006C0069006D006900740020006C0069006100620069006C00690074007900200061006E0064002000610072006500200069006E0063006F00720070006F00720061007400650064002000680065007200650069006E0020006200790020007200650066006500720065006E00630065002E301D0603551D0E04160414AD690670FC801B16B3A918946B9402865EF7278C301F0603551D23041830168014B13EC36903F8BF4701D498261A0802EF63642BC3300D06092A864886F70D010105050003820101009E5B963A2E1288ACAB016DA49F75E40187A3A532D7BCBAA97EA3D61417F7C2136B7C738F2B6AE50F265968B08E259B6CEFFA6C939208C14DCF459E9C46D61E74A19B14A3FA012F4AB101E1724048111368B9369D914BD7C2391210C1C4DCBB6214142A615D4F387C661FC61BFFADBE4F7F945B7343000F4D73B751CF0EF677C05BCD348CD96313AA0E6111D6F28E27FCB47BB8B91120918678EA0ED428FF2AD52438E837B2EC96BB9FBC4A1650E15EBF517D23A032C7C1949E7AC9C026A2CC2587A0127E749F2D8DB1C8E784BEB9D1E9DEBB6A4E887371E12238CB2487E9737E51B2FF98EB4E7E2FE0CA0EFAB35ED1BA0542A8489F83F63FC4CAA8DF68A05061
(PID) Process:(308) certutil.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1840) certutil.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
Operation:delete valueName:E308F829DC77E80AF15EDD4151EA47C59399AB46
Value:
Executable files
53
Suspicious files
3
Text files
16
Unknown types
23

Dropped files

PID
Process
Filename
Type
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\_ssl.pydexecutable
MD5:B5058701C859192FD4F1065039A87335
SHA256:3631D0F38C7F6DD8B8AE19600A44161088956749CA37F81B7C1EF2EB26EF4D49
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\_lzma.pydexecutable
MD5:97A3A51A648D9132DC9707ABAB163384
SHA256:15575A1CC6333BAEC37FE5D4FECCC08AA18B8E263F2CE70AC8D6F2AC7F557926
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\_socket.pydexecutable
MD5:6A57A7BF8124875687BC60F57F4A26D1
SHA256:A824A0DF8CA068F889837C4DA04FA65E90B2C71B6AB28B11827EA615DC697695
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\_hashlib.pydexecutable
MD5:09ED45C3379EB3AAFC1C36C9E599F2DF
SHA256:601CBDA5C2A019EBBDFD39987D112D34FCD7D0662390F2374959627F349B483C
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\VCRUNTIME140.dllexecutable
MD5:A2523EA6950E248CBDF18C9EA1A844F6
SHA256:6823B98C3E922490A2F97F54862D32193900077E49F0360522B19E06E6DA24B4
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\api-ms-win-core-file-l2-1-0.dllexecutable
MD5:534483B0F4A1924B1AE6D7E66B4A4926
SHA256:C1BCA1BB524C5AE3D877A099F469B6FC34288BAB26AE7A7F4FC47CD869F4958D
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\api-ms-win-core-file-l1-2-0.dllexecutable
MD5:00D8B4BED48A1BB8A0451B967A902977
SHA256:568D7F8551D8B4199DB3359D5145BC4CB01D6D2F1347547F47967EB06A45C3B5
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\api-ms-win-core-handle-l1-1-0.dllexecutable
MD5:D37696B67EF1316CEF238542BFD7FB9A
SHA256:01DABF204E1349AAD1A04A6A70685F739DEABE5C022B26E184C1622F160A138D
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\api-ms-win-core-interlocked-l1-1-0.dllexecutable
MD5:213C3721235456B85D5F4EFD825F5A4F
SHA256:51B8BE1B4BD374A1EC7849E4723285D4662F4BBA7F2609DA63178B94D7A1D286
1020EasyFixSysCerts.exeC:\Users\admin\AppData\Local\Temp\_MEI10202\api-ms-win-core-heap-l1-1-0.dllexecutable
MD5:F40ABA6CFCCC038B547BDC5F18A9DA67
SHA256:3F567BE8A2B5D27E333BF328F10058BD8C21D7CEA453777A63A1C27A0BF0C7E7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
unknown
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
EasyFixSysCerts.exe