From 3b48e731d6a6955643a61c1fea07b3310e3efea3 Mon Sep 17 00:00:00 2001
From: Seiga Ueno <seiga.ueno@ntt.com>
Date: Mon, 15 Dec 2025 16:12:58 +0900
Subject: [PATCH] Update d3d10warp.yml

---
 yml/microsoft/built-in/d3d10warp.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/yml/microsoft/built-in/d3d10warp.yml b/yml/microsoft/built-in/d3d10warp.yml
index 512e81d2..899546d5 100644
--- a/yml/microsoft/built-in/d3d10warp.yml
+++ b/yml/microsoft/built-in/d3d10warp.yml
@@ -24,8 +24,16 @@ VulnerableExecutables:
   - Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
     Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
     Type: Catalog
+- Path: '%SYSTEM32%\phoneactivate.exe'
+  Type: Sideloading
+  ExpectedSignatureInformation:
+  - Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
+    Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
+    Type: Catalog
 Resources:
 - https://wietze.github.io/blog/hijacking-dlls-in-windows
 Acknowledgements:
+- Name: Seiga Ueno
+  Company: NTT DOCOMO BUSINESS, Inc.
 - Name: Wietze
   Twitter: '@wietze'