48f4527be1344fa36c0082b402c9db9b5fc67b4ad23105f041bcf1c0cbbf0541

Analysis

max time kernel
121s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20/02/2024, 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Size

70.3MB
MD5

e07757b46afc01c47a06d74134b78891
SHA1

60061d4bf6efb9a99982b2509283f17746687625
SHA256

48f4527be1344fa36c0082b402c9db9b5fc67b4ad23105f041bcf1c0cbbf0541
SHA512

73c40e3082a70a4b38e75190842c2a38d4f44cee4c4796f52caedc6aa8cbda1bf4dd7cd00b462c5fd927e4ef9b81e41b7aee459a312dc6e47467b2ab2a428d56
SSDEEP

1572864:RprHe/6QDu0XUAcnt0qDwmp9hjCW6vKTmh4KerU7daqpfJ6JSRBL5CLyFhfG:RVy652qDF1AMvKerUXeJSRBL1FU

Score

6^/10

bootkit persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ = "RootsUpdate"	KB931125.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\IsInstalled = "1"	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Version = "28,0,2195,0"	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Locale = "*"	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ComponentID = "Windows Roots Update"	KB931125.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\BirdWallpaper\{DC794AFD-7188-4ce5-97B2-9E8164670673}.tf	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
File opened for modification	C:\Program Files (x86)\BirdWallpaper\BirdWallpaper\bizhi_setup.log	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.app.log	KB931125.exe

Executes dropped EXE 5 IoCs

pid	Process
2696	KB931125.exe
2616	updroots.exe
2684	updroots.exe
2140	updroots.exe
1012	updroots.exe

