Microsoft System Certificates Modified by FireHack.exe

Last night I notice that Microsoft System Certificates Roots (which I highlight on the screenshot attached below)  were modified by a program called "Firehack" (a premium multi-hack for retail World of Warcraft).  Firehack.exe is only supposed to access and modify WoW-64.exe in memory; makes no sense for Firehack.exe to be modifying Microsoft System Certificates like \SmartCardRoot -- \AuthRoot -- \Root 'or HKLM\SYSTEM\ControlSet001\Control\SecurityProviders\Schannel.
---------------------------------------------------------------------------------------------
Do programs usually access Microsoft System Certificates like \SmartCardRoot -- \AuthRoot -- \Root  or is this unusual behavior? I have sensitive information on my system, I'm worried that this could compromise the integrity of my system's decryption certificates sense its certificate directories have been modified.

I though this program was safe to run because my friend uses it and make me install to play with him so I "Allowed" all of the Host Intrution Prevention warnings with out reading me (I know bad move) but after looking at my entry logs for Defense+ the modification to the certificate directory secared me.

As of now FireHack.exe has no internet access and all its permissions have been revoked and no significant data transfers 6/kb in 1kb out over the duration of its existence on my system.