Loads dropped DLL 17 IoCs

pid	Process
2240	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
2240	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
2696	KB931125.exe
2696	KB931125.exe
2696	KB931125.exe
2696	KB931125.exe
2616	updroots.exe
2696	KB931125.exe
2696	KB931125.exe
2684	updroots.exe
2696	KB931125.exe
2696	KB931125.exe
2140	updroots.exe
2696	KB931125.exe
2696	KB931125.exe
1012	updroots.exe
2240	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 64 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\EDB3CB5FB419A185066267E5791554E1E28B6399\Blob = 0f0000000100000014000000443c111b7824f3767ef7e4d4a35243f7e24252a5030000000100000014000000edb3cb5fb419a185066267e5791554e1e28b639909000000010000002a000000302806082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080b000000010000003a00000053006f0075007400680020004100660072006900630061006e00200050006f007300740020004f0066006600690063006500200043004100000020000000010000003d0400003082043930820321a003020102020101300d06092a864886f70d01010505003081ce310b3009060355040613025a41311530130603550408130c5765737465726e2043617065311630140603550407130d536f6d65727365742057657374312a3028060355040a1321536f757468204166726963616e20506f7374204f6666696365204c696d69746564311a3018060355040b13115341504f2054727573742043656e747265311d301b060355040313145341504f20436c617373203220526f6f742043413129302706092a864886f70d010901161a706b6961646d696e40747275737463656e7472652e636f2e7a61301e170d3130303931353030303030305a170d3330303931343030303030305a3081ce310b3009060355040613025a41311530130603550408130c5765737465726e2043617065311630140603550407130d536f6d65727365742057657374312a3028060355040a1321536f757468204166726963616e20506f7374204f6666696365204c696d69746564311a3018060355040b13115341504f2054727573742043656e747265311d301b060355040313145341504f20436c617373203220526f6f742043413129302706092a864886f70d010901161a706b6961646d696e40747275737463656e7472652e636f2e7a6130820122300d06092a864886f70d01010105000382010f003082010a0282010100b77c697c60f56c26f4aa1c177f5dd4114be7f3dae773a7faa44249683fdaa5405c06685f4eccbdbe8138242dcc26a0446d03cb23e0bbde85534b945f5f7baac81a97fed72393edb06abdd8fc003eb39204e04bbe4f3b98a79dedcd63f081e76c98d46c605500e5b93ce634955de0fd7187e9ff81eee5776f18fff3c97ca595dd82dc14d9a2e1becd2773bb455b3f74b162786610222cf568f31788163b9a1b1dfb14ae0dbaf29055a2d530d62b9532c7396e7b65d27738ce6e56a5d923ab38b23b5185c01d1bb7112f056947d802ca92a8e133de85089bed90d5d8219971bfb6f573ef67089864d2f22a7a4b2116e11f5861de91471f219f1ffe8c23868318270203010001a320301e300e0603551d0f0101ff040403020106300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010023c1c96c8379c8cf857f3c5ebb56acff604751a79c4af187c44d87dfe64c0de433e97e085310a2eb423eaf48f1c71d159774761cbd742243e859593e0dca71c6e797a87ef75b9fde74e81b51424963c0a3e8948fd69eb6cd05d6cea0eab187b0bb2e0abae85d3b3c00ff6f165d6564505035ff17b87618c7f16b5f0dd9e8ea1323617f61ce6b490781305221f2a1c198efc642f32fe30e686945f391d16451a6da4a799a245bc34cb18711c7e1f75cf8225e37d676477bbf699f55d530252c4aab4c84e4255aa4d261c6a1e090732c7fa9be369cfe6e2157459141aa026d53b830bbdcc2e720330e557bfb4293071a485e2dfe44b71f64be1bc34d9dead63260	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\C8EC8C879269CB4BAB39E98D7E5767F31495739D	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\36863563FD5128C7BEA6F005CFE9B43668086CCE	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DA40188B9189A3EDEEAEDA97FE2F9DF5B7D18A41\Blob = 030000000100000014000000da40188b9189a3edeeaeda97fe2f9df5b7d18a41090000000100000020000000301e06082b0601050507030406082b0601050507030106082b060105050703030b000000010000003c000000450071007500690066006100780020005300650063007500720065002000650042007500730069006e006500730073002000430041002d003100000020000000010000008602000030820282308201eba003020102020104300d06092a864886f70d01010405003053310b3009060355040613025553311c301a060355040a1313457175696661782053656375726520496e632e312630240603550403131d45717569666178205365637572652065427573696e6573732043412d31301e170d3939303632313034303030305a170d3230303632313034303030305a3053310b3009060355040613025553311c301a060355040a1313457175696661782053656375726520496e632e312630240603550403131d45717569666178205365637572652065427573696e6573732043412d3130819f300d06092a864886f70d010101050003818d0030818902818100ce2f19bc17b777de93a95f5a0d174f341a0c98f422d959d4c46846f0b435c5850320c6af45a521514541eb165836326fe2506264f9fd519caa24d9f49d832a870a21d31238346c8d006e5aa0d942ee1a2195f9524c555ac50f384f46fa6df82e35d61d7cebe2f0b07580c8a913acbe88ef3a6eab5f2a386202b0127bfe8fa6030203010001a3663064301106096086480186f8420101040403020007300f0603551d130101ff040530030101ff301f0603551d230418301680144a78325211db5916365edfc11436406a477c4ca1301d0603551d0e041604144a78325211db5916365edfc11436406a477c4ca1300d06092a864886f70d010104050003818100755ba89b0311e6e9564ccdf9a94cc00d9af3cc6569e62576cc59b7d654c31dcd99ac19ddb485d5e03dfc6220a7844b5865f1e2f995213ff5d47e581e4787543e58a1b5b5f82aef71e7bcc3f6b14946e2d7a06be5567a9a27987c466214e7c9fc6e03127980381d48828dfc17fe2a962bb562a6a63dbd7f9259cd5a2a82b23779	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7639C71847E151B5C7EA01C758FBF12ABA298F7A\Blob = 0f0000000100000014000000557aad9870af5c053c6fc376e25cbdcce1e3371d0300000001000000140000007639c71847e151b5c7ea01c758fbf12aba298f7a090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002a0000004400530054002000280041004e00580020004e006500740077006f0072006b00290020004300410000002000000001000000510300003082034d308202b6a0030201020204366ea26f300d06092a864886f70d01010505003052310b300906035504061302555331243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311d301b060355040b13144453542028414e58204e6574776f726b29204341301e170d3938313230393135343634385a170d3138313230393136313634385a3052310b300906035504061302555331243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311d301b060355040b13144453542028414e58204e6574776f726b2920434130819d300d06092a864886f70d010101050003818b0030818702818100b448118058a0d5a5990ff6372c44b66ed17cf32a6b9e11b68823045c71259e6a1277116ebf683965a8f6b2f6a218b28915a067b77a8c22486bf684341fb6caf71b72cbf25b48d3871e22761304b4ac6c967fe70e08c93251302dd580e82167baf35e08242c07599d901aee46c9b5a41e96b44191d47fd28d3826b06f436e097d020103a38201303082012c301106096086480186f842010104040302000730740603551d1f046d306b3069a067a065a4633061310b300906035504061302555331243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311d301b060355040b13144453542028414e58204e6574776f726b29204341310d300b0603550403130443524c31302b0603551d1004243022800f31393938313230393135343634385a810f32303138313230393135343634385a300b0603551d0f040403020106301f0603551d230418301680148c165570cc160a5364c2a584aab36417433f8236301d0603551d0e041604148c165570cc160a5364c2a584aab36417433f8236300c0603551d13040530030101ff301906092a864886f67d074100040c300a1b0456342e3003020490300d06092a864886f70d0101050500038181004925c960b10c5fa93910d3c534557dcf79c329ebdef9c240f9e856c5f02fecf4d9ec4851b863385e936e189685b9ca509ca4b8ea66266893856f6f4c71d0be7a0b3c31b9f7be699e10d7d140e8ac1671abaeab38e170b1ca9216e05d85a6188006009ce1a6184251a7686859ef26945fad310cfe291e170184375be81232a35d	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A9628F4B98A91B4835BAD2C1463286BB66646A8C\Blob = 0f0000000100000014000000bab7574a2d55e47f4df6547f52ea76a9b548ddac0b00000001000000740000004100750074006f00720069006400610064002000640065002000430065007200740069006600690063006100630069006f006e0020004600690072006d006100700072006f0066006500730069006f006e0061006c0020004300490046002000410036003200360033003400300036003800000009000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b06010505070309030000000100000014000000a9628f4b98a91b4835bad2c1463286bb66646a8c20000000010000005b040000308204573082033fa003020102020101300d06092a864886f70d010105050030819d310b30090603550406130245533122302006035504071319432f204d756e74616e6572203234342042617263656c6f6e6131423040060355040313394175746f72696461642064652043657274696669636163696f6e204669726d6170726f666573696f6e616c20434946204136323633343036383126302406092a864886f70d01090116176361406669726d6170726f666573696f6e616c2e636f6d301e170d3031313032343232303030305a170d3133313032343232303030305a30819d310b30090603550406130245533122302006035504071319432f204d756e74616e6572203234342042617263656c6f6e6131423040060355040313394175746f72696461642064652043657274696669636163696f6e204669726d6170726f666573696f6e616c20434946204136323633343036383126302406092a864886f70d01090116176361406669726d6170726f666573696f6e616c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100e723036f6f23a55e78ce952ced941e6e0a9e01c7ea30d12c9ddd37e89b987956d3fc73dfd08ade558f51f95aeadeb570c4eda4edffa30d6e0f645031af012758aefe6ca74a2f172dd373d5131c8f59a5342c1d540445cd68b8a0c003a5cf85424795285bcfef806ce090978a013c1df387103026487dd7fce99d9171ff419aa940b5379c29204f1f52e3a07d136d54b70adee96a4e07acac195fdc7e6274f6b20500ba85a0fd1d386ecb5abb86bc94673335832c1f23cdf8c89171cc978befae0fdc29031bc039eb70edc16e0ed8670b89a9bc35e4efb634b4a5b6c42da5bed0c3942448dbdf96d300b5661a8b66050fdd3f3fcb3faa5e9a4af8b44aef95371b0203010001a3819f30819c302a0603551d1104233021861f687474703a2f2f7777772e6669726d6170726f666573696f6e616c2e636f6d30120603551d130101ff040830060101ff020101302b0603551d1004243022800f32303031313032343232303030305a810f32303133313032343232303030305a300e0603551d0f0101ff040403020106301d0603551d0e04160414330ba066d1eadacede6293042852b5147f3868b7300d06092a864886f70d010105050003820101004773fe8d2754f0f5d4779c27795757b71556ecc7d858b70102f433ed9350889e7c46b1bd3f146ff1b347488b8c9706d7ea7ea35c2abb4d2f47e2f83906c99c2e311a0378f4bc38c6228b3331f01604047df976e44bd7c0e683ec59cc3fdeff4f6bb7677ea686813223039dc8f75fc14a60a592a9b1a4a060c37887b322f32aeb5ba9ed05ab370fb1e2d395766356748c58721b37e564a1be4d0c93980c97f6876db33fe7cb80a6ed88c75f506202e8997416d0e6b439f127cbc840d6e38610a9231292e0694163a7af250bc0c592cb1e98a35abac5330fa09701dd7fe07bd60654cfa1e24d38eb4b50b5cb26f4cada704a6aa1e279aae1a733f6fd4a1ff6d960	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\68ED18B309CD5291C0D3357C1D1141BF883866B1\Blob = 0f0000000100000014000000f0197223486b58619c4840ec6af967f0eacae45103000000010000001400000068ed18b309cd5291c0d3357c1d1141bf883866b1090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002000000058006300650072007400200045005a00200062007900200044005300540000002000000001000000fc030000308203f8308202e0a003020102021100d01e40900000274b0000000100000004300d06092a864886f70d010105050030818c310b3009060355040613025553310d300b0603550408130455746168311730150603550407130e53616c74204c616b65204369747931183016060355040a130f586365727420455a20627920445354311830160603550403130f586365727420455a206279204453543121301f06092a864886f70d010901161263614064696773696774727573742e636f6d301e170d3939303731343136313431385a170d3039303731313136313431385a30818c310b3009060355040613025553310d300b0603550408130455746168311730150603550407130e53616c74204c616b65204369747931183016060355040a130f586365727420455a20627920445354311830160603550403130f586365727420455a206279204453543121301f06092a864886f70d010901161263614064696773696774727573742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100ad5418deb4bff7ade874aaed8b7c8fc2d4751ad584b9b662fc89efe4976192fb1db8e15a47349e9e0622fbd3ea38cbb88b07f71aa01777075a301cd4293820d72740d8509343bfd218a229760572aa6bb66998ab791e1c65f56a8bfcc516aaa272da60ed4e6e19257a0a1d30e3509b423c44eba1b0201edb027efe3d1fbfd0008adb4076a618a515a757b652c2011798778f8a81c61ab46a2ae6afa9d600accfd815497cdb1ba1fe81fa87f9d390c102c0f9d042e99168255fc6bf8739e995006028bf832cc0e75eb6d73616e7608776e8e727b2250d8b7ae5aa1de559cdce0b0e6fc6c89ce310d98539d3b79bfac6ba7c74d25d7556ab74a4a251bf527cee710203010001a3533051300f0603551d130101ff040530030101ff301f0603551d2304183016801408206c66eb810a6c5cd5b5a63c41dd1c96912777301d0603551d0e0416041408206c66eb810a6c5cd5b5a63c41dd1c96912777300d06092a864886f70d010105050003820101005a87588f2dab76216b540cd9f141f64ecd2b9ee31f9ba32d7fd92b7d58c867a429f5e9ecd5bd963fa373f8c45b367cd0632c34399b48b83d6ff614c59e63e6a7346ed3e833b3c73c186e23ae4392993f98c56930f1363badb93082d6b6591696020b291261b41189f70c2f94908598289c536c7e63dd73f419ff4a81d1b25223fd3c4a34ce5a1be0508aed4f8195d860e7e4c40dbb583e58f74e686f3e67c9cb7a971627ec42611476bb00c5eb083d157f4bb6225d873b90f4f3c0fe37b3e9d9620cc0c359af60bd1f0ddba1341f30c43d8badb01d0493ed5fd5e4bf203004f448e93301d12e902752b39bde3a1caba9977f9bebc28dc26decdc13d346c5797c	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\323C118E1BF7B8B65254E2E2100DD6029037F096\Blob = 1400000001000000140000002cd5504197158bf08f36615b4afb6bd999c933925300000001000000230000003021301f06092b06010401f022010630123010060a2b0601040182373c0101030200c00b0000000100000012000000470065006f0054007200750073007400000009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303030000000100000014000000323c118e1bf7b8b65254e2e2100dd6029037f0960f00000001000000140000006c0485e5a990e6e0a0c7d325312ab03362763a542000000001000000800300003082037c30820264a003020102021018acb56afd69b6153a636cafdafac4a1300d06092a864886f70d01010505003058310b300906035504061302555331163014060355040a130d47656f547275737420496e632e3131302f0603550403132847656f5472757374205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3036313132373030303030305a170d3336303731363233353935395a3058310b300906035504061302555331163014060355040a130d47656f547275737420496e632e3131302f0603550403132847656f5472757374205072696d6172792043657274696669636174696f6e20417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100beb8157bffd47c7d67ad83647bc842532ddff684082061d601596a9c4411afef76fd957ece6130bb7a835f02bd0166caee158d6fa1309cbda1859e943af356880031cfd8ee6a9602d9ed038cfb756de7eab8551605169af4e05eb188c064855c154d88c7b7bae075e9ad053d9dc78948e0bb28c803e13093645e52c05970223557888af1950a83d7bc31730134edef4671e06b02a835726b979b66e0cb1c795fd81a04681e4702e69d60e2369701dfce3592dfbe67c76d77593b8f9dd6901594bc423410c139f9b1273e7ed68a75c5b2af96d3a2de9be498be7de1e981adb66ffcd70edae034b00d1a77e7e30898ef58fa9c84b736afc2dfacd2f410067071350203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604142cd5504197158bf08f36615b4afb6bd999c93392300d06092a864886f70d010105050003820101005a707f2cddb7344ff58651a926be4bb8aaf1710ddc61c7a0ea341e7a770f0435e8278f6c90bf911624463e4a4ece2b16d50b521dfc1f67a20245314fcef3fa03a7799d536ad9da633af880d7d399e1a5e1bed4557198353abe93eaaead42b2906fe0fc214d3563338949d69b4ecac7e74e0900f7dac7ef99629977b695225e8aa0abf4b87898ca381999c9729e78cd4bacaf19a073122dfcc241ba8191da165a31b7f9b4718012489972735a5953c1635233eda7c9d2390270fae0b1426629aa9b51ed305422145fd9ab1dc1e494f0f8f52bf7eaca7846d6b891fda60d2b1a14013e80f042a095075e6dcdcc4ba4458dab12e8b3de5ae5a07ce80f221d5ae959	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F9CD0E2CDA7624C18FBDF0F0ABB645B8F7FED57A\Blob = 190000000100000010000000bc021401411af05c5a0ce90b03a62fdb0f00000001000000140000003c0bb60d9259e5f84e6da4dd217992db6f1d39ef0b000000010000002600000043006f006d005300690067006e0020005300650063007500720065006400200043004100000009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303030000000100000014000000f9cd0e2cda7624c18fbdf0f0abb645b8f7fed57a140000000100000014000000c14bed70b6f73e7c003b008fc73e0e459f1e5dec2000000001000000af030000308203ab30820293a003020102021100c7284709b3b86c458c1dfa24f5364ee9300d06092a864886f70d0101050500303c311b301906035504031312436f6d5369676e20536563757265642043413110300e060355040a1307436f6d5369676e310b300906035504061302494c301e170d3034303332343131333732305a170d3239303331363135303435365a303c311b301906035504031312436f6d5369676e20536563757265642043413110300e060355040a1307436f6d5369676e310b300906035504061302494c30820122300d06092a864886f70d01010105000382010f003082010a0282010100c6b5685f1d9415c3a408552de3a0577aefe9742abbb97c57491a115e4f29870c48d66ae78fd47e5724b90689e41c3ceaace3da218073210aef79986c1f08ffa1507df2981bc9546f3ea528ec21040f45bb073da1c0fa2a981d4e0693fbf5883bab5fcb16bfe6f39e4a87ed19eac29f43e4f181a57f104f3ed14a62ad531bcb83ff0765a5922d66a95bb85af41db421914a177b9e32fe562439b2548443f584c2d8bc4190cc9dd668dae98250a93b68cfb55d02946016b143d9435ddd5d876eeabbb3c96bf603940970de16117a2be8768f49109877b9635c8b339775f60b8cb2ab5bde7420253fe3f311f98768863571c31d8c2debe51aac0f73d582594080d30203010001a381a73081a4300c0603551d13040530030101ff30440603551d1f043d303b3039a037a0358633687474703a2f2f66656469722e636f6d7369676e2e636f2e696c2f63726c2f436f6d5369676e5365637572656443412e63726c300e0603551d0f0101ff040403020186301f0603551d23041830168014c14bed70b6f73e7c003b008fc73e0e459f1e5dec301d0603551d0e04160414c14bed70b6f73e7c003b008fc73e0e459f1e5dec300d06092a864886f70d0101050500038201010016cfee921350ab7b149e33b642206ad415bd09abfc72e8ef477a90ac51c1644ee988bd434581e366233f12864d19e405b0e637c28dda0628c90f89a453a9753fb096fbab4c3355f97826466f1b3698fb4276c182b98edefb45f9631b623b3906ca777aa83c09cf6c363d0f0a454b69161a457d330365f95271902695ac4c0cf58b933fcc75748598baff627a4d1f89feaebd940099bf11a5dce079c5160b7d02611dea85f902154fe75a894e146fe3374b85f5c13c61e0fd0541b2927fc31da0d0ae5264606b18c6269cd8f564e4361a629f8a0f3eff6d4e19564e20916c9f34333a3457503a6f815e06c6f53e7c4e8e2bce65062e5dd22a53745ed36e279e8f	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B172B1A56D95F91FE50287E14D37EA6A4463768A\Blob = 030000000100000014000000b172b1a56d95f91fe50287e14d37ea6a4463768a090000000100000016000000301406082b0601050507030406082b060105050703020b000000010000001400000055005300450052005400720075007300740000002000000001000000a6040000308204a23082038aa003020102021044be0c8b500024b411d336252567c989300d06092a864886f70d01010505003081ae310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d313630340603550403132d55544e2d5553455246697273742d436c69656e742041757468656e7469636174696f6e20616e6420456d61696c301e170d3939303730393137323835305a170d3139303730393137333635385a3081ae310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d313630340603550403132d55544e2d5553455246697273742d436c69656e742041757468656e7469636174696f6e20616e6420456d61696c30820122300d06092a864886f70d01010105000382010f003082010a0282010100b23985a4f27dab413b624637aecdc16075bc3965f94a1a47a2b9cc48cc6a98d54d3519b9a442e5ce49e28a2f1e7cd23107c74eb483649d2e29d5a264c485bd85513579a44e68907b1c7aa492a817f29815f293ccc9a43295bb0c4f30bd98a00b8be56e1ba246fa78bca26fab595ea52fcfcada6daa2febaca1b36aaab72e67358b79e11e6988e2e646cda0a5eabe0bce763a7a0e9beafcda275b3d731f22e64861c64cf369b1a82e1bb6d431202cbc828a8ea40ea5d78943fc165aaf1d71d71159daba870daffaf3e1c2f0a4c5678cd6d6543ade0aa4ba0377b365c8fd1ed37462aa18ca68931ea1857ef54765cbf84d572874d234ff30b6eef66230148c2ceb0203010001a381b93081b6300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e041604148982677dc49d2670004bb450487cde3dae046e7d30580603551d1f0451304f304da04ba0498647687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d436c69656e7441757468656e7469636174696f6e616e64456d61696c2e63726c301d0603551d250416301406082b0601050507030206082b06010505070304300d06092a864886f70d01010505000382010100b16d615da61a7f7cab4ae430fc536f2524c6caede2315c2b0eeeee61556f043ecf39dec51b4994e4eb204cb4e69e502e72d98df5aaa3b34ada561c609780dc82a2ad4abd8a2bff0b09b4c6d7200445e4cd8001baba2b6eceaad792fee4afebf4261d162a7f6c3095372f3312ac7fddc7d1118c5198b2d0a391d0adf69f9e83931e1d42b846af6b66f09b7feae30302e50251c1aad5359d72400389ba311dc51068529edfa285c55c08a678e6534fb1e8b7d3149e93a6c364e3ac7e71cdbc9fe9031bccfbe9ac31c1af7c15740299c3b247a6c23261d7c76f48245127a1d58755f27b8f983d169eee75b6f8d08ef2f3c6ae285ba7f0f33617fcc305d3ca034a54	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\68ED18B309CD5291C0D3357C1D1141BF883866B1	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1B4B396126276B6491A2686DD70243212D1F1D96\Blob = 140000000100000014000000bd8887c98ff6a40a0baaebc5fe91239dab4a8a320300000001000000140000001b4b396126276b6491a2686dd70243212d1f1d96090000000100000074000000307206082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030606082b0601050507030706082b0601050508020206082b06010505070308060a2b0601040182370a0304060a2b0601040182370a030c06082b060105050703090b000000010000000e0000004b0061006d00750053004d0000000f0000000100000014000000e2f4764ab337eb1ccf45db5c6970b3b716d5e5c920000000010000001b05000030820517308203ffa003020102020111300d06092a864886f70d01010505003082012b310b30090603550406130254523118301606035504070c0f4765627a65202d204b6f6361656c6931473045060355040a0c3e54c3bc726b6979652042696c696d73656c2076652054656b6e6f6c6f6a696b20417261c59f74c4b1726d61204b7572756d75202d2054c39c42c4b054414b31483046060355040b0c3f556c7573616c20456c656b74726f6e696b207665204b726970746f6c6f6a6920417261c59f74c4b1726d6120456e73746974c3bc73c3bc202d2055454b414531233021060355040b0c1a4b616d7520536572746966696b6173796f6e204d65726b657a69314a304806035504030c4154c39c42c4b054414b2055454b4145204bc3b66b20536572746966696b612048697a6d6574205361c49f6c6179c4b163c4b173c4b1202d2053c3bc72c3bc6d2033301e170d3037303832343131333730375a170d3137303832313131333730375a3082012b310b30090603550406130254523118301606035504070c0f4765627a65202d204b6f6361656c6931473045060355040a0c3e54c3bc726b6979652042696c696d73656c2076652054656b6e6f6c6f6a696b20417261c59f74c4b1726d61204b7572756d75202d2054c39c42c4b054414b31483046060355040b0c3f556c7573616c20456c656b74726f6e696b207665204b726970746f6c6f6a6920417261c59f74c4b1726d6120456e73746974c3bc73c3bc202d2055454b414531233021060355040b0c1a4b616d7520536572746966696b6173796f6e204d65726b657a69314a304806035504030c4154c39c42c4b054414b2055454b4145204bc3b66b20536572746966696b612048697a6d6574205361c49f6c6179c4b163c4b173c4b1202d2053c3bc72c3bc6d203330820122300d06092a864886f70d01010105000382010f003082010a02820101008a6d4bff10883ac3f67e94e8ea206470ae2181be3a7b3cdbf11d527f59faf3224c95a090bc484e11abfbb7b58d7a83288c2646d84e954087619fc59e6d8187576c8a3bb466eacc40fce3aa6cb2cb01db32bfd2eb85cfa10d55c35b385770b875c679d11430ed1b585b6bef35f2a1214ec5ce7c995f6cb9b8229350a7cd4c706abe6a057f139c2b1eeafe47ce04a56fac932e7c2b9f9e791391e8ea9eca38758e62b095932ae5dfe95e976e205f5f847a443919401cba552bfb30b281ef84e3dcec983839038508a954030529f0c98f8bea0b86651911d3e90923de689303c9361c216ece8c66f19930d8d7b3c31df8812ea8bd820b66fe82cbe1e01a82c340810203010001a3423040301d0603551d0e04160414bd8887c98ff6a40a0baaebc5fe91239dab4a8a32300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d010105050003820101001d7cfa498f34e9b72692169a0574e74bd06d396cc326f6ceb831bcc4dfbc2af8379118dc04c864992b186d800359c9aef858d03eedc3239f693c86381c9eefda2778d18437718a3c4b39cf7e4506d62dd88a4d7812d6adc2d3cbd2d041f326364a9b956c0ceee5d1432766c188f77ab3206ceab0692bc720e80c03c4410599e23fe46bf8a08681c784c61fd54b8112b216212c13a180b25e0c4a139e20d86240ab90ea644a2fac0d01127945a82f871968c8e285c730b275f9383fb2c093b46be20344ce67a0df89d6ad8c76a313c394612b6bd96cc1070a2207856c852446a9be3f8b7884827e240c9dfd8137e325a8ed364e952cc99c90daeca9423cadb602	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E392512F0ACFF505DFF6DE067F7537E165EA574B	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\47BEABC922EAE80E78783462A79F45C254FDE68B	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3A44735AE581901F248661461E3B9CC45FF53A1B\Blob = 19000000010000001000000089485399f9ac42bb7be31a7e38d92ed90f0000000100000014000000bdcb3fc55040776bf7a9460cffb252a13cf1989f53000000010000002600000030243022060c6086480186fd64010102040130123010060a2b0601040182373c0101030200c00b00000001000000140000005400720075007300740077006100760065000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080300000001000000140000003a44735ae581901f248661461e3b9cc45ff53a1b140000000100000014000000af4404c2417e4883db4e3902ecec847ae6cec9a42000000001000000c0030000308203bc308202a4a0030201020210075622a4e8d48a894df413c8f0f8eaa5300d06092a864886f70d0101050500304a310b30090603550406130255533120301e060355040a1317536563757265547275737420436f72706f726174696f6e311930170603550403131053656375726520476c6f62616c204341301e170d3036313130373139343232385a170d3239313233313139353230365a304a310b30090603550406130255533120301e060355040a1317536563757265547275737420436f72706f726174696f6e311930170603550403131053656375726520476c6f62616c20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100af352ed8ac6c55690671e5136824b34fd8cc2147f8f16038898903e9bdea5e465309dc5cf55ae8f7452a02eb3161d729334ccec77c0a377e0fba3298e11d97af8fc7dcc93896f3db1afc51ed68c6d06ea47c24d1ae42c89650632ee0fe75fe98a75f492e95e33933648e1ea45f90d2673cb2d9fe41b955a7098e72051e8bdd44858242d049c01d60f0d1172c95ebf6a5c192a3c5c2a708600d60041096799e1634e6a9b6fa254539c81e65f993f5aaf152dc99983da5861a0c3533fa4ba50406151c3180efaa186bc27bd7dacef93320d5f5bd6a332d8104fbb05cd49ca3e25c1de3a942755e7bd477ef3954bac90a181b1299492f884bfd5062d173e78f7a430203010001a3819d30819a301306092b060104018237140204061e0400430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414af4404c2417e4883db4e3902ecec847ae6cec9a430340603551d1f042d302b3029a027a0258623687474703a2f2f63726c2e73656375726574727573742e636f6d2f534743412e63726c301006092b06010401823715010403020100300d06092a864886f70d01010505000382010100631a08407da45e530d77d87aae1f0d0b511603ef187cc8e3af6a5893146091b284dc884ebe398a3af3e682895d0137b3ab24a4150e92355a4a445e4e57fa75ce1f48ce66f43c402692986c1bee24460c17b352a5dba59191cf37d36fe727083a4e191f3aa7585c17cf793f8be4a7d326239d260f5869fc477eb2d08d8b93bf294f43697476674bcf078ce602f7b5e1b443b54b2d149ff9dc260dbfa6477406d888d13a293084ced23980621ba8c75749bc6a555167154abe3507e4d5759837793014db299d6cc569cc4755a230f7cc5c7fc2c3981c6b4e1680eb7a786545a2001aaf0c0d55643448b892b9f1b45029f24f231fda6cac1f44e1dd2378515bc716	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97226AAE4A7A64A59BD16787F27F841C0A001FD0\Blob = 0b000000010000001e000000430043004100200049006e00640069006100200032003000300037000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b0601050507030703000000010000001400000097226aae4a7a64a59bd16787f27f841c0a001fd0200000000100000027030000308203233082020ba00302010202022780300d06092a864886f70d0101050500303a310b300906035504061302494e31123010060355040a1309496e64696120504b49311730150603550403130e43434120496e6469612032303037301e170d3037303631333037303234385a170d3135303730343037303234385a303a310b300906035504061302494e31123010060355040a1309496e64696120504b49311730150603550403130e43434120496e646961203230303730820122300d06092a864886f70d01010105000382010f003082010a0282010100df8fc7ca4a9cd247e28e32829e51e9080977fcb77e277b4e5d6bf8886fe80be3c0369b80e9e530b054f7a630fe376a584bd4785f549eb13e793d0f1357e246953a1d5c613582edf5c3b4b05268a8f8062b9e514bc25805f4cb9967ac9a212d39d0f8cf98889b1f7df5b1b6c043508383adabfdd6d6fafcf50fc64da74a05959eb85a5931540db8c9bc3742923b03d3f43adc2f4df82e4619ad071a256b6355e6f65dcd46db954995b9678d44eec9f86dca8cc90d9af62e67df7993c74238642ac75139a40596dbbea5080fd410b5efc1c78a0cd2d29cffc931e551590d2b40e28927f695dbb1e4a12bd0b54344d8de9f96da99ad9ad87cdc2390b40526d28ced0203010001a3333031300f0603551d130101ff040530030101ff30110603551d0e040a04084f1ec05827d8b8e4300b0603551d0f040403020106300d06092a864886f70d0101050500038201010072864f4882e8c5f0d9b8b0473319efcb0681a8b6ac87c3b94995922a8158d72b8ea2b827a04c13509d1cb5714c625188960c72ff0b60c435e1f8256eb9c1e1a7563afe86e34dc0abdad42a709bad5a9dd825d1ba85dfc21beb34d608770330647fd6f611098dad7e9e797f9b9ba39444e074b7b789caec045f8bcfe2ebe346db36f79d31ae8674a99deddc704fd3335c308620ae32c12c8f2734b6775e001a928abe88d9385bd4c35ab80f9324d62aae304841f66325cf4d87299eb3abf4f4ac4784592acffdedaf940d5000273373ee77e6e349b8a74c26c1ce916a17b2d241b5a99addd84dd5e310b5d23dc5f4d10cddbcac97d29758e85816059ac6adbd6a	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\93E6AB220303B52328DCDA569EBAE4D1D1CCFB65\Blob = 03000000010000001400000093e6ab220303b52328dcda569ebae4d1d1ccfb6509000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030306082b060105050703040b000000010000004e000000570065006c006c007300200046006100720067006f00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f007200690074007900000053000000010000002400000030223020060a6086480186fb7b83740930123010060a2b0601040182373c0101030200c02000000001000000e9030000308203e5308202cda003020102020439e4979e300d06092a864886f70d0101050500308182310b300906035504061302555331143012060355040a130b57656c6c7320466172676f312c302a060355040b132357656c6c7320466172676f2043657274696669636174696f6e20417574686f72697479312f302d0603550403132657656c6c7320466172676f20526f6f7420436572746966696361746520417574686f72697479301e170d3030313031313136343132385a170d3231303131343136343132385a308182310b300906035504061302555331143012060355040a130b57656c6c7320466172676f312c302a060355040b132357656c6c7320466172676f2043657274696669636174696f6e20417574686f72697479312f302d0603550403132657656c6c7320466172676f20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100d5a8333b26f934ffcd9b7ee50447ce00e27d77e731c22e27a54d68b931ba8d435997c773aa7f3d5c409e05e5a1e289d94cb83f9bf90cb4c862192c45ae911e737141c44b13fd70c225ac22f5750bb753e4a52bddcebd1c3a7ac3f7138f26549c166b6baffbd896b1609a48e02522247934ce0e26000b4eabfd8bce82d72f087068c1a80af9744f07aba4f9e2837e2773743eb8f93842fca5a85b4823b3ebe325b280ae96d40a9cc2789ac66818ae3762375e5175a85863c051ee40787ea8af1aa0e1b0789d508c7be7b3fc8e23b0db65007084010800146e54869abaccf93710f6e0de842d9da48537d387e315d0c117907e19216a12a976fd1202e94f215e170203010001a361305f300f0603551d130101ff040530030101ff304c0603551d20044530433041060b6086480186fb7b8707010b3032303006082b060105050702011624687474703a2f2f7777772e77656c6c73666172676f2e636f6d2f63657274706f6c696379300d06092a864886f70d01010505000382010100d227dd9c0a772bbb22f202b54a4a91f9d12dbee4bb1a68ef0ea400e9eee7efeef6f9e574a4c2d85258c474fbce6bb53b2979185aef9bed1f6b36ee48252514b656a210e8eea77fd03fa3d0c35d26ee07ccc3c12421871edf2a12536f4116e7edae94fa8c72fa1347f03c7eae7d113a13ecedfa6f72647b9d7d7f26fd7afb25adea3e297f4ce3005732b0b3e9ed5317d98bb2140e30e8e5d513c664afc400d5d85824fcf58fecf1c77da5db0f27d1c6f24088e61ff661a8f442c8b937d3a9be2c5678c2729b595d35408ae84e631ab6e9206a51e2cea490df7670995c70434db7b6a719644e92b7c5913c7f4816657b16fdcbfcfbd9d5d64f21653b4a7f47a3fb	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D2441AA8C203AECAA96E501F124D52B68FE4C375	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF646DCB7B0FD3A96AEE88C64E2D676711FF9D5F\Blob = 030000000100000014000000df646dcb7b0fd3a96aee88c64e2d676711ff9d5f090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b00000001000000480000005400570043004100200052006f006f0074002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790020003200000020000000010000007f0500003082057b30820363a003020102020101300d06092a864886f70d01010b0500305f310b300906035504061302545731123010060355040a0c0954414957414e2d43413110300e060355040b0c07526f6f74204341312a302806035504030c215457434120526f6f742043657274696669636174696f6e20417574686f72697479301e170d3038303832383037343731335a170d3330313233313135353935395a305f310b300906035504061302545731123010060355040a0c0954414957414e2d43413110300e060355040b0c07526f6f74204341312a302806035504030c215457434120526f6f742043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a0282020100cb010c6481bb504899f31cd920b08ba48712f7ae4fce5e73cba88615e21cf9996306da1cd60abcfe94bade6081689cb2f24b7701dab71bc6f9f560902078fc314a3e3577c01a1e8c59557855704192099b024ac36fac0b98e9b2527d9a7fbf5d1f038742fdc31cea633065d1b58e9c695a6bee338dafbafa632450892dc9051e6ceb8e5e8e0148a180c338452b4e1ff422c2f82e4a767eeace9cd1188757f6b6faedcc90558e80ca35b9da646516cce96451593efb8ace80b0a5924563fd9b9600bc5c5e868ec549df14a8c9919b78f71c8c2686689af981c3817b3d33db105e3d0469d666e0ae39dc89e2e626fb517f7ba8096b872638cdd98d2d9e3dcab1f32b9bfd46ed81dbcf8521bec045c9e589dd7697bfb48144293bb7981734f2b8aa9ab07b415526c13cb4249796ad1b8f3671b72bf3b6830230fab20a13bc4bb60ff9a39d636e2250d328dc5f36073c29ac4568ea22405d3f09c70a328fcab4e5e8d7d7ca8b64ff6f6525ec0d74a8b51c1a26e628b272cecdfac4244a3712e2d8b709ceac2e273dc214ebea308c37ca73198589b3bbfb38431d79a5a58b1924a0a612521afed157c19d127b9d95d66c7b4a1dc1ae15024d2c63a075273ffef20020324ae5b1ac2e13e048a6f44e91540cd974583e1175edfa9cc2aabb487fcbf65f5c26b009877ac4fd9c7eaf336742571653fef13d4340528ab635714ffc013ce50203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414c8445afe7ffda99b8635bee2a5f619fb5ebf6f59300d06092a864886f70d01010b05000382020100128bddd5089d286f08f189566d4007abfbe108a804a4bed77d85ae5a58b6674c0169cdac8b368e5cfd3b3601f9d5a17b287a4c8493cdc40b19f01204894d8feda0992585bb2c95996c30ed6d046fe62bfb8910bb4c930cbe93d5d60984930070cfcec5781aed5554df2f0e5958f83585ae4ff821d292de21ba99d197f1609eac4443a760af89e251d23989109415cf04d22182efcaed69154f19abbc936a9901e002d11c3a9d31caf5fbc4f64d9abb208c3f6f71327f274b447f8151e9931b620ea4875f3ddd5440b924976257958ec71091a798c5584250a9961ce54ab6b6b2dc4e91f280d291e85008d31640890f6813aec35c57171317ed331db2ea91f6aa2e71444089b2e066bdb1bd173d4d3d0f57392565046a2a83db38b5cebfe400d74d283790a8a9a6e4b155f0cacfe30c6a2f4796b7d4e4efc837033c7feb81928a2a69981d013b488a2d6bafe5cfb2b4ddd6677a80010b045725b665420f49e123ca40aac22cfc85af6518aa0731db2daeebc371e668df3797f99a3ff1255ef0df57e9fc12e039068774dd63936b81c4f3e0db0914d8bfbf406f71812668f7a58517405203be5c9314e541521577bc35a147732a0c975c8cde313c638cf09b5f544fd2e25b6c3c1cc3e7346673a641a32032447bcdeabc6997fd437031bc3282a26598a3402f6a46f400502e55e0db7a4ee06dc868e154e8958318befacd8f1d66	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\23E833233E7D0CC92B7C4279AC19C2F474D604CA	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F555CE20DCD3364E0DC7C41EFDD40F50356C122	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFCED9C6BDD0C985CA3C7D253063C5BE6FC620C\Blob = 1900000001000000100000004a030daa69389c5170cbbbc204b890aa0f0000000100000010000000d1ff32ec70f6efae7ddde353951ce5120b000000010000004e000000430065007200740069007300690067006e0020004100750074006f00720069006400610064006500200043006500720074006900660069006300610064006f007200610020004100430032000000090000000100000016000000301406082b0601050507030406082b060105050703010300000001000000140000004efced9c6bdd0c985ca3c7d253063c5be6fc620c140000000100000014000000b8c15a24ecef44da737a98d7ccc7a80f255dba5c20000000010000006e0200003082026a308201d3a003020102020100300d06092a864886f70d01010405003072310b3009060355040613024252312e302c060355040a132543657274697369676e20436572746966696361646f7261204469676974616c204c7464612e31333031060355040b132a43657274697369676e202d204175746f72696461646520436572746966696361646f7261202d20414332301e170d3939303632373030303030305a170d3138303632373030303030305a3072310b3009060355040613024252312e302c060355040a132543657274697369676e20436572746966696361646f7261204469676974616c204c7464612e31333031060355040b132a43657274697369676e202d204175746f72696461646520436572746966696361646f7261202d2041433230819f300d06092a864886f70d010101050003818d0030818902818100b930cca5eb90d65694673389836d46be709793174e0a2770cec9c5f2c5d22dd1119c77326c74d3926ffae9d5b8619aaa4c133e353af0ee0936d9d19731c75eac4149bf486d4e2053c97b6aa396316bb26ea8cf2f724c06ad32cf5a08f37d109caabbba73f9f3f0b8246fa865b622fe055b105544c2031dadd122cc086dfb8ccb0203010001a310300e300c0603551d13040530030101ff300d06092a864886f70d010104050003818100486bdebd8372d0816a091205dc6303956a86482eaae2254b62643c8784a430a4bda51e8b56125743644fc7e98fbdaaf11a75798a5391f6435d029a0fd742143a828df4691eb0ac51cec9d5db604e2870285149eadd8326619c0bf58eaa15a7b50abe0fb88d02d4e511403c6ec70c637c5163dae25210723d4db323d14d0541c4	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1F4914F7D874951DDDAE02C0BEFD3A2D82755185\Blob = 19000000010000001000000080e6112792bf3f8d49b6f301e0077e380f000000010000001400000093c45418230486c6bc515dd0cdc552ac78c36b6453000000010000002600000030243022060c2b06010401be58000264010230123010060a2b0601040182373c0101030200c00b0000000100000026000000510075006f0056006100640069007300200052006f006f00740020004300410020003300000009000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b060105050703090300000001000000140000001f4914f7d874951dddae02c0befd3a2d82755185140000000100000014000000f2c013e082433efbee2f673296355cdbb8cb02d02000000001000000a10600003082069d30820485a003020102020205c6300d06092a864886f70d01010505003045310b300906035504061302424d31193017060355040a131051756f5661646973204c696d69746564311b30190603550403131251756f566164697320526f6f742043412033301e170d3036313132343139313132335a170d3331313132343139303634345a3045310b300906035504061302424d31193017060355040a131051756f5661646973204c696d69746564311b30190603550403131251756f566164697320526f6f74204341203330820222300d06092a864886f70d01010105000382020f003082020a0282020100cc574216549ce698d3d34deefeedc79f43394a65b3e8168834db0d599174cf92b80440ad024b31abbc8d9168d8200e1a01e21a7b4e175de28ab73f991acdeb61abc265a61fb7b7bdb78ffcfd708f0ba067be01a259cf71e60f2976ffb15679452b1f9e7a54e8a3293568a4014f0fa42e37ef1bbfe38f10a872ab5857e75486c8c9f35bda2cda5d8e6e3ca33edafb82e5ddf25cb205336f8a36ced0134effbf4a0c344ca6c321bd500455ebb1bb9dfb451e6415de55018c0276b5cba13f4269bc2fbd68431656892a376191fda6ae4ec0cb146594374b9206ef04d0c89c88db0b7b81afb13d2ac4653a78b6eedc80b1d2d3999c3aee6b5a6bb38db7d5ce9cc2bea54b2f16b19e683b066fae7d9ff8deeccc29a798a325432feff15f26e1884df85e6ed7d9146e193369a73b848993c4535513a1517840f8b8c9a2ee7bba5242839e14ed05525a5956a797fc9d3f0a29d8dc4f910e13bcde95a4df8b99beac9b3388efb581af1bc62253c8f6c7ee9714b0c57c7852c8f0ce6e776084a6e92a7620ed5801173093e91a8be07363d96a9294494eb4ad4a85c4a32230fc09ed682273a6880c552158c5e13a9f2addcae190e0d973ab6c80b8e80b6493a09c8c19ffb3d20cec9126878ab3a2e1708f2c0ae5cd6d6851ebda3f057f8b32e6135c6bfe5f40e222c8b4b4644fd6ba7d483ea8690cd7bb8671c973b83f3b9d254bdaff40eb0203010001a382019530820191300f0603551d130101ff040530030101ff3081e10603551d200481d93081d63081d306092b06010401be5800033081c530819306082b060105050702023081861a8183416e7920757365206f66207468697320436572746966696361746520636f6e737469747574657320616363657074616e6365206f66207468652051756f566164697320526f6f74204341203320436572746966696361746520506f6c696379202f2043657274696669636174696f6e2050726163746963652053746174656d656e742e302d06082b060105050702011621687474703a2f2f7777772e71756f7661646973676c6f62616c2e636f6d2f637073300b0603551d0f040403020106301d0603551d0e04160414f2c013e082433efbee2f673296355cdbb8cb02d0306e0603551d23046730658014f2c013e082433efbee2f673296355cdbb8cb02d0a149a4473045310b300906035504061302424d31193017060355040a131051756f5661646973204c696d69746564311b30190603550403131251756f566164697320526f6f742043412033820205c6300d06092a864886f70d010105050003820201004fada02c4cfac0f26ff76655ab2334eee729dac35bb6b083d9d0d0e221fbf360a73b5d605327a29bf608222ae7bfa072e59c246a31b1907a27db84118927a6775a38d7bfac86fcee5d83bc06c6d1776b0f6d242f4b7a6ca70796cae3849fad888b1dab168d5b6617d916f48b80d2ddf8b276c3fc3813aa0cde42692b6ef33ceb8027dbf5a6440d9f5a55590bd50d5248c5ae9ff22f80c5ea32503512972ec1e1fff1238851389ff2665676e70f5197a5520c4d495195363dbfa24b0c101d86994caaf3721193e4eaf69bdaa85da74db79e02ae7300c8da2303e8f9ea1974620094cb2220be94a759b5826abe99797aa9f24a2452f774fdba4ee6a81d026eb10d8044c1aed323375fbb857c2b922ee87ea58bdd99e1bf276f2d5daa7b87fe0add4bfc8ef526e46e70426e33ec319e7b93c1e4c9691a3dc06b4e226deeab584dc6d041c12bea4f12875eeb45d86cf59802d3a0d8558a069919a2a077d1309eaccc75ee83f5b06239cf6c57e24cd2910b0e75281b9abffd1a43f1ca77fb3b8f61b869281642045e702a1c21d88fe1bd235b2d744092d963190d73dd69bc6247bce0742bb2eb7dbe411bb5c046c5a122cb5f4ec12892de18bad52a28bb118b1793989960945c23cf5a27975e0b050693371e3b6936eba99e611d8f32da8e0cd6743e7b0924da017747c43bcd348c99f5cae1256133b2591be26ed73757b60da912da	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B3EAC44776C9C81CEAF29D95B6CCA0081B67EC9D\Blob = 0b000000010000001200000056006500720069005300690067006e000000090000000100000020000000301e06082b0601050507030406082b0601050507030206082b06010505070303030000000100000014000000b3eac44776c9c81ceaf29d95b6cca0081b67ec9d200000000100000007030000308203033082026c021100b92f60cc889fa17a4609b85b706c8aaf300d06092a864886f70d01010505003081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732032205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b301e170d3938303531383030303030305a170d3238303830313233353935395a3081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732032205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b30819f300d06092a864886f70d010101050003818d0030818902818100a7880121742ce71a03f098e1973c0f2108f19cdb97e99afcc2040613be5f52c8cc1e2c12562cb801692ccc991fadb096ae7904f21339c17b98ba082ce8c284132caa69e909f4c7a902a442c2234f4ad8f00ea2fb316cc9e66f992707f5e6f44c789e6deb4686fab986c954f2b2c4afd4461c5ac91530ff0d6cf52d0e6dce7f770203010001300d06092a864886f70d010105050003818100722ef97fd1f171fbc49ef6c55e518a4098b868f89b1c83d8e29dbdffeda1e666ea2f09f4cad7eaa52b95f62460864d442e83a5c42da0d3ae78696f72da6cae08f0639237e6bbc43017ad77cc4935aacfd88fd1beb7189647736a542234642db6169b595bb451593ab30b14f412df67a0f4ad32645eb14672278c127bc544b4ae	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A399F76F0CBF4C9DA55E4AC24E8960984B2905B6\Blob = 030000000100000014000000a399f76f0cbf4c9da55e4ac24e8960984b2905b609000000010000000c000000300a06082b060105050703080b000000010000004000000054004300200054007200750073007400430065006e007400650072002000540069006d00650020005300740061006d00700069006e006700200043004100000020000000010000004703000030820343308202aca003020102020203f1300d06092a864886f70d01010405003081c1310b30090603550406130244453110300e0603550408130748616d627572673110300e0603550407130748616d62757267313a3038060355040a1331544320547275737443656e74657220666f7220536563757269747920696e2044617461204e6574776f726b7320476d624831283026060355040b131f544320547275737443656e7465722054696d65205374616d70696e67204341312830260603550403131f544320547275737443656e7465722054696d65205374616d70696e67204341301e170d3938303330393131353935395a170d3131303130313131353935395a3081c1310b30090603550406130244453110300e0603550408130748616d627572673110300e0603550407130748616d62757267313a3038060355040a1331544320547275737443656e74657220666f7220536563757269747920696e2044617461204e6574776f726b7320476d624831283026060355040b131f544320547275737443656e7465722054696d65205374616d70696e67204341312830260603550403131f544320547275737443656e7465722054696d65205374616d70696e6720434130819f300d06092a864886f70d010101050003818d0030818902818100b64be4366a9c038ce9196fbe87f9f7308c3e2f184d54dee8cc2c083d7c462f840c9debeffb119463e7ecb4cd13fd9af63065c58a7dc882d1a3bd117b1e7ebf2fdc6781045b704beae1b3b6983db5be70d33e795d0b3798588ac3fa99288f0104631e807f7772c45d7fff4f57ffaac9567743adfc16376a382f74411937a7ffc30203010001a3483046300f0603551d130101ff040530030101ff303306096086480186f842010804261624687474703a2f2f7777772e747275737463656e7465722e64652f67756964656c696e6573300d06092a864886f70d0101040500038181002eac8fb619a0a48c5e01bb0969d62e05fb762b6935d7c86f06a81bf2d55f0bcc4bf3c153f495bf9c8e6cb35f7b0bc6e69ca7d02c033ed539e19c6eeb41f8c96443b83da24ae11e4f8592d71b476e3f17daafec163e8e1a892d4189d6692f43aa5d2ef2e8d054ee0d16c5da70d8127444ae164b74ed8c0bab350a4868ec690329	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob = 0f0000000100000010000000e1b34a19374fc710c61667b82e8f1c2c03000000010000001400000097817950d81c9670cc34d809cf794431367ef47409000000010000002a000000302806082b0601050507030406082b0601050507030206082b0601050507030106082b060105050703030b000000010000003600000047005400450020004300790062006500720054007200750073007400200047006c006f00620061006c00200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c020000000010000005e0200003082025a308201c3020201a5300d06092a864886f70d01010405003075310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e312330210603550403131a475445204379626572547275737420476c6f62616c20526f6f74301e170d3938303831333030323930305a170d3138303831333233353930305a3075310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e312330210603550403131a475445204379626572547275737420476c6f62616c20526f6f7430819f300d06092a864886f70d010101050003818d0030818902818100950fa0b6f0509ce87ac788cddd170e2eb094d01b3d0ef694c08a94c706c89097c8b8641a7a7e6c3c53e1372873607fb29753079f53f96d5894d2af8d6d886780e6edb295cf7231caa51c72ba5c02e76442e7f9a92cd63a0dac8d42aa240139e69c3f0185570d588745f8d385aa936926857048803f1215c779b41f052f3b62990203010001300d06092a864886f70d0101040500038181006deb1b09e95ed951db672261a42a3c4877e3a07ca6de73a21403853dfbab0e30c58316338113089e7b344edf40c874d7b97ddcf476557d9b635418e9f0eaf35cb1d98b421eb9c0954ebafad5e27cf56861bf8eec05975f5bb0d7a38534c424a70d0f9593efcb94d89e1f9d5c856dc7aaae4f1f22b5cd95adbaa7ccf9ab0b7a7f	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\61EF43D77FCAD46151BC98E0C35912AF9FEB6311\Blob = 0f00000001000000140000001bfa4731fcbb41f57f97a7b7d2b5c24cfb7591900b000000010000001200000056006500720069005300690067006e000000090000000100000020000000301e06082b0601050507030306082b0601050507030206082b0601050507030403000000010000001400000061ef43d77fcad46151bc98e0c35912af9feb631120000000010000001d040000308204193082030102106170cb498c5f984529e7b0a6d9505b7a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203139393920566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732032205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204733301e170d3939313030313030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203139393920566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732032205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473330820122300d06092a864886f70d01010105000382010f003082010a0282010100af0a0dc2d52cdb67b92de59427dda5bee0b04d8fb361563cd67cc3f4cd3e86cba288e2e1d8a469c5b5e2bfc1a647505e46398bd596bab56f14bf10ce27139e05479b317a13d81fd9d302378bad2c47f08e8106a70d300cebf73c0f201ddc7246eea502c85bc3c956694cc518c1917b0bd513009bbcefc3483e466020852ad590b6cd8ba0cc32ddb7fd4055b2501c56aecc8d774dc7204da73176ef68928a901e088156b2ad69a352d0cb1cc4233d1f99fe4ce816638ec6088ef631f6d2fae576ddb51c92a349cdcd01cd68cda969baa3eb1d0d9ca420a6c1a0c5d1464c176dd2ac663f968ce084d436ff2259c5f91160a85f047df21af62542610fc44ab83e890203010001300d06092a864886f70d010105050003820101003426153cc08d4d43491dbde92192d7669cb7dec5b8d0e45d5f7622c026f9843a3af98cb5fbec60f1e8ce04b0c8dda7038f30f398dfa4e6a431dfd31c0b46dc72203faeee053ca4333f0b39ac7078734b992bdf30c254b0a83b55a1fe1628cd42bd746e80db2744a7ce445dd41b90980d1e4294b1002c04d074a30205226363cd83b5fbc16d626b6975fd5d7041b9f5bf7cdfbec1327322218b58817b15917abae36448b07ffb3625da95d0f1241417dd18806b46233954f58e6209041d9490a69be625e24245aab890adbe088fa90b421894cf7239e1b143e028cfb7e75a6c136b49b3ffe3187c898b335dac33d7a7f9da3a55c95810f9aaef5ab6cf4b4bdf2a	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\76B76096DD145629AC7585D37063C1BC47861C8B\Blob = 1900000001000000100000003b2e1f8aaf60cc9f640ee9d4b76239e70f0000000100000014000000031d653528b5bec94e210fc37655e331b1cc46230b000000010000002a00000055002e0053002e00200047006f007600650072006e006d0065006e00740020004600420043004100000009000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b0601050507030903000000010000001400000076b76096dd145629ac7585d37063c1bc47861c8b1400000001000000140000001e2c4bf9ec66a61e925f877903edd5c295b7958320000000010000007e0300003082037a30820262a003020102021039e3815404c50ab247effef336cfc698300d06092a864886f70d0101050500304e310b300906035504061302757331183016060355040a130f552e532e20476f7665726e6d656e74310d300b060355040b130446424341311630140603550403130d436f6d6d6f6e20506f6c696379301e170d3034313030363138343530395a170d3130313030363138353335365a304e310b300906035504061302757331183016060355040a130f552e532e20476f7665726e6d656e74310d300b060355040b130446424341311630140603550403130d436f6d6d6f6e20506f6c69637930820122300d06092a864886f70d01010105000382010f003082010a0282010100cf267cb0694c7700caf4e3741994fb5a61af62e4bdc300e524a30126a0d4d6e3d1f9a678efebf40192a830902fca33a368822025d437b2ed1920b72916b30b59380744416108915f7142c5642a292e46ba0c32a51325e3d9debdf8c913908a5711b557487838b527d1ac85ca2af840f8257f9d4220e173db45fdd35a9abfdd47ee3e3e491800e4f6be5c882d782807ae5ed2d69be6bdfc2cba27f396be30fe20f8f7d9a80f7871c75323cdb0ac7f478ccf7126c11ac330249e08d3587425f216dfb0d0823735689989e1bd04a04e96629ec163b41a5152fcc9de2ff85ef57d8c6f1b41814dbb2853ae9b613f29eadcd0b7a9531daef5aa96d65c7793562a49530203010001a3543052300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604141e2c4bf9ec66a61e925f877903edd5c295b79583301006092b06010401823715010403020100300d06092a864886f70d010105050003820101006635cba17282e037ce9659be07cca97e171ad110c85d8c1dfa125cc77239a2e92c845860fe77f94d3b6b13eadedb3ee619f66c63847a056bee3a19cdb4ce4ee115314137638a347f9487c708a3f7cbf9b07b49e1e821d7a1c2e4f2a6ade7f34079a1e9ec7fa0248ac51b351ecaa3e079e687a3a3c67c39c649c2102eff97d26c7ed3bb0f1beb561a632cbcc31eb6b269c767edca4c2d9f0430a3e246520083d5d50a6bede9342090185484ba973c37918733eafa5c195b7c2c299a8d445874bb06316e89b4591179e09ad23c62413d4c3ae9b9a549c5008f0fa1775c3d46947a4a8e08312d257b086011acfb3aee77cc6d06ce43a5e902c9bde258ba087aad07	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5A4D0E8B5FDCFDF64E7299A36C060DB222CA78E4\Blob = 0b00000001000000440000005600690073006100200049006e0066006f0072006d006100740069006f006e002000440065006c0069007600650072007900200052006f006f007400200043004100000009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703090300000001000000140000005a4d0e8b5fdcfdf64e7299a36c060db222ca78e42000000001000000fd030000308203f9308202e1a00302010202105b57d7a84cb0afd9d36f4ba031b4d6e2300d06092a864886f70d01010505003079310b3009060355040613025553310d300b060355040a130456495341312f302d060355040b13265669736120496e7465726e6174696f6e616c2053657276696365204173736f63696174696f6e312a3028060355040313215669736120496e666f726d6174696f6e2044656c697665727920526f6f74204341301e170d3035303632373137343234325a170d3235303632393137343234325a3079310b3009060355040613025553310d300b060355040a130456495341312f302d060355040b13265669736120496e7465726e6174696f6e616c2053657276696365204173736f63696174696f6e312a3028060355040313215669736120496e666f726d6174696f6e2044656c697665727920526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c91100e11fd09247e92f1d1c62381afc48483d9a5c847d0c66c45915f3fa0b6213b5ffd673e32d803e324cad32a225ef9e2dddf9a0ad1202b7183be476062b805efa44e2456705108d0f65c78da0453d390db5ef585a32edd4e094267dcff4edd829e4b6ff68c4a82691e1d8fc2c9fa42060d52f31b61d89946311d2e83f18c3b9cc036e7a064ebf8dfca792ede52a3e76ed8697e44c150a843f0a8de6e252a807b456d981e2059d43ca27063d9900cd91ef7416ed45b4220b76bc0e0969288db5a006fd8ff9f155d61c681babbac3b4d2b5477d17d24255d2b18089bdd14b00772e91bb6ce8db22e715e66420268563a00d5ed39c3a835c7f2a635398e191570203010001a37d307b300f0603551d130101ff040530030101ff30390603551d2004323030302e060567810302013025301506082b060105050702011609312e322e332e342e35300c06082b060105050702023000300e0603551d0f0101ff040403020106301d0603551d0e041604144f8ada76ff6777239aa6807d7ddb887585f7817a300d06092a864886f70d010105050003820101000945b541d5077432727600cf998b7eb5e9671bf4aef833da7f572b7a0ce5378ddb25a268b0c3fb3708e8258fc7d877b85cb59be6b5c4925fb11f553253017b9ad694a316c6c44bedf213d949307875ada6cd78302af5ee1f2cc5e508f2d61381d3fa5259a17d011a5528927b4ce250746281b05d93cb87d208ba992e07f16eac0cb1df6ccac5c8deb0d78c885e92abdb81e2f33ea66bfa97e0161c0208b48c4169792e5deeed093dc11d3de0367a8e3ebe2425424544b71f269b1f83a533455cd8afa320db05ffae0eafb18db517fd1d8109beb3f11c8371977255c21623e0049e68ee0ac2155bc2dc3de1373f5eb19c7b10e8739942deb022e3f519ab07980b	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\9ED18028FB1E8A9701480A7890A59ACD73DFF871\Blob = 14000000010000001400000046c278ab54e0f8682739df42b3f354c3067d26a10300000001000000140000009ed18028fb1e8a9701480a7890a59acd73dff87109000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030b0000000100000042000000530065007200610073006100200043006500720074006900660069006300610074006500200041007500740068006f007200690074007900200049004900490000000f0000000100000014000000651dfeaf0b8677bedaa1bf4703f8d80c4d97a4c5200000000100000029040000308204253082030da00302010202083b57fc376d701fb4300d06092a864886f70d01010505003066310b300906035504061302425231143012060355040a130b53657261736120532e412e31163014060355040b130d53657261736120434120494949312930270603550403132053657261736120436572746966696361746520417574686f7269747920494949301e170d3034313132363133313431345a170d3234313132313133323431345a3066310b300906035504061302425231143012060355040a130b53657261736120532e412e31163014060355040b130d53657261736120434120494949312930270603550403132053657261736120436572746966696361746520417574686f726974792049494930820122300d06092a864886f70d01010105000382010f003082010a0282010100f247c400a81e1aefef4fc03f6f45343e38ea97bd4e34087943978c1464932461198b18500ccc1fb237c1b8bfc4b55940ad9556370492fc5b3eac213ed1db06e092cd85ee06f6815f86e35f94b56c7edae24fe7262632bda8635d029a39df3be8ce4c658409ef788d04a5498a7bc3517e6b01e0e9ebd29213cc00d7c6261f04e360efec1814ef18f63c0344433870360d9620d4437ebfd486d8f92cdccb2c7b2e1d5e83176fce12354d4f8c9d20d8356acfdafc0c4604012e037a454e840b2d26cbab2e587f684395b7b24ed4ff975ef9a7b22f94215cf37e3ec00007f7ff8c2db5814ef6f92885b7fbbee3ceb2be1f461d96a0e48debfaec34c6b4b49609f2090203010001a381d63081d330310603551d25042a302806082b0601050507030106082b0601050507030206082b0601050507030306082b06010505070304305e0603551d1f045730553053a051a04f864d687474703a2f2f7777772e636572746966696361646f6469676974616c2e636f6d2e62722f7265706f7369746f72696f2f73657261736163612f63726c2f53657261736143414949492e63726c301d0603551d0e0416041446c278ab54e0f8682739df42b3f354c3067d26a1300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106300d06092a864886f70d0101050500038201010080391c9d3d892006f4ed095c8f2e1f612965b06c3b2178d83193d8aefca780ed5525573804e81ceabb5e992758b43d70034fee065465fb5d0ad447905100ed82df97f6d790af18796033a048155cfa52c00d196c26c2731bbe1b033870188e953c7ae0f4ee38c2e630c3b6016c52078a295f549d5c8f2cfd3eb90acf6e57ffdc90f8f4d72657c602ca0b05adc670c74816aa65e0965bcaebfb5d3bb1c65fbc1e38eba040d0a8d896e26f3492853e960415aa240c3855b66922347c41d810bc349bcf1f4c2507562091423919510b3c90d37918daef1d9feee2ba01145e1583833bcea705f340c73b469cc00fd3d62a4f930707f5ff8ad4a706e52eae0c488b70	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\36B12B49F9819ED74C9EBC380FC6568F5DACB2F7	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B435D4E1119D1C6690A749EBB394BD637BA782B7	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\C73026E325FE21916B55C4B53A56B13DCAF3D625	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\06083F593F15A104A069A46BA903D006B7970991\Blob = 0b00000001000000520000004e00650074004c006f0063006b0020004100720061006e0079002000280043006c00610073007300200047006f006c0064002900200046005101740061006e00fa007300ed0074007600e1006e0079000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b0601050507030703000000010000001400000006083f593f15a104a069a46ba903d006b797099120000000010000001904000030820415308202fda003020102020649412ce40010300d06092a864886f70d01010b05003081a7310b30090603550406130248553111300f06035504070c08427564617065737431153013060355040a0c0c4e65744c6f636b204b66742e31373035060355040b0c2e54616ec3ba73c3ad7476c3a16e796b696164c3b36b202843657274696669636174696f6e205365727669636573293135303306035504030c2c4e65744c6f636b204172616e792028436c61737320476f6c64292046c59174616ec3ba73c3ad7476c3a16e79301e170d3038313231313135303832315a170d3238313230363135303832315a3081a7310b30090603550406130248553111300f06035504070c08427564617065737431153013060355040a0c0c4e65744c6f636b204b66742e31373035060355040b0c2e54616ec3ba73c3ad7476c3a16e796b696164c3b36b202843657274696669636174696f6e205365727669636573293135303306035504030c2c4e65744c6f636b204172616e792028436c61737320476f6c64292046c59174616ec3ba73c3ad7476c3a16e7930820122300d06092a864886f70d01010105000382010f003082010a0282010100c4245e73be4b6d14c3a1f4e397906ed230451e3cee67d964e01a8a7fca30ca83e320c1e3f43ad3945f1a7c5b6dbf304f8427f69f1f49bcc6990a90f20ff57f43843763518b7aa570fc7a58cd8e9bedc3466c84705ddaf3019023fc4e30a97ee12763e7ed643ca0b8c93363fe1690ffb0b8fdd7a8c0c094430bb6d559a69e56d0241f7079afdb39540d6575d915419401af5eecf68df1ffad64fe209ad75cebfea61f0864a38b7655ad1e3b28602e8725e8aaaf1fc6644620b7707f3cde48db9653b73977e41ae2c7168476975b2fbb191585f86985f599a7a9f234a7a9b6a603fc6f863d547c76049b6bf9405d0034c72e99759de58803aa4df803d24276c01b020300a88ba345304330120603551d130101ff040830060101ff020104300e0603551d0f0101ff040403020106301d0603551d0e04160414ccfa6793f0b6b8d0a5c01ef353fd8c53df83d796300d06092a864886f70d01010b05000382010100ab7fee1c16a99c3c5100a0c0110805a799e66f018854616ef1b918ad4aadfe814023942ffb757c2f284b622481820bf561f11c6eb86138eb81fa62a13b5a62d39465c4e1e66d82f82f2570b22126c172511f8c2cc38490c35a8fbacff4a765a5eb98d1fb05b2467515236a6f85633080f0d59e1f291cc26cb050595d905b3ba80d30cfbf7d7fcef19d83bdc9466e20a6f96151ba212f7bbea51563a1d49587f19eb9f389f33d85b8b8dbbeb5b929f9da3705004994038444e7bf4331cf758b25d1f4a664f592f6ab05eb3de9a50b3662dacc065f368bb65e31b82afb5ef671df44269ec4e60d91b42e759580516a4b30a6b062a193f19bd8cec463753f5947b1	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DBAC3C7AA4254DA1AA5CAAD68468CB88EEDDEEA8\Blob = 0f00000001000000100000008590d169d67d104cdf4bf263beffa2a3030000000100000014000000dbac3c7aa4254da1aa5caad68468cb88eeddeea8090000000100000020000000301e06082b0601050507030406082b0601050507030206082b060105050703010b000000010000002800000047005400450020004300790062006500720054007200750073007400200052006f006f00740000002000000001000000500200003082024c308201b5020200fd300d06092a864886f70d0101040500306e310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e311c301a06035504031313475445204379626572547275737420526f6f74301e170d3938303430333134353230315a170d3034303430333233353930305a306e310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e311c301a06035504031313475445204379626572547275737420526f6f7430819f300d06092a864886f70d010101050003818d0030818902818100ba8ebd759012fae57974b2d9f726d40e411de936075672d5b869da54d4b1d6786daae33b3da3843725c7afaf04dcb322b1e96dbe826deb8d2fbdb4ae701ea2d66e203151e6565c7352b223504ebcfb9a6740c4861146c74322baea004f6c72cd619cdecbfaee30d2e6fa5b9dc599dc20f839bf648c07563bbddc6c5ef6bfe1d90203010001300d06092a864886f70d010104050003818100965f1d3cc67595b66baf8700cda5412b8bbfd08d315b3965d3f1d18f581e5222c33d86f2c29af6dd485e71c3451c7c4ca259eea151963df7d534243aaafd822665c54c420f0c8f69607ce7d6d51a4b79faee5ab54ca6cca36b46d6d1c83254a03067d25d861191bcc3ba2a9cd578511ad45ddd769122456b31593ef985594ecb	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CC4307BC60755E7B22DD9F7FEA245936C7CF288\Blob = 140000000100000014000000cdd790a16ea3bfdb30d6da3225900ce6391e80650b000000010000003e00000054004300200054007200750073007400430065006e00740065007200200055006e006900760065007200730061006c002000430041002000490049000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080300000001000000140000008cc4307bc60755e7b22dd9f7fea245936c7cf2880f0000000100000014000000fe2746dab6961e2038a5748fc1c9ebd3f4a4f3032000000001000000e3050000308205df308203c7a003020102020e193300010002281a9a04bcf25545300d06092a864886f70d0101050500307a310b3009060355040613024445311c301a060355040a1313544320547275737443656e74657220476d624831243022060355040b131b544320547275737443656e74657220556e6976657273616c204341312730250603550403131e544320547275737443656e74657220556e6976657273616c204341204949301e170d3036303332323135353833345a170d3330313233313232353935395a307a310b3009060355040613024445311c301a060355040a1313544320547275737443656e74657220476d624831243022060355040b131b544320547275737443656e74657220556e6976657273616c204341312730250603550403131e544320547275737443656e74657220556e6976657273616c20434120494930820222300d06092a864886f70d01010105000382020f003082020a02820201008bd4776b346ce536d86a5c5e38eefcd51d79033b7b836244824e88edde83ffeecc5062050595997698f6b9f25fd8069192c2f62d66171ffd5303e8a88d63a96ee1d61b8cbc98b38b3bd4e42eca7d8549265b79b81a8b409e7fbbc93f632ccfd15a7cba282241125a4df91777fc85fdc249e02a187fe9a02c9cf944fc0c683942f52705be8e157a609df03bc73ce63e16bcaf76de6ab7a2e1ab4645eb8c657dd197f3971125ab59eba022d982dd98ed7ee2faa0610a4a32de2c17f76d44ea8147599757370339dd5e8222d433b8fa2609b6bc39882f51154e9bc33bdf138288dd4b34f233d690e9f353dc357cc0c3d97c78b3cd703f8d6ae0a38148e429ad63b8f0fc28643b99b37dfe9a9d88f69922089147168935785d77a1cfbf49e1fd24942b69367be81ce62a908a5bd53b345942dc6dcfbb0f411c55cdf50d5b2e162226ef611e97fce253c8cf5ba3c7a9f1ba0e8612cb13ca15c7ece4368dda5c133d65d20e5d7074dcbf8f7a6ac12e0fd3c65e0f2b596ccc616cfec0614ed9e64f46b25ae219147084f82000ed01a7977ec3bd125c922317a0a51d451715239a9208b522888ddc2b24ebe0b11768d3af61bdd98578f68dba78ca378d63bee7ac1fdfa54709b9c8253154465111550d895c8ddad2182d73f2b8d527f5482237d162f77b0dc8388ba14ab0fcd0f1ebb78663e7e00e737ffd7251b5e97de255056478677f0203010001a3633061301f0603551d23041830168014cdd790a16ea3bfdb30d6da3225900ce6391e8065300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414cdd790a16ea3bfdb30d6da3225900ce6391e8065300d06092a864886f70d010105050003820201007e1688e8130e36cc6e2a850738c656897ae34721664c5008315a51d0fca65e1475de4c3becf1edcc7e11074a61eeeab38e3aa433c6ed8a42664ff13c7bc9a5054199b1ec2c5beedc96d288534b7834b96ee6bb0fc57aa67c0e18df6f0f744cd1a9f1a1e9d85464cc5e9678a2561ac173b215c65705dfdaf748248a8e7f6aa9f94de93e6ace602c7d2d9008f6638f15d02d9c8cfff1fdfc0c16505614fbba9786eeb4490354ee1b597f303a02828621aefef015f2df4e83e699c5ba35f720908c38ed75cfe12ef70430fb51ad8e822440ca7d295dd5d9f76564fcaa9f74b87d925dd28429e013ea8af7d0abc4aeef15c5c289f27bb63b499861f34e7291378c4992e9c8ec2aa0f7496e7c0d24c66b6cf2382fca7005e57fdfc62b2b8080d5da6fcb40bbd81bf024c910c844027e2ed398aaa20df12bd0dafa8e1cff54e8e14a6edda8d678b537a5ac64d51423c70ea5ebe10938d7c07c60a55d988f8c02d5dc56a8f34d58a90bd47c64740132f2df0f4a8aa902a2a21d8477c2f1cc97bd3419745de2743e7527f7afbfee7c0e6d5488a656e226ad31123c1e41796d17ea135e1ff55c9f4959a3b22fa342c3faa87ebfa59f48c96062620adfbd45dee342b55196fdc4f51a99b852a244cd2d618c158f81d55da2d4903d8c6e4061c3595dd8d9e1f674472279747ddacaa36f371536f02c1a713c1176df5d1a3e5463786b657e1f	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4A058FDFD761DB21B0C2EE48579BE27F42A4DA1C\Blob = 0300000001000000140000004a058fdfd761db21b0c2ee48579be27f42a4da1c090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703080b000000010000001a00000044002d0054005200550053005400200047006d00620048000000200000000100000099040000308204953082037da0030201020203030e95300d06092a864886f70d0101050500304b310b300906035504061302444531153013060355040a0c0c442d547275737420476d62483125302306035504030c1c442d545255535420526f6f7420436c61737320322043412032303037301e170d3037303531363035323034375a170d3232303531363035323034375a304b310b300906035504061302444531153013060355040a0c0c442d547275737420476d62483125302306035504030c1c442d545255535420526f6f7420436c6173732032204341203230303730820122300d06092a864886f70d01010105000382010f003082010a0282010100b3cde4841549f8e4d6ce84b39aadf63075900d84ebeedab37a752ae23ba4ea302ceb3d778d8184684aa6a468dc9073613465071d23a50ce6bfd3dd335dda32eda60d53a6746a5c1959a64cb52f79015e9e7f4afabac9277ed4ffcd005920eb06ccb344cfd685e9ed3b0c6cc1ea8c5ce0b9a902f0130027939c50fecd134f6d1b6aaadd0fff462519dce15e50ac1a7f0ecbdaee20fcc3f49c4a78356eee31c745167285d28220db52457c3cbf5957f9877456985b1d508ecc2fb3b33f8beeec37490188efd8210c93d3f66e894fba17cb4481b77ba723bb740ad3d8ea374527ffdcf09e43e3ba7b8a1b9a7de986a0fe2fd1d6f68757aaf22994877315fa6a4ead0203010001a38201803082017c300f0603551d130101ff040530030101ff301d0603551d0e041604149130abf6f3c644b7ebdd28bc0f149f525d627f02303906082b06010505070101042d302b302906082b06010505073001861d687474703a2f2f75736572732e6f6373702e642d74727573742e6e657430330603551d11042c302a8110696e666f40642d74727573742e6e65748616687474703a2f2f7777772e642d74727573742e6e6574300e0603551d0f0101ff0404030201063081c90603551d1f0481c13081be3081bba081b8a081b586766c6461703a2f2f6469726563746f72792e642d74727573742e6e65742f434e3d442d5452555354253230526f6f74253230436c617373253230322532304341253230323030372c4f3d442d5472757374253230476d62482c433d44453f63657274696669636174657265766f636174696f6e6c697374863b687474703a2f2f7777772e642d74727573742e6e65742f63726c2f642d74727573745f726f6f745f636c6173735f325f63615f323030372e63726c300d06092a864886f70d010105050003820101005b8bf243e3052e641fd592a9516b64fc0e46cc0799e2b7fc932920dcfc2f60e4ac7d2532ed10e10f6fdbf2bc4eee41c9b3d407487a0aafa4b6ff5130edcbd29ceb7f50ee4be262a734c220f6f3f6f536c0cb9110ebed2e8df4071a210c3577f47c2d8d49a5d70b4468d5d2e2e50c783813cab14c52aa2ae5d5af5c05399d2dadbe2356d52f55f3de9dab8236a04db7599147eede83a5ea3b5e2705800b6d2c50f40137d5a37717ecfedd84f4c5f85092d04bc62ea38b40e4c337a377bdce2c55e2acdf5d6400babea76a3106fc996b5015259da9769aa74d2a9a0263eb70e7fe1126d018c5a61f0a4393f218d9f53979b8075d8c1fe63ff3c5cb2166317b7bcf	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CC4307BC60755E7B22DD9F7FEA245936C7CF288\Blob = 0f0000000100000014000000fe2746dab6961e2038a5748fc1c9ebd3f4a4f3030300000001000000140000008cc4307bc60755e7b22dd9f7fea245936c7cf288090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080b000000010000003e00000054004300200054007200750073007400430065006e00740065007200200055006e006900760065007200730061006c0020004300410020004900490000002000000001000000e3050000308205df308203c7a003020102020e193300010002281a9a04bcf25545300d06092a864886f70d0101050500307a310b3009060355040613024445311c301a060355040a1313544320547275737443656e74657220476d624831243022060355040b131b544320547275737443656e74657220556e6976657273616c204341312730250603550403131e544320547275737443656e74657220556e6976657273616c204341204949301e170d3036303332323135353833345a170d3330313233313232353935395a307a310b3009060355040613024445311c301a060355040a1313544320547275737443656e74657220476d624831243022060355040b131b544320547275737443656e74657220556e6976657273616c204341312730250603550403131e544320547275737443656e74657220556e6976657273616c20434120494930820222300d06092a864886f70d01010105000382020f003082020a02820201008bd4776b346ce536d86a5c5e38eefcd51d79033b7b836244824e88edde83ffeecc5062050595997698f6b9f25fd8069192c2f62d66171ffd5303e8a88d63a96ee1d61b8cbc98b38b3bd4e42eca7d8549265b79b81a8b409e7fbbc93f632ccfd15a7cba282241125a4df91777fc85fdc249e02a187fe9a02c9cf944fc0c683942f52705be8e157a609df03bc73ce63e16bcaf76de6ab7a2e1ab4645eb8c657dd197f3971125ab59eba022d982dd98ed7ee2faa0610a4a32de2c17f76d44ea8147599757370339dd5e8222d433b8fa2609b6bc39882f51154e9bc33bdf138288dd4b34f233d690e9f353dc357cc0c3d97c78b3cd703f8d6ae0a38148e429ad63b8f0fc28643b99b37dfe9a9d88f69922089147168935785d77a1cfbf49e1fd24942b69367be81ce62a908a5bd53b345942dc6dcfbb0f411c55cdf50d5b2e162226ef611e97fce253c8cf5ba3c7a9f1ba0e8612cb13ca15c7ece4368dda5c133d65d20e5d7074dcbf8f7a6ac12e0fd3c65e0f2b596ccc616cfec0614ed9e64f46b25ae219147084f82000ed01a7977ec3bd125c922317a0a51d451715239a9208b522888ddc2b24ebe0b11768d3af61bdd98578f68dba78ca378d63bee7ac1fdfa54709b9c8253154465111550d895c8ddad2182d73f2b8d527f5482237d162f77b0dc8388ba14ab0fcd0f1ebb78663e7e00e737ffd7251b5e97de255056478677f0203010001a3633061301f0603551d23041830168014cdd790a16ea3bfdb30d6da3225900ce6391e8065300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414cdd790a16ea3bfdb30d6da3225900ce6391e8065300d06092a864886f70d010105050003820201007e1688e8130e36cc6e2a850738c656897ae34721664c5008315a51d0fca65e1475de4c3becf1edcc7e11074a61eeeab38e3aa433c6ed8a42664ff13c7bc9a5054199b1ec2c5beedc96d288534b7834b96ee6bb0fc57aa67c0e18df6f0f744cd1a9f1a1e9d85464cc5e9678a2561ac173b215c65705dfdaf748248a8e7f6aa9f94de93e6ace602c7d2d9008f6638f15d02d9c8cfff1fdfc0c16505614fbba9786eeb4490354ee1b597f303a02828621aefef015f2df4e83e699c5ba35f720908c38ed75cfe12ef70430fb51ad8e822440ca7d295dd5d9f76564fcaa9f74b87d925dd28429e013ea8af7d0abc4aeef15c5c289f27bb63b499861f34e7291378c4992e9c8ec2aa0f7496e7c0d24c66b6cf2382fca7005e57fdfc62b2b8080d5da6fcb40bbd81bf024c910c844027e2ed398aaa20df12bd0dafa8e1cff54e8e14a6edda8d678b537a5ac64d51423c70ea5ebe10938d7c07c60a55d988f8c02d5dc56a8f34d58a90bd47c64740132f2df0f4a8aa902a2a21d8477c2f1cc97bd3419745de2743e7527f7afbfee7c0e6d5488a656e226ad31123c1e41796d17ea135e1ff55c9f4959a3b22fa342c3faa87ebfa59f48c96062620adfbd45dee342b55196fdc4f51a99b852a244cd2d618c158f81d55da2d4903d8c6e4061c3595dd8d9e1f674472279747ddacaa36f371536f02c1a713c1176df5d1a3e5463786b657e1f	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E5DF743CB601C49B9843DCAB8CE86A81109FE48E\Blob = 140000000100000014000000c21c0fe2737d78c1688b7e0b36eebde5beb9481c030000000100000014000000e5df743cb601c49b9843dcab8ce86a81109fe48e090000000100000016000000301406082b0601050507030406082b060105050703010b00000001000000360000005300450043004f004d002000540072007500730074002000530079007300740065006d007300200043004f0020004c005400440000000f00000001000000140000003da87eef8882806783f2a90a618abd357fb8dc632000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203120506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632353232323334385a170d3139303632353232323334385a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203120506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d859827a89b896baa62f686f582ea7541c066ef4ea8d48bc319417f0f34ebcb2b8359276b0d0a5a501d7000312221908f8ff11239bce07f5bf691a26fe4ee9d17f9d2c401d59686ea6f858b09d1a8fd33ff1dc190681a80ee03addc853450906e60f70c3fa40a60ee256050f184dfc2082d17355748d7672a01d9d1dc0dd3f710203010001300d06092a864886f70d01010505000381810050683d49f42c1c0694df95607f967b17fe4f71ad64c8dd77d2ef5955e83fe88e052a21f207d2b5a752fe9cb1b6e25b771740ea72d623cb288132c3007918ec591789c9c66a1e71c9fdb774a5254569c548ab19e1458a256b19eee5bb12f57ff7a68d51c3f09d74b7a93ea0a5ffb6490313da22cced71822b99cf3ab7f52d72c8	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\688B6EB807E8EDA5C7B17C4393D0795F0FAE155F\Blob = 140000000100000014000000902f82a37c4797011e0f4ba5af1313c2111347ea0b000000010000001200000056006500720069005300690067006e000000090000000100000016000000301406082b0601050507030406082b06010505070303030000000100000014000000688b6eb807e8eda5c7b17c4393d0795f0fae155f0f00000001000000100000004ab5c2a797d83568f7a7ecf9c8b0bf95200000000100000039020000308202353082019e020502b4000001300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c697368657273204341301e170d3936303430393039333535395a170d3939313233313039333535385a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c3d3696552019454ab28c66218b35455c54487454a3bc27ed8d3d7c880868dd80cf1169ccc6ba929b28f767392c8c562a63ced1e0575f013006c144dd4989007be697381b8624e311ed1fcc90ceb7d90bfaeb44751ec6fce643502d67d670577e28fd951d7fb9719bc3ed77781c643ddf2dddfcaa3838bcb41c13d224848a6190203010001300d06092a864886f70d01010205000381810031bb30c56fa7be23266da5997668c52a03284bf389b09903325b94a17bc1c819d7f4956cac73240acb44057d78eefaf6a79f87a47fe8f34b4f32303015081701b280fca1d92487a5005fcddd29c8a1a5ca58753960451fde8dd65708d3c01b81c2d9e2008cec0a9102c69d36749a836bef7c8cd2a52a6ac97edba9bd2b22ff1c	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AADBBC22238FC401A127BB38DDF41DDB089EF012\Blob = 0f0000000100000030000000051be0bfa627dea0599af7b016e65fca2011ba03e693b0a830582bdf934c7f23987b08f91c9f061168dc7a63dd799c310b000000010000003800000074006800610077007400650020005000720069006d00610072007900200052006f006f00740020004300410020002d002000470032000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308030000000100000014000000aadbbc22238fc401a127bb38ddf41ddb089ef01220000000010000008c020000308202883082020da003020102021035fc265cd9844fc93d263d579baed756300a06082a8648ce3d040303308184310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31383036060355040b132f2863292032303037207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79312430220603550403131b746861777465205072696d61727920526f6f74204341202d204732301e170d3037313130353030303030305a170d3338303131383233353935395a308184310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31383036060355040b132f2863292032303037207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79312430220603550403131b746861777465205072696d61727920526f6f74204341202d2047323076301006072a8648ce3d020106052b8104002203620004a2d59c827b959df1527887fe8a16bf05e6dfa3024f0d07c60051ba0c02522d22a44239c4fe8feac9c1bed44dff9f7a9ee2b17c9aada786097387d1e79ae37aa5aa6efbbab370c06788a235d4a39ab1fdadc2ef31faa8b9f3fb08c691d1fb2995a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604149ad8003000e76b7f8518ee8bb6ce8a0cf811e1bb300a06082a8648ce3d0403030369003066023100ddf8e057475ba7e60ac3bdf5808a97350d1b893c54867728caa1f479deb5e638b0f065708c7f0254c2bfffd8a13ed9cf023100c48d94fcdc53d2dc9d78161f1533235352e35a315d9dcaaebd1329440d275ba8e7689c12f7583f2e720257a38fa1142e	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\90DECE77F8C825340E62EBD635E1BE20CF7327DD\Blob = 0f0000000100000020000000acedd41b63c16fe7e0fa120026fd8cf58518c928ce179678fa29b324dffe137b0b000000010000005000000049002e00430041002000132020005300740061006e0064006100720064002000430065007200740069006600690063006100740069006f006e00200041007500740068006f0072006900740079000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a030406082b0601050507030606082b0601050507030703000000010000001400000090dece77f8c825340e62ebd635e1be20cf7327dd20000000010000002e0400003082042a30820312a003020102020316e360300d06092a864886f70d01010b05003081ab310b300906035504061302435a3139303706035504030c30492e4341202d205374616e646172642043657274696669636174696f6e20417574686f726974792c2030392f32303039312d302b060355040a0c245072766ec3ad20636572746966696b61c48d6ec3ad206175746f726974612c20612e732e31323030060355040b0c29492e4341202d2050726f7669646572206f662043657274696669636174696f6e205365727669636573301e170d3039303930313030303030305a170d3139303930313030303030305a3081ab310b300906035504061302435a3139303706035504030c30492e4341202d205374616e646172642043657274696669636174696f6e20417574686f726974792c2030392f32303039312d302b060355040a0c245072766ec3ad20636572746966696b61c48d6ec3ad206175746f726974612c20612e732e31323030060355040b0c29492e4341202d2050726f7669646572206f662043657274696669636174696f6e20536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100a80856123ffb9483a96076bd45837e96343ccf494ed6cffc20e1e1b102146dadca7e507229a9fd9c77263864f743413f148204a2419002e799f78362784485e89d0570d4fe78a17434c7ac3b8502ddee515b463b5333d667ecec142ee3c4e5b3748300ccc696e61c83dadc185069fadd43d18e40fd16a4b78c6587e0beac971fb071eb00655716ce6c87af9788f05df7874d3a110aa2c24414c016f24ff5db9542af29b329a083516efe3c515793302526ba3b6a86c8f60bd1713f9cb73ac8ce67098cfa401b7a6cdec81ca0c65cbb6118883f2e591d56fc7a459ca6d938d9c560ccb94155b7cabc4deeb4a7c4f6a00ebc89c50195b15cdf4ff0ccc2cd42bb5f0203010001a3553053300f0603551d130101ff040530030101ff300e0603551d0f0101ff04040302010630110603551d20040a300830060604551d2000301d0603551d0e04160414c14c3894d5808648d922902cd3ee1910db674787300d06092a864886f70d01010b05000382010100a3cbd17d74fb35780792e8ee68e9e4525ef0d86391949f68fbbe5bbaa9e16377ab5076c6e95647545099b4258be8c11972365a09bee7d6fac2b6323d47c3504e996e9336c58a517763e04933ab3c1f8ae93bd986b528c7c275715b666a8d580ef37590b5ad2c8118cd9cd8c3cd4ff1fb692097c048cf134512b51cf63e83e24e5edd59c66b4ae048ced92a9d653abd2ff0f04cbc097acb3700a43f3b0c23dde3fbc642a2b4b6e6d272854cdfb3de16a77e1de7d4cfadabb350e4708cdfb07090c9869eee7c848b641c6be168157ec9a574e04ef75aeadd1231ab914085710bce2928f96e38145c1dfeec11bf4d437e9e5f38bfd7ea9e932fd01d74b50509d322	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\750251B2C632536F9D917279543C137CD721C6E0	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\36B12B49F9819ED74C9EBC380FC6568F5DACB2F7	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b62014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b0000000100000012000000440069006700690043006500720074000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d430f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\9158C5EF987301A8903CFDAB03D72DA1D88909C9\Blob = 19000000010000001000000003415fc805ce55530fabcf58a6a913930f00000001000000140000009ab638b1a08f6ee35c35b8695ae46789f70e91410b000000010000003a00000041006300740061006c00690073002000410075007400680065006e007400690063006100740069006f006e002000430041002000470031000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070300000001000000140000009158c5ef987301a8903cfdab03d72da1d88909c914000000010000001400000001bbd69b56b47ee6c558dd2c98f4ca72f65f3386200000000100000098030000308203943082027ca003020102020101300d06092a864886f70d0101050500306a310b3009060355040613024954310f300d06035504070c064d696c616e6f31233021060355040a0c1a416374616c697320532e702e412e2f30333335383532303936373125302306035504030c1c416374616c69732041757468656e7469636174696f6e204341204731301e170d3039303632333134303630305a170d3232303632353134303630305a306a310b3009060355040613024954310f300d06035504070c064d696c616e6f31233021060355040a0c1a416374616c697320532e702e412e2f30333335383532303936373125302306035504030c1c416374616c69732041757468656e7469636174696f6e20434120473130820122300d06092a864886f70d01010105000382010f003082010a0282010100c31c86343f27524260ba2b60d0212bc9d7e940753a6c580f233bcf863ed464ab6edaeac82ad89545dfc91cd225929e10985a8b7169c095e9f66b68dcf7b6c40dfe6ef5703bc1a4a84f20a2270b9ff112757ccfae7f5ecb78025828d72faadba0ae743d7eabf6e972a12acfd69060dfe0a035cac0db04c40756fc66758c8e7a13a13c066b1ae67f399c88e4846fa2e27f6b9fec01aad2c4cbb2ec9a3db81718ac1f609933e6eb05ddccf26967b00ebe282443cb2db9478419f9eae4f1f568f49fc77b5051afa2fc6f778831bf92db7f9cc5b5aca10898e76a33fed1bb00e1b70508aff3a65688363de38a4ae20d9d8086669fd4c2a350ba1c12d7878a314ab8150203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020100301d0603551d0e0416041401bbd69b56b47ee6c558dd2c98f4ca72f65f3386300d06092a864886f70d01010505000382010100a120d6cba2346d3c6ee155d24ad0d9bab23751887727ee0248934541e27551f2199409a0f3b87dba038023a025ef0119b5d91a7a2de3428ab186310f96ec6684f2ce231246966b315e06baafa352aa4220a8d1aeaa9bdfc4179e537001b4a91ada68c8630fb65a7353d16911061352e76ba80531b7b0fc8746c5758881f15f7802e79fad9cbb54ed5f996a37d5eb55b32ac0436051dcb4719226a30fcc7a3ddcc04289172908675464c5f9a844bc847158963d67577fbbac90b37122bf3ebaac66264510b3f01f3a3a68a55035cab4179106012cf70db070b25b5675b97799c0d99585022d736607c94f9911ee5b2ba8e3682305a8f3040f06bb1f098ec65b1d	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\786A74AC76AB147F9C6A3050BA9EA87EFE9ACE3C\Blob = 190000000100000010000000b698d6a9d43e9fe3945f7db79aba428c0f00000001000000140000002e32bf12551a50a4f43c45178f6b8f03022ccf1553000000010000002700000030253023060d2b0601040181872e0a0e02010230123010060a2b0601040182373c0101030200c00b00000001000000420000004300680061006d00620065007200730020006f006600200043006f006d006d006500720063006500200052006f006f00740020002d00200032003000300038000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b06010505070307030000000100000014000000786a74ac76ab147f9c6a3050ba9ea87efe9ace3c140000000100000014000000f924ac0fb2b5f879c0fa60881bc4d94d029e17192000000001000000530700003082074f30820537a003020102020900a3da427ea4b1aeda300d06092a864886f70d01010505003081ae310b3009060355040613024555314330410603550407133a4d616472696420287365652063757272656e742061646472657373206174207777772e63616d65726669726d612e636f6d2f61646472657373293112301006035504051309413832373433323837311b3019060355040a131241432043616d65726669726d6120532e412e31293027060355040313204368616d62657273206f6620436f6d6d6572636520526f6f74202d2032303038301e170d3038303830313132323935305a170d3338303733313132323935305a3081ae310b3009060355040613024555314330410603550407133a4d616472696420287365652063757272656e742061646472657373206174207777772e63616d65726669726d612e636f6d2f61646472657373293112301006035504051309413832373433323837311b3019060355040a131241432043616d65726669726d6120532e412e31293027060355040313204368616d62657273206f6620436f6d6d6572636520526f6f74202d203230303830820222300d06092a864886f70d01010105000382020f003082020a0282020100af00cb70372b805a4a3a6c78947da37f1a1ff635d5bddbcb0d44723e26b29052ba633b28586fa5b36d94a6f3dd640c55f6f6e7f22222805ee162c6b629e1816cf2bfe57d326a54a0321959fe1f8bd73d608685246fe311b3773e209635216bb308d9702e64f7849253d60eb0908a8ae3878d06d3bd900ee299a11b860eda9a0abb0b61500652f19e7f76eccb0fd01e0dcf99303d1cc4451058acd6d3e8d7e5eac5010777d651e6037f8a48a54d6875b9e9bc9e4e1971f5324b9c6d60190bfbcc9d75dcbf26cd8f93783979735e250eca5ceb771207cb6441477293ab50c3eb09766434d239b77611090d7645c4a9ae3d6aafb57d652f945810ec5c7caf7ee2b618d9d09b4e5a49dfa9660bcc3cc6787ca79c1de3ce8e53be05de600f6be51adb3fe3e121c929c1f1eb079c521b0144513c7b25d7c4e552545d2507ca1620b8ade441ee7a08fe996f83a69102b06c36556ae77df596e6ca81d697f19483e9edb0b16b12691eacfb5da9c598e9b45b587abe3da2443a6359d40b25de1b4fbde5019ecdd229d59f17190a6fbf0c90d3095fd9e38a35cc795a4d193792b7c4c1adaff479249ab2010bb1af5c96f38032fb5c3d98f1a03f4adebeaf942ed9559a176e609d636cb863c9ae815c1835e090bbbe3c4f3722b97eebcf9e7721a63d3881fb48da313d2be389f5d0b5bd7ee050c41289b3239a103185dbae6fef38331876110203010001a382016c3082016830120603551d130101ff040830060101ff02010c301d0603551d0e04160414f924ac0fb2b5f879c0fa60881bc4d94d029e17193081e30603551d230481db3081d88014f924ac0fb2b5f879c0fa60881bc4d94d029e1719a181b4a481b13081ae310b3009060355040613024555314330410603550407133a4d616472696420287365652063757272656e742061646472657373206174207777772e63616d65726669726d612e636f6d2f61646472657373293112301006035504051309413832373433323837311b3019060355040a131241432043616d65726669726d6120532e412e31293027060355040313204368616d62657273206f6620436f6d6d6572636520526f6f74202d2032303038820900a3da427ea4b1aeda300e0603551d0f0101ff040403020106303d0603551d200436303430320604551d2000302a302806082b06010505070201161c687474703a2f2f706f6c6963792e63616d65726669726d612e636f6d300d06092a864886f70d010105050003820201009012af2235c2a339f02edee9b5e9787c48be3f7d45925ee9dab119fc163c9fb45b669e6ae7c3b95d88e80fadcf230fde253a5ecc4fa5c1b52dac24d25807dea2cf69846033e8100d13a923d085e58e7ba69e3d72137233f5aa7dc6631f08f4fe017f24cf2b2c5409dee22b6d92c6394f16ea3c7e7a46d4456a46a8eb758256a7aba07c681333f69d30f06f273924232a90fd902935f293df34a5c6f7f8ef8c0f624a7caed3f554f88db69a568716823a33ab5a2208f782baea2ee0479ab4b545a3053bd9dc2e45403beadc7fe83bebd1ec26d835a430c53aac579eb376a5207bf91e4a056201a628756097920d6e3e4d37430d92159c1822cd5199a0291a3c5f8a32335b30c7892f47980fa303c6f6f1acdf32f0d9811ae49cbdf68014f0d12cb985f5d8a3b1c8a521e51c1397ee0ebddf29a9ef34535bd3e46a138406b63202c452ae22d2dcb221421ada40f029c9ec0a0c5ce2d0bacc48d3370acc120a8a79b03d037f694bf434207db334ea8e4b64f53efdb32367150d04b8f02dc109513cb26c15f0a523d78374e4e52ec9fe982742c6abc69eb0d05b38a59b50de7e1898b5453bf679b4e8f71a7b0683fbd08bdabbc7bd18ab086f3c806b403f1919ba658ae6bed55cd336d7ef4052246038670431ec8ff382c6deb955f33b31915adcb50815ad76250a0d7b2e87e20ca606bc26106d379decdd788c7c80c5f0d97748d0	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7AC5FFF8DCBC5583176877073BF751735E9BD358\Blob = 0b000000010000002a0000005300650063007500720065004e0065007400200043004100200043006c00610073007300200042000000090000000100000016000000301406082b0601050507030406082b060105050703010300000001000000140000007ac5fff8dcbc5583176877073bf751735e9bd3582000000001000000dd020000308202d9308201c1a003020100020100300d06092a864886f70d0101040500302c310b3009060355040613026175311d301b060355040a13145365637572654e657420434120436c6173732042302617113939303633303030303030302b3130303017113039313031353233353930302b31303030302c310b3009060355040613026175311d301b060355040a13145365637572654e657420434120436c617373204230820122300d06092a864886f70d01010105000382010f003082010a0282010100a663d9c6155a76e74665c73491f97bdd56bbf896352e29caa77d0a1ef73152e85ac8d3cf39014e5bf01fb1b84ad2b34743663f01404e3049e10ffdeb126378ccf6166218f56f69fd7e6e337621a3c0880feae625fca997cc1872c731b60b9bcdc2c578616345ac34a6277868c4bd5268ce844dd224a5286c80e6cae6cfe69a9e5078cef336d2a3435a1c06afcb20eed02cc44418906cb1916465b9b785834ba89199c5e09cf7b850d7d3b04f9aed63fb4df4d428243a805b7b938cc50584af3b86fe8131c7b69d5f1aea907bb0465eb2085200570d55528378954afd688f9ed950b64b53faf28502954e38f583a796d4313f3fa7ca3753dcc52f6d1a74a6ccbf0203010001300d06092a864886f70d010104050003820101004b46a6225ae9d1a5e4108f4c5360e34d5486deba1caa2a5a36081d4a0b49a1efaabdbc2632a4ff734030240fecab11d5cbafc44b9be71e1cc35085ba4f082b2f3f1423aaf6839986be467811152b9ae4a3bf7de98d7ef967df3e7fe6ad46e76065675fe580f32cbb5367736fe0ae97126d49181c684cb32cf35ac13531f6ece93ea7cbcd5450875845c014d548b6f3288e3a1829e89a99f1e0f5a3cb08b47d782513e134ce689bdab722211b3452cbef53e2f3d70c62dab1454145b897582c086245230e5995351a0e44c751704e3f04ad26c21ded0f482d55131d71a2a70eb32f876fb0eee5c7368b2c715140871ace56143929ef250a800a199df5569fdd8a	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E3D73606996CDFEF61FA04C335E98EA96104264A\Blob = 0b000000010000001a00000044002d0054005200550053005400200047006d00620048000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308030000000100000014000000e3d73606996cdfef61fa04c335e98ea96104264a2000000001000000eb040000308204e7308203cfa00302010202030326da300d06092a864886f70d01010505003052310b300906035504061302444531153013060355040a0c0c442d547275737420476d6248312c302a06035504030c23442d5452555354205175616c696669656420526f6f74204341203120323030373a504e301e170d3037303630383131343734365a170d3132303630383131343734365a3052310b300906035504061302444531153013060355040a0c0c442d547275737420476d6248312c302a06035504030c23442d5452555354205175616c696669656420526f6f74204341203120323030373a504e30820124300d06092a864886f70d010101050003820111003082010c028201010089d9ffd3ff37fc57881560c1bd2f681080b72d59a5a24ac70ad62f8e40377b2a32aac6b6130d20e74ffe3f0e6eadf954cf6b050bfe69f2fabc813fdeedb333bb392c74c434f6b4fac3d3d258ca79708f63e39534f839579f01748b979cadea1cbb65fd4ae62438493e9eb2c650e35cd63be9873977d9a41e0728a05d92872b4c8b75c54003bd3f400d943c3b14a7e0ae72bd2bebd2f1b0de08e2d1a411d638c24ef212771fcf48460bf817339b831f08b805e746534b887b87fcd2a33d4572e90e19b4058a6a1f370c0f0cccc8a8b95b02baf3b8a30d0fc314eb6b7b3781ea9e58d1b0b7474b053104e94c0aa1c09214bd2337d221f6e4c0ec4e997f8d8de851020500e9cc4529a38201c2308201be300f0603551d130101ff040530030101ff301d0603551d0e041604142c4cf69a2a9f288201c1990611afb34b7cb79afe303806082b06010505070101042c302a302806082b06010505073001861c687474703a2f2f7175616c2e6f6373702e642d74727573742e6e657430170603551d200410300e300c060a2b06010401a534021f0130330603551d11042c302a8110696e666f40642d74727573742e6e65748616687474703a2f2f7777772e642d74727573742e6e6574301806082b06010505070103040c300a3008060604008e460101300e0603551d0f0101ff0404030201063081d90603551d1f0481d13081ce3081cba081c8a081c5867f6c6461703a2f2f6469726563746f72792e642d74727573742e6e65742f434e3d442d54525553542532305175616c6966696564253230526f6f7425323043412532303125323032303037253341504e2c4f3d442d5472757374253230476d62482c433d44453f63657274696669636174657265766f636174696f6e6c6973748642687474703a2f2f7777772e642d74727573742e6e65742f63726c2f642d74727573745f7175616c69666965645f726f6f745f63615f315f323030375f706e2e63726c300d06092a864886f70d0101050500038201010069a9f184c8b6069d1a170765f3aa479cf772aa3daf2666e514210ece1b893e8a54c8ff36c91d2c8a11e5cdc772a4845b1e5bc33535b1b16d4baa08d4d9d4e2fd074be4565bf6ca70c875ba9c7e440e058afdd61b74d3bbd2e55ae4daf60fb21f8d54cc1565fe761a2c10b9c6d424263b0cad68496f63acac585ed617b906680cb430cce1b7e63fc0eed20f4da0d8a25f7c80c8e0178a54f7450872774a4bb329a093a0e1ca43c1732dbbdab492f15ce61026d588f186e73e1b622726ccbbcecc30decfd8baff8c82371e6c4584d923b58696970ec7aa228d4fa2fb2903b01adc105463bd9cd69e9ce41f329790d0d79abb79a3238fb475ae64c87797fa2c238d	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob = 0300000001000000140000007f88cd7223f3c813818c994614a89c99fa3b5247090000000100000016000000301406082b0601050507030406082b060105050703030b00000001000000400000004d006900630072006f0073006f00660074002000410075007400680065006e007400690063006f0064006500280074006d002900200052006f006f00740000002000000001000000da030000308203d6308202bea003020102020101300d06092a864886f70d01010405003050310b3009060355040613025553310d300b060355040a13044d53465431323030060355040313294d6963726f736f66742041757468656e7469636f646528746d2920526f6f7420417574686f72697479301e170d3935303130313038303030315a170d3939313233313233353935395a3050310b3009060355040613025553310d300b060355040a13044d53465431323030060355040313294d6963726f736f66742041757468656e7469636f646528746d2920526f6f7420417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100df08bae33f6e649bf589af28964a078f1b2e8b3e1dfcb88069a3a1cedbdfb08e6c8976294fca603539ad7232e00bae293d4c16d94b3c9ddac5d3d109c92c6fa6c2605345dd4bd155cd031cd2595624f3e578d807ccd8b31f903fc01a71501d2da712086d7cb0866cc7ba853207e1616faf03c56de5d6a18f36f6c10bd13e69974872c97fa4c8c24a4c7ea1d194a6d7dceb05462eb818b4571d8649db694a2c21f55e0f542d5a43a97a7e6a8e504d2557a1bf1b1505437b2c058dbd3d038c93227d63ea0a5705060adb6198652d4749a8e7e656755cb8640863a9304066b2f9b6e334e86730e1430b87ffc9be72105e23f09ba74865bf09887bcd72bc2e799b7b0203010001a381ba3081b7300d0603551d0a040630040302078030320603550403042b13294d6963726f736f66742041757468656e7469636f646528746d2920526f6f7420417574686f7269747930720603551d01046b306980101a1be75b9ffd8c2ac339ae0c622e5332a1523050310b3009060355040613025553310d300b060355040a13044d53465431323030060355040313294d6963726f736f66742041757468656e7469636f646528746d2920526f6f7420417574686f72697479820101300d06092a864886f70d010104050003820101002dc9e2f6129e5d5667fafa4b9a7edc29565c80140228856e26f3cd58da5080c5f819b3a67ce29d6b5f3b8f2274e61804fc4740d87a3f3066f012a4d1eb1de7b6f498ab5322865158ee230976e41d455c4bff4ce302500113cc41a45297d486d5c4fe8383657deabea2683bc1b12998bfa2a5fc9dd384ee701750f30bfa3cefa9278b91b448c845a0e101424b4476041cc219a28e6b2098c4dd02acb4d2a20e8d5db9368e4a1b5d6c1ae2cb007f10f4b295efe3e8ffa17358a9752ca2499585feccda448ac21244d244c8a5a21fa95a8e56c2c37bcf4260dc821ffbce74067ed6f1ac196a4f745cc51566316cc16271910f595b7d2a821adfb1b4d81d37de0d0f	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8781C25A96BDC2FB4C65064FF9390B26048A0E01\Blob = 14000000010000001400000060b585ec56647e121927671d50154b73ae3bf9120300000001000000140000008781c25a96bdc2fb4c65064ff9390b26048a0e01090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030806082b060105050703090b000000010000000c000000440061006e004900440000000f0000000100000014000000a002719ea2321348513e0b25f16cee0b28afd64d20000000010000001d0500003082051930820401a00302010202043e48bdc4300d06092a864886f70d01010505003031310b300906035504061302444b310c300a060355040a1303544443311430120603550403130b544443204f434553204341301e170d3033303231313038333933305a170d3337303231313039303933305a3031310b300906035504061302444b310c300a060355040a1303544443311430120603550403130b544443204f43455320434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ac62f66120b2cfc0c685d7e379e6ccedf23992a4972e64a3845b879c4cfda4f3c45f21bd5610ebdb2e61ec9369e3a3ccbd99c305fc06b8ca361cfe908e494cc4569a2f56bccf7b0cf16f47a60d434de2e91d3934cd8d2cd91298f9e3e1c14a7c8638c4a9c46188d25eaf1a264dd5e4a0224784d964b71996fcec19e4b297264e4a4ccb8f248b54181c48617bd58868da5db5eacd1a30c180837650aa4fd1d4dd38f0ef16f4e10c5006bfeafb7a49a1282b1cf6fc1532a3746a8fa9c362297131e53ba460175e74e6da13ede91f1f1bd1b26873c6103475461010e390007640cb8bb7430921ffab4e93c658e9a582db77c43a99b172954904f0b72bfa7b598edd0203010001a382023730820233300f0603551d130101ff040530030101ff300e0603551d0f0101ff0404030201063081ec0603551d200481e43081e13081de06082a815081290101013081d1302f06082b060105050702011623687474703a2f2f7777772e636572746966696b61742e646b2f7265706f7369746f727930819d06082b06010505070202308190300a160354444330030201011a8181436572746966696b61746572206672612064656e6e6520434120756473746564657320756e646572204f494420312e322e3230382e3136392e312e312e312e204365727469666963617465732066726f6d2074686973204341206172652069737375656420756e646572204f494420312e322e3230382e3136392e312e312e312e301106096086480186f84201010404030200073081810603551d1f047a30783048a046a044a4423040310b300906035504061302444b310c300a060355040a1303544443311430120603550403130b544443204f434553204341310d300b0603550403130443524c31302ca02aa0288626687474703a2f2f63726c2e6f6365732e636572746966696b61742e646b2f6f6365732e63726c302b0603551d1004243022800f32303033303231313038333933305a810f32303337303231313039303933305a301f0603551d2304183016801460b585ec56647e121927671d50154b73ae3bf912301d0603551d0e0416041460b585ec56647e121927671d50154b73ae3bf912301d06092a864886f67d0741000410300e1b0856362e303a342e3003020490300d06092a864886f70d010105050003820101000aba262646d373a809f36b0b3099fd8ae1577a11d3b894d709106ea3b13803d1b6f243412962a772d8fb7c05e631702754184e8a7c4ee5d1ca8c7888cf1bd3908be623f80b0e33437d9ce20a198fc9013e745d74c98b1c03e518c8014c3fcb97055d9871a6986fb67cbd377fbee193256d6ff00aad1718e103bc0729c8ad26e8f861f0fd21097e9a8ea9687d486272bd00ea0199b8068251814ef1f5b49154b9237a009a9f5d8de03c64b91a12922ac782447239dce23cc6d855f5154ec8050edbc6d062a6ec15b4b50282dbac8ca281f09b9931f52020a888610a079f94fcd0d71bcc2e17f304277667eb5483fda4907e063d04a3432ddafc0b62ea2f5f6253	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D29F6C98BEFC6D986521543EE8BE56CEBC288CF3	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\211165CA379FBB5ED801E31C430A62AAC109BCB4	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8250BED5A214433A66377CBC10EF83F669DA3A67\Blob = 0300000001000000140000008250bed5a214433a66377cbc10ef83f669da3a67090000000100000048000000304606082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b0601050507030606082b060105050703070b0000000100000012000000550043004100200052006f006f0074000000200000000100000088030000308203843082026ca003020102020109300d06092a864886f70d01010505003033310b300906035504061302434e3111300f060355040a1308556e6954727573743111300f0603550403130855434120526f6f74301e170d3034303130313030303030305a170d3239313233313030303030305a3033310b300906035504061302434e3111300f060355040a1308556e6954727573743111300f0603550403130855434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b35d07ca86267d6be2fb38090ecc82c26a1a00a2155fd6e9d401b7560301598ff538692476c25e2bc5f62bbfaffb41fd0f5afcabd783704d3098d19eb276bb92d6bbe9102869283644e8f12cd7587c24d67f023af0816b61603ff433de6de5ea28524ffca91d637c0bbaeaaec46846e4de8fc1a7b2b6585a6d1d2cd98c3ab788cb85d4f7e8035efdb24d50e8d61fffae023f8b4f96213c9bd725c91d3ffb98b159e4f0a93bafb3cd852ce26046cc6f8ea0ebf034c5f1421860ae12ed46751ce5d8a9965abede5ad67867965b937750f26e1bde96514aa6d64b437521668d77ec0284765c4410b61d616ce4a3207db78dba0f9175c78ddfbc0260a829a8bd3d430203010001a381a230819f300b0603551d0f040403020106300c0603551d13040530030101ff30630603551d25045c305a06082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030506082b0601050507030606082b0601050507030706082b0601050507030806082b06010505070309301d0603551d0e04160414db1f35f36b4cff4231649bcdbb5a1e1d4810b7ee300d06092a864886f70d01010505000382010100386cb788f1adfa583774d1e870de9c2759cbe415d7a0c360d7888004c5304c3dd41aeb065e5947e6bc66cbe008fce835ec627dcac0dac178afe5466ffb8982238ff6d7536655a0de25123b713616551276fb3df8545b31ba0006f87d55e5a77683aa5c4a97a62a28dfbdc66c0b23958e337f1e5e401f13542c9ce5b50edd1728ae6b01d35229f5221f9039f4dc6268f03c8647ecb80545bbb70c9694c667cb2371d08e7422d641eb03a8b6eabec40112b5b35d40760620d464b82946068ace1f939a10eefbaa5ab4dc2fd52bcbf6d705849805910b84f73dfad6f97afa2c15ea368243b7b7b8e3f37101ed4343a20545c328050735e301a5381e80d4d7c3d9de	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CB658264EA8CDA186E1752FB52C397367EA387BE	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\60D68974B5C2659E8A0FC1887C88D246691B182C\Blob = 140000000100000014000000a3052f186050c2890add2b214fff8e4ea83031360b00000001000000580000005300650063007200e90074006100720069006100740020004700e9006e00e900720061006c0020006400650020006c00610020004400e900660065006e007300650020004e006100740069006f006e0061006c0065000000090000000100000074000000307206082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030606082b0601050507030706082b0601050508020206082b06010505070308060a2b0601040182370a0304060a2b0601040182370a030c06082b0601050507030903000000010000001400000060d68974b5c2659e8a0fc1887c88d246691b182c0f0000000100000014000000a5188dd70d6aaa1e23cd334ecb5a3d912c70ed7920000000010000000604000030820402308202eaa00302010202053911451094300d06092a864886f70d0101050500308185310b3009060355040613024652310f300d060355040813064672616e6365310e300c0603550407130550617269733110300e060355040a1307504d2f5347444e310e300c060355040b13054443535349310e300c060355040313054947432f413123302106092a864886f70d010901161469676361407367646e2e706d2e676f75762e6672301e170d3032313231333134323932335a170d3230313031373134323932325a308185310b3009060355040613024652310f300d060355040813064672616e6365310e300c0603550407130550617269733110300e060355040a1307504d2f5347444e310e300c060355040b13054443535349310e300c060355040313054947432f413123302106092a864886f70d010901161469676361407367646e2e706d2e676f75762e667230820122300d06092a864886f70d01010105000382010f003082010a0282010100b21fd1d062c5333bc0048688b3dcf888f7fddf43df7a8d9a495cf64eaacc1cb9a1eb2789f246e93b4a71d51d8e2dcfe6adab6350c7540b6e12c99036c6d82fda91aa68c572fe170ab2177e79b5328870ca70c0964a8ee455cd1d2794bfce722aec5cf97320febdf72e8967b8bb477312f7d135693af20ab9aeff464246a2bfa1851af9bfe4ff4985f7a37086321c5d9f60f7a9ada5ffcfd134f97d5b17c6dcd60e286bc2ddf1f533689d4efc877c3612d6a380e8430d556194ea643747ea77cad0b25805c35d7eb1a846903156ce702a96b230b877e679c0bd293bfd94774cbd20cd4125e02ec71bbbeea40441d25dad126a8a9b47fbc9dd4640e19d3c33d0b50203010001a3773075300f0603551d130101ff040530030101ff300b0603551d0f04040302014630150603551d20040e300c300a06082a817a0179010101301d0603551d0e04160414a3052f186050c2890add2b214fff8e4ea8303136301f0603551d23041830168014a3052f186050c2890add2b214fff8e4ea8303136300d06092a864886f70d0101050500038201010005dc26d8fa77154468fc2f663a74e05de429ff060713844aabcf6da01f5194f849cb743614bc15dddb892fdd8fa05d7cf512eb9f9e38a447ccb396d9be9c25ab037e330f95810dfd16e088be37f06c5dd0319b322b5d1765939860bc6e8fb1a83c1ed91cf3a92642f9641dc2e792f6f41e5aaa19525dafe8a2f760a0f68df089f56ee00a050195c98b200aba5afc9a2c3cbdc3b7c95d7825053f56149b0cdafb3a48fe97695eca1086f74e9604084decb0be5ddc3b8e4fc1fd9a36349a4c547e1703489508111c076f85087e5d4dc49ddbfbaeceb2d1b3b8836c1db2b379f1d870997ef01302ce5edd51d3df3681a11b782f71b3f1594c461828ab85d260565a	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 53000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5922A1E15AEA163521F898396A4646B0441B0FA9	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C\Blob = 030000000100000014000000c060ed44cbd881bd0ef86c0ba287ddcf8167478c090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b000000010000002400000044006900670069004e006f00740061007200200052006f006f007400200043004100000053000000010000002800000030263024060e6084100187690101010c0601010130123010060a2b0601040182373c0101030200c020000000010000008e0500003082058a30820372a00302010202100c76da9c910c4e2c9efe15d058933c4c300d06092a864886f70d0101050500305f310b3009060355040613024e4c31123010060355040a1309446967694e6f746172311a301806035504031311446967694e6f74617220526f6f742043413120301e06092a864886f70d0109011611696e666f40646967696e6f7461722e6e6c301e170d3037303531363137313933365a170d3235303333313138313932315a305f310b3009060355040613024e4c31123010060355040a1309446967694e6f746172311a301806035504031311446967694e6f74617220526f6f742043413120301e06092a864886f70d0109011611696e666f40646967696e6f7461722e6e6c30820222300d06092a864886f70d01010105000382020f003082020a0282020100acb058c100bdd821080b2b9afe6e5630059f1b779010415cc30d8711778e81f1ca7ce98c6aed387435bbdadff9bbc00937b49673817d331a9839f7936f957f3db9b17587ba5148e88b703e9504c5d8b6c316d988b0b1871d70da86b40f148b7acf10d17436a2127b77864a79e67bdf021168a54e86ae34589b2413785622251e018b4b5171fb82cc599669885a6853c5b90d0237cb4bbc664a907e2a0b0507ed165f559075d846c91b83e208bef123cc991dd62a0f8320155827822efae222c249b1b901816a9d6d9d407768764e212a6d8440854e76997c82f3f3b70259d426011b8edfad5306d1ae18dde2b23acbd788388eac5b29b919d398f91803cf488286660b1b690fc9eb38887a261a054c92d724d496f2ac522da347d552f63ffece840670a6aa3ea2f2b656341857a2e4816de7caf06ad3c7916b0283417c15ef6b9a645ee3d03ce5b1eb7b5d86fbcbe67749cda365dcf7b99cb8e40b5f93cfcc301a321cce1c6395a5f9eae1748b9ee92ba9307ba0181f0e180be55ba9d3d16c1e07678f914ba98abcd266aa930188b291fa315cd5a6c1520809cd0a63a2d322a6e8a1d9390697f56e8d02908c147b3f80cd1b9cbac4587223afb6569fc67a423329073f82c9e61f050dcd4c28368bd3c83e1cc688ef5eee8964e91debda897e32a669d1ddcc889fd1d0c96621dc0667c5947a9a6d624c7dcce06480b29e478ea30203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604148868bfe08e35c43b386b62f7283b8481c80cd74d300d06092a864886f70d010105050003820201003b028dcb3c30e86ea0adf273b35f9e25130405d3f6e38bbb0b79ce53dee496c5d1af73bcd5c3d040557c407fcd1b5f09d5f27c9f681dbb5dce7a39c28cd6987bc58355a8d57d40cae01ef7895e635da113c25d8ab68a7c00f323c3ed855f7176f06863aa45213948617836dcf14393d425c7f28065e153027551fc7a3aef37ab8428570cd8d4d499566ce3a2fe5984b431e833f86494945197ab39c54beddadd800b6f7c290dc48e8a720de75314b260413d849131683d2744dbe5def4fa6345c84c3e98f53f41ba4ecb370dba6698f1ddcb9f5cf75436826b2cbc13619742f878bbccc8a29fcaf068bd6b1db2df8d6f079dda8e67c7471ecab9bf2a4291b7635366f142a3e1f45a4d586bb5e4a433ad5c701ddce0f2eb7314919a03c1ea0065bc07fccf1211222caea0bd3ae0a22ad859e929d31835a4ac115f19b5b51bff224a5cc67ae417ef20a9a7f43fad8aa79a04259d0eca37e650fd8c4229049aecb9cf4b72bde20836af232f62e5ca01d370db7c82232c16310cc63607907ab11f6758c43b585989b08c8c50b3d886cb68a3c40ae7694b20cec11e564b95a92368d830d8c3ebb05551cde5fd2bb8f5bb119f5354f634198c790936ca611725170b8298730c7774c3d50dc7a8124cc7a75471472e2c1a7dc9e32b3b48de2784a76336b37d8fa06439240d3d7b87af665c741b4b73b2e58cf08699b8e5c5df84c1b7eb	updroots.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeRestorePrivilege	2696	KB931125.exe
Token: SeRestorePrivilege	2696	KB931125.exe
Token: SeRestorePrivilege	2696	KB931125.exe
Token: SeRestorePrivilege	2696	KB931125.exe
Token: SeRestorePrivilege	2696	KB931125.exe
Token: SeRestorePrivilege	2696	KB931125.exe
Token: SeRestorePrivilege	2696	KB931125.exe

Suspicious use of WriteProcessMemory 35 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2696	2240	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe	28
PID 2240 wrote to memory of 2696	2240	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe	28
PID 2240 wrote to memory of 2696	2240	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe	28
PID 2240 wrote to memory of 2696	2240	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe	28
PID 2240 wrote to memory of 2696	2240	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe	28
PID 2240 wrote to memory of 2696	2240	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe	28
PID 2240 wrote to memory of 2696	2240	2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe	28
PID 2696 wrote to memory of 2616	2696	KB931125.exe	29
PID 2696 wrote to memory of 2616	2696	KB931125.exe	29
PID 2696 wrote to memory of 2616	2696	KB931125.exe	29
PID 2696 wrote to memory of 2616	2696	KB931125.exe	29
PID 2696 wrote to memory of 2616	2696	KB931125.exe	29
PID 2696 wrote to memory of 2616	2696	KB931125.exe	29
PID 2696 wrote to memory of 2616	2696	KB931125.exe	29
PID 2696 wrote to memory of 2684	2696	KB931125.exe	30
PID 2696 wrote to memory of 2684	2696	KB931125.exe	30
PID 2696 wrote to memory of 2684	2696	KB931125.exe	30
PID 2696 wrote to memory of 2684	2696	KB931125.exe	30
PID 2696 wrote to memory of 2684	2696	KB931125.exe	30
PID 2696 wrote to memory of 2684	2696	KB931125.exe	30
PID 2696 wrote to memory of 2684	2696	KB931125.exe	30
PID 2696 wrote to memory of 2140	2696	KB931125.exe	31
PID 2696 wrote to memory of 2140	2696	KB931125.exe	31
PID 2696 wrote to memory of 2140	2696	KB931125.exe	31
PID 2696 wrote to memory of 2140	2696	KB931125.exe	31
PID 2696 wrote to memory of 2140	2696	KB931125.exe	31
PID 2696 wrote to memory of 2140	2696	KB931125.exe	31
PID 2696 wrote to memory of 2140	2696	KB931125.exe	31
PID 2696 wrote to memory of 1012	2696	KB931125.exe	32
PID 2696 wrote to memory of 1012	2696	KB931125.exe	32
PID 2696 wrote to memory of 1012	2696	KB931125.exe	32
PID 2696 wrote to memory of 1012	2696	KB931125.exe	32
PID 2696 wrote to memory of 1012	2696	KB931125.exe	32
PID 2696 wrote to memory of 1012	2696	KB931125.exe	32
PID 2696 wrote to memory of 1012	2696	KB931125.exe	32

C:\Users\Admin\AppData\Local\Temp\2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-20_e07757b46afc01c47a06d74134b78891_magniber.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Users\Admin\AppData\Local\Temp\{E74D6FDB-EB44-4624-B1CD-222AE7B35B91}-TemporaryCache\KB931125.exe
  "C:\Users\Admin\AppData\Local\Temp\{E74D6FDB-EB44-4624-B1CD-222AE7B35B91}-TemporaryCache\KB931125.exe"
  2⤵
  - Modifies Installed Components in the registry
  - Drops file in Windows directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2696
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe authroots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    PID:2616
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe updroots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    PID:2684
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -l roots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    PID:2140
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -d delroots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\authroots.sst

Filesize
73KB

MD5
bb49ccc10926cdb601eba81afef749a2

SHA1
a4766c9aea8d211e9632148fd4b625cece195be9

SHA256
f013ee3b7fede9a95844e83e83ee298d38cba6efce5a5cafcd8b95255c32f86c

SHA512
94c2809727039d1ed07a3742a4b2f9300e865ea7c49bc1fcf547a30238eeecc88d8dd06a2d4f3112317f948908b9af082b50f412a41a2bcb48d5e30d6d8ecbba

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\delroots.sst

Filesize
9KB

MD5
7b32871e409608ff887b6cf4d87debb0

SHA1
191f9ea1298ee52dbd6f977b3584109a064f57b9

SHA256
3f01268547364d2d60a0f65b46757cccfd9225fc39d581846a8fbffdb5756ff2

SHA512
534a384f7946db4083e639b8e02d83ac97293c60630b8811a84c85e0330e9c293f05f5cf71e0f3580551e7923bc5a3bfb7f0406432ca3cdb7efeb4a950ac5e8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\roots.sst

Filesize
7KB

MD5
9e5de0fd1f90486a66dee4bfe89a78d7

SHA1
90e3188ef63495aaa71c85d4ff0f23253c834b40

SHA256
8b95ff56d61586582864d05563762615c8705779578dca3c98a303c3b1f4122e

SHA512
60006fa6f57e4d280642d51055f85f8d27b913ce71373de5b928c515c77647295030ab73ab4a55024de4a40c18f200909f49ffb52c26cf554835fc3d4cc348f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rootsupd.inf

Filesize
1KB

MD5
421e60325404f5f29ac04c9b9d59096b

SHA1
aace2fd74d799e8af5c8d5b2646361bb67a1620c

SHA256
571a8da5298aacc37700c747ee5d72b5a7797835140e7a4d4f895e9604574d77

SHA512
86693975b1b187ee65b0a23b1f3f8e05d1a3f61e7e47b060f938fe1602bbad96021847b709e64c2d5a295b72f10f4db587a11a1e7ca0a0b64c3bed7fa683b1d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.sst

Filesize
320KB

MD5
2d9b4498c847715418160bfd7e7c8a2d

SHA1
e0873091d476d2566aa6fc988cb364247c95dc97

SHA256
c49c05b701c390c679e5e3226ec621f22a08155b1065fcfc37b509f648f03b41

SHA512
dcf3208cdd1e4353f82823f796d735c1209f149f183eea827a90753ec55509a1c460a16c120e07c12a5eacf0e67d2661c25638491ecf4403e25d6508983e519b

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

Filesize
89KB

MD5
a64e4b204d44548eeb5c3d86eca2ad70

SHA1
e3245bf6dbb2e56d71a9cbad2697aa4fa0df6bbe

SHA256
985a5603ebf94539ac11549999f83b5e6dc008180994898c5daa6fd31ae1e9dc

SHA512
dca4099318954bab5f1204645be0d0e8fea0c2e97ee95496fa884fbed627e376358623fa94c39bf0abe97d07d46a7e6c5e1081496cdd1987e07e595995a46cd5

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

Filesize
5KB

MD5
9c18ae971cbffb096952177f6804ea31

SHA1
bb255dd1bd9bb39cdbb8671af66054432c686828

SHA256
2703c25453b09c40ee81fdc458b8cc24712e387a12d15ff94e12b02921fe98cb

SHA512
21086509bb4ea5afede55d034955de0bdf8b366d5d8d4bfa7a6c68b0f35fbf217ff3e932f87fc1d37f09022805e79ceeecbaf3dbccbd96d7c93029ffe7370e4c

Download Submit
\Users\Admin\AppData\Local\Temp\{5AD31318-FD9B-4716-A2D4-4AAADBB4C280}-TemporaryCache\360NetUL.dll

Filesize
231KB

MD5
6c2cd3003689a373b158a4f8c6fe75a7

SHA1
f4938a64224b9cfc16920a83b4cb9ef83c8b68ff

SHA256
a7ff68fe983f3fc97efcd0970e3f93952658420290a3e3d1cec97a2e0bfa83ed

SHA512
8a89da3786bcc7b2936e090a35b51fe59fa37c5b80bac5fd471777b9068a79b8f46bdeaf22f8d5be8bf47a3e1e239366f04ea1fb49c2233526bd1ea545960bd0

Download Submit
\Users\Admin\AppData\Local\Temp\{7286F3C2-1EBE-4e18-89DE-762F7E870BC9}-TemporaryCache\7z.dll

Filesize
450KB

MD5
d27d1c637fb6b8a05f362c3c24f546d1

SHA1
602e21202f52024a296ab1d2cd57173a8fe7098a

SHA256
b891c362fd19ae82f49809b022fcc17b4d104036c3e317bd92ca8ab7e896e71c

SHA512
81b22cc5ca8ac04c53149ee841997d437dc31508fc14d0faecf5b82d040fea093dffe5e7370cf144d7fb0c19df9d8d055f7191d7daeed723affe1e2d6401e6c8

Download Submit
\Users\Admin\AppData\Local\Temp\{E74D6FDB-EB44-4624-B1CD-222AE7B35B91}-TemporaryCache\KB931125.exe

Filesize
349KB

MD5
4a4d72d34f9da1fc5019e0748fcde2f5

SHA1
f54752ec63369522f37e545325519ee434cdf439

SHA256
83b660f3f3eaddd4b388ed3f806f7444f03429fb63fc1f8db3d86294914a05ca

SHA512
95986ffbf51483a0d1a256028847c7ee6ac73ffd62f6d838309a69e1833f719a7cfed5422815f4d4a49dbd599c449f8db8f60273136720cb1da5f8b0eb24cb33

Download Submit
memory/2240-104-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/2240-376-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads