Malware Analysis Report

2024-09-23 10:29

Sample ID 240614-svgtzazfnl
Target 2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber
SHA256 d299f14efca6d788d91ff102280c9e03c9a1dd8288f642f15b4caec5f190df15
Tags
bootkit persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

d299f14efca6d788d91ff102280c9e03c9a1dd8288f642f15b4caec5f190df15

Threat Level: Shows suspicious behavior

The file 2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit persistence

Modifies Installed Components in the registry

Writes to the Master Boot Record (MBR)

Executes dropped EXE

Loads dropped DLL

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-14 15:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 15:26

Reported

2024-06-14 15:29

Platform

win7-20240221-en

Max time kernel

118s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe"

Signatures

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Version = "28,0,2195,0" C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Locale = "*" C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ComponentID = "Windows Roots Update" C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A} C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ = "RootsUpdate" C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\IsInstalled = "1" C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\BirdWallpaper\{F7809C48-95EC-4c14-AFE0-BCBFC907E3AB}.tf C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
File opened for modification C:\Program Files (x86)\BirdWallpaper\BirdWallpaper\bizhi_setup.log C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.app.log C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8BAF4C9B1DF02A92F7DA128EB91BACF498604B6F C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\37F76DE6077C90C5B13E931AB74110B4F2E49A27\Blob = 0b000000010000002200000053006f006e00650072006100200043006c006100730073003200200043004100000009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030303000000010000001400000037f76de6077c90c5b13e931ab74110b4f2e49a272000000001000000240300003082032030820208a00302010202011d300d06092a864886f70d01010505003039310b3009060355040613024649310f300d060355040a1306536f6e6572613119301706035504031310536f6e65726120436c61737332204341301e170d3031303430363037323934305a170d3231303430363037323934305a3039310b3009060355040613024649310f300d060355040a1306536f6e6572613119301706035504031310536f6e65726120436c6173733220434130820122300d06092a864886f70d01010105000382010f003082010a028201010090174a359dcaf00d96c744fa1637fc48bdbd7f802d353be16fa867a9bf031c4d8c6f3247d54168a41304c1350c9a8443fc5c1dff89b3e81718cd915ffb89e3eabf4e5d7c1b26d37579ede684e357e5ad29c4f43a28e7a57b843669b3fd5e76bda32d99d3904e23287d1863f1543b269d765b9742b2ffaef04eecdd39954e83067fe74940c8c501b2545a661d3dfcf9e93c0a9e81b870f0018be423547cc8aef8901e009672d454cf6123bceafb9d0295d1b6b9713a69083f0fb4e142c788f53f98a8a7ba1ce07171ef585781507a5c6b74460e830398c38ea86ef276326e2783c273f3dc18e8b493ea75446b0460207157879df3bea090233d8a24e1da21dbc30203010001a3333031300f0603551d130101ff040530030101ff30110603551d0e040a04084aa0aa5884d35e3c300b0603551d0f040403020106300d06092a864886f70d010105050003820101005ace87f9167215574b1dd99be7a22630ec9367dfd62dd234aff738a5ceab16b9ab2f7c35cbacd00fb44c2bfc80ef6b8c915f3676f7dbb31b19eaf4b211fd617144bf28b33a1dbfb343e89fbfdc310871b09d8dd634473290c66524f7a04a7c04738f396f178c72b5bd4bc87af87b83c3284e9c09ea673fb267041bc314daf8e7492491d01d6afa6139ef6be721750607d812b4212070427181da3c9a36bea65b0d6a6c9a1f917bf9f9ef42ba4e4e9ecc0c8d94dcd9459c5eec425063aef45dc4b112dcca3ba82e9d145a0575b7ecd763e2ba35b6040891e8da9d9cf666b518ac0aa654263433d21bc1d47f1a3a8e0baa326edbfc4f259fd932c7965a70acdf4c C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\9158C5EF987301A8903CFDAB03D72DA1D88909C9\Blob = 19000000010000001000000003415fc805ce55530fabcf58a6a913930f00000001000000140000009ab638b1a08f6ee35c35b8695ae46789f70e91410b000000010000003a00000041006300740061006c00690073002000410075007400680065006e007400690063006100740069006f006e002000430041002000470031000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070300000001000000140000009158c5ef987301a8903cfdab03d72da1d88909c914000000010000001400000001bbd69b56b47ee6c558dd2c98f4ca72f65f3386200000000100000098030000308203943082027ca003020102020101300d06092a864886f70d0101050500306a310b3009060355040613024954310f300d06035504070c064d696c616e6f31233021060355040a0c1a416374616c697320532e702e412e2f30333335383532303936373125302306035504030c1c416374616c69732041757468656e7469636174696f6e204341204731301e170d3039303632333134303630305a170d3232303632353134303630305a306a310b3009060355040613024954310f300d06035504070c064d696c616e6f31233021060355040a0c1a416374616c697320532e702e412e2f30333335383532303936373125302306035504030c1c416374616c69732041757468656e7469636174696f6e20434120473130820122300d06092a864886f70d01010105000382010f003082010a0282010100c31c86343f27524260ba2b60d0212bc9d7e940753a6c580f233bcf863ed464ab6edaeac82ad89545dfc91cd225929e10985a8b7169c095e9f66b68dcf7b6c40dfe6ef5703bc1a4a84f20a2270b9ff112757ccfae7f5ecb78025828d72faadba0ae743d7eabf6e972a12acfd69060dfe0a035cac0db04c40756fc66758c8e7a13a13c066b1ae67f399c88e4846fa2e27f6b9fec01aad2c4cbb2ec9a3db81718ac1f609933e6eb05ddccf26967b00ebe282443cb2db9478419f9eae4f1f568f49fc77b5051afa2fc6f778831bf92db7f9cc5b5aca10898e76a33fed1bb00e1b70508aff3a65688363de38a4ae20d9d8086669fd4c2a350ba1c12d7878a314ab8150203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020100301d0603551d0e0416041401bbd69b56b47ee6c558dd2c98f4ca72f65f3386300d06092a864886f70d01010505000382010100a120d6cba2346d3c6ee155d24ad0d9bab23751887727ee0248934541e27551f2199409a0f3b87dba038023a025ef0119b5d91a7a2de3428ab186310f96ec6684f2ce231246966b315e06baafa352aa4220a8d1aeaa9bdfc4179e537001b4a91ada68c8630fb65a7353d16911061352e76ba80531b7b0fc8746c5758881f15f7802e79fad9cbb54ed5f996a37d5eb55b32ac0436051dcb4719226a30fcc7a3ddcc04289172908675464c5f9a844bc847158963d67577fbbac90b37122bf3ebaac66264510b3f01f3a3a68a55035cab4179106012cf70db070b25b5675b97799c0d99585022d736607c94f9911ee5b2ba8e3682305a8f3040f06bb1f098ec65b1d C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\61573A11DF0ED87ED5926522EAD056D744B32371 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\925A8F8D2C6D04E0665F596AFF22D863E8256F3F\Blob = 0f00000001000000200000001504593902ec8a0bab29f03bf35c3058b5fd1807a74dab92cb61ed4a9908afa40b000000010000006600000053007400610072006600690065006c006400200053006500720076006900630065007300200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f007200690074007900200013202000470032000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a030406082b0601050507030606082b06010505070307030000000100000014000000925a8f8d2c6d04e0665f596aff22d863e8256f3f2000000001000000f3030000308203ef308202d7a003020102020100300d06092a864886f70d01010b0500308198310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313b303906035504031332537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a308198310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313b303906035504031332537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d50c3ac42af94ee2f5be19975f8e8853b11f3fcbcf9f20136d293ac80f7d3cf76b763863d93660a89b5e5c0080b22f597ff687f9254386e7691b529a90e171e3d82d0d4e6ff6c849d9b6f31a56ae2bb67414ebcffb26e31aba1d962e6a3b5894894756ff25a093705383da847414c3679e04683adf8e405a1d4a4ecf43913be756d60070cb52ee7b7dae3ae7bc31f945f6c260cf1359022b80cc3447dfb9de90656d02cf2c91a6a6e7de8518497c664ea33a6da9b5ee342eba0d03b833df47ebb16b8d25d99bce81d1454632967087de020e494385b66c73bb64ea6141acc9d454df872fc722b226cc9f5954689ffcbe2a2fc4551c75406017850255398b7f050203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604149c5f00dfaa01d7302b3888a2b86d4a9cf2119183300d06092a864886f70d01010b050003820101004b36a6847769dd3b199f6723086f0e61c9fd84dc5fd83681cdd81b412d9f60ddc71a68d9d16e86e18823cf13de43cfe234b3049d1f29d5bff85ec8d5c1bdee926f3274f291822fbd82427aad2ab7207d4dbc7a5512c215eabdf76a952e6c749fcf1cb4f2c501a385d0723ead73ab0b9b750c6d45b78e94ac9637b5a0d08f15470ee3e883dd8ffdef410177cc27a9628533f23708ef71cf7706dec8191d8840cf7d461dff1ec7e1ceff23dbc6fa8d554ea902e74711463ef4fdbd7b2926bba961623728b62d2af6108664c970a7d2adb7297079ea3cda63259ffd68b730ec70fb758ab76d6067b21ec8b9e9d8a86f028b670d4d265771da20fcc14a508db128ba C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6782AAE0EDEEE21A5839D3C0CD14680A4F60142A\Blob = 0b000000010000001200000056006500720069005300690067006e000000090000000100000020000000301e06082b0601050507030406082b0601050507030206082b060105050703030300000001000000140000006782aae0edeee21a5839d3c0cd14680a4f60142a2000000001000000400200003082023c308201a502102d1bfc4a178da391ebe7fff58b45be0b300d06092a864886f70d0101020500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732032205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3238303830313233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732032205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100b65a8ba30d6a2383806bcf3987f4211333064c25a2ed551297c5a780b9fa83c120a0fa2f150d7ca1606b7e792cfa060f3aaef61b6fb1d2ff2f28525f837d4bc47ab7f8661f8054fcb7c28e594a145746d19a93be419103bb1580935cebe7cc086c3f3eb34afcff4b6c23d550822644198e23c371ea192447049e75bfc8a6001f0203010001300d06092a864886f70d0101020500038181008a1b2bfa39c174d75ed81964a2584a2d37e033470facedf7aadb1ee48b065c6027ca4552ce16ef3f0664e794687c6033151169af9d628da303546ba6bee5ee05186004bf4280fdd0a8a81e013bf7a35cafa3dce62680233cb84474f70aae498b6178cc24bf888aa70eea731941fd4d03f088d1e5788da52a4ff6970d1777cad8 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\78E9DD0650624DB9CB36B50767F209B843BE15B3 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\C4674DDC6CE2967FF9C92E072EF8E8A7FBD6A131 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CEA9890D85D80753A626286CDAD78CB566D70CF2\Blob = 19000000010000001000000088694cdcb11bc30c70efc157455fc5c00f0000000100000014000000c4d90e9489add808a5db10cb59895db17d02e47f0b000000010000000e00000041004e0046002000410043000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b06010505070307030000000100000014000000cea9890d85d80753a626286cdad78cb566d70cf2140000000100000014000000be3bf6b431b773244839c557139475aa9f813f2c2000000001000000a10600003082069d30820585a003020102020301344b300d06092a864886f70d01010505003081d9310b30090603550406130245533112301006035504080c0942617263656c6f6e613147304506035504070c3e42617263656c6f6e6120287365652063757272656e7420616464726573732061742068747470733a2f2f7777772e616e662e65732f616464726573732f2931283026060355040a0c1f414e46204175746f7269646164206465204365727469666963616369c3b36e31173015060355040b0c0e414e4620436c617365203120434131123010060355040513094736333238373531303116301406035504030c0d414e4620536572766572204341301e170d3039313133303233303030305a170d3231313133303233303030305a3081d9310b30090603550406130245533112301006035504080c0942617263656c6f6e613147304506035504070c3e42617263656c6f6e6120287365652063757272656e7420616464726573732061742068747470733a2f2f7777772e616e662e65732f616464726573732f2931283026060355040a0c1f414e46204175746f7269646164206465204365727469666963616369c3b36e31173015060355040b0c0e414e4620436c617365203120434131123010060355040513094736333238373531303116301406035504030c0d414e462053657276657220434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bfea48a79a88396b2c48400704937cf7b82d7ea537e261d621fc9037cb693e5e8b37df5b6f3bd8b6c3884090f49d0c5c1052b1b3e55f9110e6fda880145fd38bbd5cbd0f23920937e372d266940b5c74942f5ef24ed803c6b3ce56a51cd97bfd4f074cd4b7da5f294d75f21f55cf32231c4609271d45ecf18c3489de7b16a7435e8a2be994431ed73e936d6f893dbceeb1c8b7ffc97de35f0d6f7778f52a2e8dc48b989730b1465a0b6370d478c786b37fff2742aa9f8a6e6da194caec87021cd6544bfdbc899ba66338668c16898997c350e8f64201a7777d10199203e85d45c815c5871b0d91f2c6399c7bf3c00a99f8ee836f7e4277118ec31f1c722f3d1b0203010001a382026a30820266301d0603551d0e04160414be3bf6b431b773244839c557139475aa9f813f2c308201090603551d23048201003081fd8014be3bf6b431b773244839c557139475aa9f813f2ca181dfa481dc3081d9310b30090603550406130245533112301006035504080c0942617263656c6f6e613147304506035504070c3e42617263656c6f6e6120287365652063757272656e7420616464726573732061742068747470733a2f2f7777772e616e662e65732f616464726573732f2931283026060355040a0c1f414e46204175746f7269646164206465204365727469666963616369c3b36e31173015060355040b0c0e414e4620436c617365203120434131123010060355040513094736333238373531303116301406035504030c0d414e4620536572766572204341820301344b300c0603551d13040530030101ff300e0603551d0f0101ff0404030201063031060a2b06010401818f1c2a0604231b2168747470733a2f2f7777772e616e662e65732f41432f41435441532f37383932333018060a2b06010401818f1c1301040a1b083830312d33343030303806082b06010505070101042c302a302806082b06010505073001861c687474703a2f2f7777772e616e662e65732f41432f52432f6f63737030630603551d1f045c305a302ba029a027862568747470733a2f2f7777772e616e662e65732f41432f414e4653657276657243412e63726c302ba029a027862568747470733a2f2f63726c2e616e662e65732f41432f414e4653657276657243412e63726c30160603551d12040f300d810b696e666f40616e662e657330160603551d11040f300d810b696e666f40616e662e6573300d06092a864886f70d01010505000382010100b5c6c7bc46fa425c13c194753356bf2fa70773ec37e34374eaf9664f5e8d7ff0e679c34df5d938a5ccca43f4538086bfbcd0115d90c4c24047ebc58793c1b6785e9aae87f56210594c4c6d06be991315b3b3fa1c727ee022210158353868a2e4f8e1f0f0365091e0b477dc6384339260b8cb16f2d2633b4c5c353ae7ac0253c51c810177c71c111f5430ef548f25fa89279434a30f144f6fe973d91862e7ee08e8c9837bc8339b7c449a7c1a90b5d27189df3df41c4f4e51e0c96bb6aa0b1ed9300fd363d5ed70f4c183ed06459aa8eab48937fd5a3747ef9179a735fff0dc30ed0d1467db7c5ae08f6d33fe3c9e1533c3c32d0e5daa7c0d8e31964d8bff05d5 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\76B76096DD145629AC7585D37063C1BC47861C8B\Blob = 1900000001000000100000003b2e1f8aaf60cc9f640ee9d4b76239e70f0000000100000014000000031d653528b5bec94e210fc37655e331b1cc46230b000000010000002a00000055002e0053002e00200047006f007600650072006e006d0065006e00740020004600420043004100000009000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b0601050507030903000000010000001400000076b76096dd145629ac7585d37063c1bc47861c8b1400000001000000140000001e2c4bf9ec66a61e925f877903edd5c295b7958320000000010000007e0300003082037a30820262a003020102021039e3815404c50ab247effef336cfc698300d06092a864886f70d0101050500304e310b300906035504061302757331183016060355040a130f552e532e20476f7665726e6d656e74310d300b060355040b130446424341311630140603550403130d436f6d6d6f6e20506f6c696379301e170d3034313030363138343530395a170d3130313030363138353335365a304e310b300906035504061302757331183016060355040a130f552e532e20476f7665726e6d656e74310d300b060355040b130446424341311630140603550403130d436f6d6d6f6e20506f6c69637930820122300d06092a864886f70d01010105000382010f003082010a0282010100cf267cb0694c7700caf4e3741994fb5a61af62e4bdc300e524a30126a0d4d6e3d1f9a678efebf40192a830902fca33a368822025d437b2ed1920b72916b30b59380744416108915f7142c5642a292e46ba0c32a51325e3d9debdf8c913908a5711b557487838b527d1ac85ca2af840f8257f9d4220e173db45fdd35a9abfdd47ee3e3e491800e4f6be5c882d782807ae5ed2d69be6bdfc2cba27f396be30fe20f8f7d9a80f7871c75323cdb0ac7f478ccf7126c11ac330249e08d3587425f216dfb0d0823735689989e1bd04a04e96629ec163b41a5152fcc9de2ff85ef57d8c6f1b41814dbb2853ae9b613f29eadcd0b7a9531daef5aa96d65c7793562a49530203010001a3543052300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604141e2c4bf9ec66a61e925f877903edd5c295b79583301006092b06010401823715010403020100300d06092a864886f70d010105050003820101006635cba17282e037ce9659be07cca97e171ad110c85d8c1dfa125cc77239a2e92c845860fe77f94d3b6b13eadedb3ee619f66c63847a056bee3a19cdb4ce4ee115314137638a347f9487c708a3f7cbf9b07b49e1e821d7a1c2e4f2a6ade7f34079a1e9ec7fa0248ac51b351ecaa3e079e687a3a3c67c39c649c2102eff97d26c7ed3bb0f1beb561a632cbcc31eb6b269c767edca4c2d9f0430a3e246520083d5d50a6bede9342090185484ba973c37918733eafa5c195b7c2c299a8d445874bb06316e89b4591179e09ad23c62413d4c3ae9b9a549c5008f0fa1775c3d46947a4a8e08312d257b086011acfb3aee77cc6d06ce43a5e902c9bde258ba087aad07 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A399F76F0CBF4C9DA55E4AC24E8960984B2905B6 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\323C118E1BF7B8B65254E2E2100DD6029037F096 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob = 0300000001000000140000003679ca35668772304d30a5fb873b0fa77bb70d54090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080b000000010000006000000056006500720069005300690067006e00200055006e006900760065007200730061006c00200052006f006f0074002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000002000000001000000bd040000308204b9308203a1a0030201020210401ac46421b31321030ebbe4121ac51d300d06092a864886f70d01010b05003081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f72697479301e170d3038303430323030303030305a170d3337313230313233353935395a3081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c761375eb10134db62d7159bff585a8c2323d6608e91d79098837ae65819388cc5f6e56485b4a271fbedbdb9dacd4d00b4c82d73a5c76971951f393cb244079ce80efa4d4ac421df29618f32226182c5871f6e8c7c5f16205144d1704f57eae31ce3cc79ee58d80ec2b34593c02ce79a172b7b00377a413378e133e2f3101a7f872cbef6f5f742e2e5bf8762895f004bdfc5dde4754432413a1e716e69cb0b754608d1cad22b95d0cffbb9406b648c574dfc13117984ed5e54f6349f0801f3102506174adaf11d7a666b986066a4d9efd22e82f1f0ef09ea44c9156ae2036e33d3ac9f5500c7f6086a94b95fdce033f18460f95b2711b4fc16f2bb566a80258d0203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e04160414b677fa6948479f5312d5c2ea07327607d1970719300d06092a864886f70d01010b050003820101004af8f8b003e62c677be4947763cc6e4cf97d0e0ddcc8b935b9704f63fa24fa6c838c479d3b63f39af976329591b177bcac9abeb1e43121c68195565a0eb1c2d4b1a659acf163cbb84c1d59904aef9016281f5aae10fb8150380c6cccf13dc3f563e3b3e321c92439e9fd156646f41b11d04d73a37d46f93deda85f62d4f13ff8e074572b189d81b4c428da9497a570ebac1dbe0711f0d5dbdde58cf0d532b083e657e28fbfbea1aabf3d1db5d438ead7b05c3a4f6a3f8fc0666c63aae9d9a416f481d195140e7dcd9534d9d28f7073817b9c7ebd9861d845879890c5eb8630c635bff0ffc35588834bef05920671f2b89893b7eccd8261f138e64f97982a5a8d C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DA40188B9189A3EDEEAEDA97FE2F9DF5B7D18A41 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\76B76096DD145629AC7585D37063C1BC47861C8B\Blob = 03000000010000001400000076b76096dd145629ac7585d37063c1bc47861c8b09000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b060105050703090b000000010000002a00000055002e0053002e00200047006f007600650072006e006d0065006e00740020004600420043004100000020000000010000007e0300003082037a30820262a003020102021039e3815404c50ab247effef336cfc698300d06092a864886f70d0101050500304e310b300906035504061302757331183016060355040a130f552e532e20476f7665726e6d656e74310d300b060355040b130446424341311630140603550403130d436f6d6d6f6e20506f6c696379301e170d3034313030363138343530395a170d3130313030363138353335365a304e310b300906035504061302757331183016060355040a130f552e532e20476f7665726e6d656e74310d300b060355040b130446424341311630140603550403130d436f6d6d6f6e20506f6c69637930820122300d06092a864886f70d01010105000382010f003082010a0282010100cf267cb0694c7700caf4e3741994fb5a61af62e4bdc300e524a30126a0d4d6e3d1f9a678efebf40192a830902fca33a368822025d437b2ed1920b72916b30b59380744416108915f7142c5642a292e46ba0c32a51325e3d9debdf8c913908a5711b557487838b527d1ac85ca2af840f8257f9d4220e173db45fdd35a9abfdd47ee3e3e491800e4f6be5c882d782807ae5ed2d69be6bdfc2cba27f396be30fe20f8f7d9a80f7871c75323cdb0ac7f478ccf7126c11ac330249e08d3587425f216dfb0d0823735689989e1bd04a04e96629ec163b41a5152fcc9de2ff85ef57d8c6f1b41814dbb2853ae9b613f29eadcd0b7a9531daef5aa96d65c7793562a49530203010001a3543052300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604141e2c4bf9ec66a61e925f877903edd5c295b79583301006092b06010401823715010403020100300d06092a864886f70d010105050003820101006635cba17282e037ce9659be07cca97e171ad110c85d8c1dfa125cc77239a2e92c845860fe77f94d3b6b13eadedb3ee619f66c63847a056bee3a19cdb4ce4ee115314137638a347f9487c708a3f7cbf9b07b49e1e821d7a1c2e4f2a6ade7f34079a1e9ec7fa0248ac51b351ecaa3e079e687a3a3c67c39c649c2102eff97d26c7ed3bb0f1beb561a632cbcc31eb6b269c767edca4c2d9f0430a3e246520083d5d50a6bede9342090185484ba973c37918733eafa5c195b7c2c299a8d445874bb06316e89b4591179e09ad23c62413d4c3ae9b9a549c5008f0fa1775c3d46947a4a8e08312d257b086011acfb3aee77cc6d06ce43a5e902c9bde258ba087aad07 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\EC0C3716EA9EDFADD35DFBD55608E60A05D3CBF3\Blob = 0f00000001000000140000008c88fe8a33fd9c47f91820978b2dbbc97feda69f030000000100000014000000ec0c3716ea9edfadd35dfbd55608e60a05d3cbf3090000000100000016000000301406082b0601050507030406082b060105050703010b00000001000000460000004400530054002000280055006e0069007400650064002000500061007200630065006c00200053006500720076006900630065002900200052006f006f0074004300410000002000000001000000fc030000308203f8308202e0021100d01e408b0000027c0000000700000001300d06092a864886f70d01010505003081b9310b3009060355040613027573310d300b0603550408130455746168311730150603550407130e53616c74204c616b65204369747931243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311e301c060355040b1315556e697465642050617263656c2053657276696365311930170603550403131044535420285550532920526f6f7443413121301f06092a864886f70d010901161263614064696773696774727573742e636f6d301e170d3938313231303030323534365a170d3038313230373030323534365a3081b9310b3009060355040613027573310d300b0603550408130455746168311730150603550407130e53616c74204c616b65204369747931243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311e301c060355040b1315556e697465642050617263656c2053657276696365311930170603550403131044535420285550532920526f6f7443413121301f06092a864886f70d010901161263614064696773696774727573742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100ef17ecaf29e6d92b27c0db7b249f66f404a3c2ad0acab0cd842baa37f380a160ef428fe55d775f574254dd2bdb61b2715e937b6f5feb242be7a4f2ebf173b30b8df559d732dfac908e4e31ba254db60ca6f1e5af0ce1e56f520315c1dfbe7e4aa6a61846703fefa74da8dcf574d9617a403ca19428eac29488cb371505193c9562ba1c2dfb288cd1c89e923c5b11543b78d9473b9b2d4ae63e7b6bdff4f605cf28f6ba9836009e3c37850a9cdeb7a485c563fdb762146d171ecc8a8085423211b021e29d77c98016419eebe514897fb7c3bc4fc19f879b96ec63f6f990560e95a3230a8c64da9bbb1c77b04c5de6c8e8f57d792d57243fcce33d2c98cf129f170203010001300d06092a864886f70d01010505000382010100bb388e042226580e214456ccbd597c2968cb5c0fc886543f8178a7ad8fcc46f71c54b8792d5b72056ae821d0ec1d1dfea43451beeeedcecc9c1668e25d7573084331916a102b10c24b69f8c9ad98a8fdb8eff6abf05f21efcb856b09ed2f4866b56072c0e8a0c798db0ef71b738d34080a7bc57762aa30239bb01e8b809854dc0587b3a96259fc8bb7159aac44eccf351af70f2e5d924b01c87beea037ede41d820d99414317add4d5cae3f97d17a201d0300f40b9dcb904826983b6f90ffa0692f7a8f4d6171cf05e7fc429c8e6e1e2ff36682151aeffa9ba8492ad8a7b33d890d2c1796d33333974ac1b38719f2c0790ea1de0d3895fcbef148d2754a5bd46 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 1900000001000000100000004fca18b530ab2d3765b8830436884be60f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d9803000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e809000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b060105050703090b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d00490029000000140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d20000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0B77BEBBCB7AA24705DECC0FBD6A02FC7ABD9B52\Blob = 19000000010000001000000099c609a4f0f93d2014acb172372d9f3d0f0000000100000014000000b1af8f4a301480d7bca52f908f2001ee2577a6b10300000001000000140000000b77bebbcb7aa24705decc0fbd6a02fc7abd9b5209000000010000002a000000302806082b0601050507030406082b0601050507030206082b0601050507030306082b060105050703010b000000010000001200000056006500720069005300690067006e00000014000000010000001400000098e69d042e46a9cce320ac942eb6991bc9ab2f91200000000100000006030000308203023082026b021032888e9ad2f5eb1347f87fc4203725f8300d06092a864886f70d01010505003081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732034205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b301e170d3938303531383030303030305a170d3238303830313233353935395a3081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732034205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b30819f300d06092a864886f70d010101050003818d0030818902818100baf0e4cff9c4ae8554b90757f98fc57f6811f8c417b044dce33073d52a622ab8d0cc1ced285b7ebd6adcb39124ca41623cfc0201bf1c1631940597766ea2adbd61176c4e3086f051372a50c7a86281dc5b4aaac1a0b46eeb2fe557c5b12b4070db5a4da18e1fbd031fd803d48f4c9971bce282cc58e8983a86d38638f300291f0203010001300d06092a864886f70d010105050003818100858c12c1a7b950157acb3eacb8438adcaadd14ba89817e013c237121882f82dc63fa0245ac4559d72a58445bb79f813b92683de23724f57b6c8f76359609a8599db9ce23ab74d683fd327327d8693e4374f6aec5899ae7537ce97bf64bf3c16583de8d8a9c3c888d3959fcaa3f228da1c1665081724ced22644f4fca8091b629 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\293621028B20ED02F566C532D1D6ED909F45002F C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob = 1400000001000000140000007b5b45cfafcecb7afd31921a6ab6f346eb57485003000000010000001400000091c6d6ee3e8ac86384e548c299295c756c817b8109000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030b000000010000000e000000740068006100770074006500000053000000010000002500000030233021060b6086480186f8450107300130123010060a2b0601040182373c0101030200c00f000000010000001400000085fef11b4f47fe3952f98301c9f98976fefee0ce2000000001000000240400003082042030820308a0030201020210344ed55720d5edec49f42fce37db2b6d300d06092a864886f70d01010505003081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f74204341301e170d3036313131373030303030305a170d3336303731363233353935395a3081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100aca0f0fb8059d49cc7a4cf9da159730910450c0d2c6e68f16c5b4868495937fc0b3319c2777fcc102d95341ce6eb4d09a71cd2b8c9973602b789d4245f06c0cc4494948d02626feb5add118d289a5c8490107a0dbd74662f6a38a0e2d55444eb1d079f07ba6feee9fd4e0b29f53e84a001f19cabf81c7e89a4e8a1d871650da3517beebcd222600db95b9ddfbafc515b0baf98b2e92ee904e86287de2bc8d74ec14c641eddcf8758ba4a4fca68071d1c9d4ac6d52f91cc7c71721cc5c067eb32fdc9925c94da85c09bbf537d2b09f48c9d911f976a52cbde0936a477d87b875044d53e6e2969fb3949261e09a5807b402debe82785c9fe61fd7ee67c971dd59d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147b5b45cfafcecb7afd31921a6ab6f346eb574850300d06092a864886f70d010105050003820101007911c04bb391b6fcf0e967d40d6e45be55e893d2ce033fedda25b01d57cb1e3a76a04cec5076e864720ca4a9f1b88bd6d68784bb32e54111c077d9b3609deb1bd5d16e4444a9a601ec55621d77b85c8e48497c9c3b5711acad73378e2f785c906847d96060e6fc073d222017c4f716e9c4d872f9c8737cdf162f15a93efd6a27b6a1eb5aba981fd5e34d640a9d13c861baf5391c87bab8bd7b227ff6feac4079e5ac106f3d8f1b79768bc437b3211884e53600eb632099b9e9fe3304bb41c8c102f94463209e81ce42d3d63f2c76d3639c59dd8fa6e10ea02e41f72e9547cfbcfd33f3f60b617e7e912b8147c22730eea7105d378f5c392be404f07b8d568c68 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5922A1E15AEA163521F898396A4646B0441B0FA9\Blob = 140000000100000014000000b3037eae36bcb079d1dc9426b611be21b26986940b00000001000000400000004f004900530054004500200057004900530065004b0065007900200047006c006f00620061006c00200052006f006f0074002000470041002000430041000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080300000001000000140000005922a1e15aea163521f898396a4646b0441b0fa90f0000000100000014000000fdbad1afbcbb45744a7dec7b998bd6266412640c2000000001000000f5030000308203f1308202d9a0030201020210413d72c7f46b1f81437df1d22854df9a300d06092a864886f70d010105050030818a310b30090603550406130243483110300e060355040a1307574953654b6579311b3019060355040b1312436f7079726967687420286329203230303531223020060355040b13194f4953544520466f756e646174696f6e20456e646f72736564312830260603550403131f4f4953544520574953654b657920476c6f62616c20526f6f74204741204341301e170d3035313231313136303334345a170d3337313231313136303935315a30818a310b30090603550406130243483110300e060355040a1307574953654b6579311b3019060355040b1312436f7079726967687420286329203230303531223020060355040b13194f4953544520466f756e646174696f6e20456e646f72736564312830260603550403131f4f4953544520574953654b657920476c6f62616c20526f6f7420474120434130820122300d06092a864886f70d01010105000382010f003082010a0282010100cb4fb3009b3d36ddf9d1496a6b10491fecd82bb2c6f832812943954c9a1923211545dee3c81c51555bae93e837ff2b6be9d4eabe2adda8512bd766c3615c6002c8f5ce727b3bb8f24e65089acda46a19c101bb73a6d7f6c3ddcdbca48bb59961b801a2a3d44dd4053d91adf8b4087164af70f11c6b7ef6c3779d24737be40c8ce1d936e1998b05990bed453109cac200dbf772a096aa9587d08ec7b661730d76668cdc1bb463a29f7f931330f1a127dbd9ff2c558891a0e04f07b028568c181b97448e89dde0176ee72aef8f390a318482d84014492e7a41e4a7fee364ccc159714b2c21a75b7de01dd12e819bc3d868f7bd961bac70b116140bdb60b92601050203010001a351304f300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b3037eae36bcb079d1dc9426b611be21b2698694301006092b06010401823715010403020100300d06092a864886f70d010105050003820101004ba1ff0b876eb3f9c143b148f328c01d2ec90941fa94001ca4a4ab494f8f3d1eef4d6fbdbca4f6f22630c910ca1d88fb74191f8545bdb06c51f9367edbf54c323a414f5b47cfe80b2db6c4199d74c547c63b6a0fac14db3cf4739ca905df00dc7478faf83560590213187cbcfb4db0206d43bb60307a67335cc599d1f82d395273fb8caa97255c72d9081eab4e3ce381319f03a6fbc0fe298855da84d55003b6e284a3a636aa113a01e1184bd64468b33df9537484b34691469600b7802cb6e1e310e2dba2e7288f019662163e00e31ca5368118a24c5276c011a36ee61dbae35abe3653c53e758f8669295853b59cbb6f9f5cc518ecdd2fe198c9fcbedf0a0d C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\36B12B49F9819ED74C9EBC380FC6568F5DACB2F7\Blob = 140000000100000014000000a073499968dc855b65e39b282f579fbd33bc074853000000010000002400000030223020060a2a83088c9b1b6485510130123010060a2b0601040182373c0101030200c00b00000001000000360000005300450043004f004d002000540072007500730074002000530079007300740065006d007300200043004f0020004c0054004400000009000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b0601050507030903000000010000001400000036b12b49f9819ed74c9ebc380fc6568f5dacb2f70f00000001000000140000009a680178cfa26912ab0dfa84d27d892aa023588120000000010000005e0300003082035a30820242a003020102020100300d06092a864886f70d01010505003050310b3009060355040613024a5031183016060355040a130f5345434f4d2054727573742e6e657431273025060355040b131e536563757269747920436f6d6d756e69636174696f6e20526f6f74434131301e170d3033303933303034323034395a170d3233303933303034323034395a3050310b3009060355040613024a5031183016060355040a130f5345434f4d2054727573742e6e657431273025060355040b131e536563757269747920436f6d6d756e69636174696f6e20526f6f7443413130820122300d06092a864886f70d01010105000382010f003082010a0282010100b3b3fe7fd36db1ef167c57a50c6d768a2f4bbf64fb4cee8af0f3297cf5ffee2ae0e9e9ba5b64229a9a6f2c3a266951059926dcd51c6a71c69a7d1e9ddd7c6cc68c67674a3ef871b01927a9090ca695bf4b8c0cfa55983bd8e822a14b713879ac979269b3897eea21680698149687d26136bc6d27569e57eec0c056fd32cfa4d98ec223d78da8f3d825ac97e47038f4b63ab49d3b972643a3a1bc4959724c2330870158f64ebe1c685666afcd415dc8b34d2a5546ab1fda1ee2403ddbcd7db992809c37dd0c96649ddc22f7648bdf61de15945215a07d52c94ba821c9c6b1edcbc39560d10ff0ab70f8dfcb4d7eecd6faabd9bd7f54f2a5e979fad9d6762428730203010001a33f303d301d0603551d0e04160414a073499968dc855b65e39b282f579fbd33bc0748300b0603551d0f040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d010105050003820101006840a9a8bbe44f5d79b305b517b36013ebc6925de0d1d36afefbbe9b6dbfc7056d5920c41cf0b7da84580263fa4816ef4fa50bf74a98f23f9e1bad476b63ce0847eb523f789caf4daef8d54fcf9a982a10413952c4ddd99b0eef9301aeb22eca684224426cb0b33a3ecde9da48c415cbe9f9070f9250498add31975fc9e937aa3b5965979432c9b39f3e3a6258c549ad620e71a532aa2fc6897643401313673da2542510cbf13af2d9fadb4956bba6fea74135c3e08861c988c7df3610229859eab04afb5616736eac4df722a14fad1d7a2d4527e530c15ef2da13cb2542519547038c6c21cc7442ed53ff338b8f0f5701162fcfa6eec9702214bdfdbe6c0b03 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\293621028B20ED02F566C532D1D6ED909F45002F C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\FAAA27B8CAF5FDF5CDA98AC3378572E04CE8F2E0 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B72FFF92D2CE43DE0A8D4C548C503726A81E2B93 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\96974CD6B663A7184526B1D648AD815CF51E801A\Blob = 0f0000000100000010000000db218beb278d60edba636823cbbe4cc50b000000010000001200000056006500720069005300690067006e000000090000000100000016000000301406082b0601050507030406082b0601050507030303000000010000001400000096974cd6b663a7184526b1d648ad815cf51e801a20000000010000004502000030820241308201aa021100caf6c1f570e2e9036b73fc06921c2af1300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20496e646976696475616c20536f667477617265205075626c697368657273204341301e170d3936303430393030303030305a170d3034303130373233353935395a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20496e646976696475616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c17aca65a72dd50f4f6c4732f8737786e53df26f7990b5de4fd21479334bb20e46fd88722ac2fc649e618f6bc05be8f01104da7aba72f6ec5daffbf197f114d228e328855c7bbd8aa27fc233b56d0b92780b387174857f3dbab92fefbe27480d3822c956308d77fa5d2c5a9c97ce7030e9515fa68be49596a5a01777f193b8290203010001300d06092a864886f70d010102050003818100c08f9fd77f0e26f747fd657b63920646cce05e4b8158b397ec05181315d697102a7ff856add80e7abf274845079f2522ac7012066937805858d88a345a07c627dac6fb9eb17d6420804ff4a1157b1961afc6abc02665fe8c07873f1ac48eb24044107e2c617afeada3c8beccbd5eaaafacc5bf1167582a32f325ddb67443c07c C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4313BB96F1D5869BC14E6A92F6CFF63469878237\Blob = 190000000100000010000000aaf8c3517da7375ccbb3065955f913470f00000001000000140000006d705b892247d3bd3eec85a6632a78376c4445d40b000000010000002e000000540065006c006900610053006f006e00650072006100200052006f006f0074002000430041002000760031000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030806082b060105050703030300000001000000140000004313bb96f1d5869bc14e6a92f6cff63469878237140000000100000014000000f08f593800b3f58f9a960cd5ebfa7baa17e8131220000000010000003c0500003082053830820320a00302010202110095be16a0f72e46f17b398272fa8bcd96300d06092a864886f70d0101050500303731143012060355040a0c0b54656c6961536f6e657261311f301d06035504030c1654656c6961536f6e65726120526f6f74204341207631301e170d3037313031383132303035305a170d3332313031383132303035305a303731143012060355040a0c0b54656c6961536f6e657261311f301d06035504030c1654656c6961536f6e65726120526f6f7420434120763130820222300d06092a864886f70d01010105000382020f003082020a0282020100c2beeb27f021a3f36926557e9dc55516915cfdef21bf53807a2dd2918c6331f0ec24f0c3a5d2727c106df437b7e5e67c79ea8cb5828bae48b6ac00dc6575ec2a4d5fc187f520652b81a8473e8923953016907fe8570748e719aebf4567b1371b062afedef9ac7d83fb5ebae48f9767be4b8e8d64075738556934363d1348ef4fe2d3661ea4cf1ab75e3633d4b406bd1801fd7784500045f58c5de823bc7efe35e1ed507ba9308d19d3098e68675dbf3c971853bb2962c5ca5e72c1c796d4db2da0b41f6903eceae250f10c3cf0acf3532df01cf5ed6c3939738016c852b023cde03edcdd3c47a0bb358ae298688bbee5bf72eed2faa5ed12edfc9818a92676dc284b10201cd37f16772ded6f80f749bb5305bb5d68c7d4c875163f895a8bf71747d44cf1d289793e4d3d98a861de3a1ed2f85e03e0c1c91c8cd38d4dd39536b3375f63639b3314f02d266b537c898c32c26eec3d210039c9a168e250832eb03a2bf336a0ac2fe46f61c25109393e8b53b9bb67dadc53b97659369d43e520e03d3260852251b7c733bbdd152fa478a6077b8146360486dd7935c7952c3bb0a31735e5731fb45c59efdaea10657b7ad07f9fb3b42a373b708b9b5bb92bb7ecb251129753295ad4f01210dc4f02bb12922f62d43f69437c0dd6fc587501889d58164bdeba90ff470189066af65fb2906ab302a60288bfb3477e2ad9d5fa6878354d0203010001a33f303d300f0603551d130101ff040530030101ff300b0603551d0f040403020106301d0603551d0e04160414f08f593800b3f58f9a960cd5ebfa7baa17e81312300d06092a864886f70d01010505000382020100bee45c624e24f40c08fff0d30c68e49349223f44276fbb6dde8366cea8cc0dfcf59a06e5771491eb9d417b992a84e5fffc21c15df0e41f57b775a9a15f0226ffd7c7f74ede4ff8f71c46c07a4f402c2235f019b1d06b672cb0a8e0c0403735f6845c5ce3af4278fea7c90d50ea0d8476f651ef8353c67aff0e56492e8f7ad60ce62754e34d0a607262cd9107d6a5bfc8996bedc419e6ab4c1138c56f31e26e49c83f768026032629e036f6f62053e3177034179d63681e6becc34d86b813302f5d460d4743d51baa590eb95c8d0648ad74875fc7fc31544113e2c7210e9ee01e0de1c07b438590c58a58c6650a7857f2c6230f01d9204bde0ffb9285752a5c738d6d7b2591caee45ae064b00ccd3b15950da3a883b2943465e972b54ce536f8d4ae796fabf710e428b7cfd28a0d048cadac4814cbba2739326c8eb0cd62688b6c024cfbbbd5beb757de9088e86332c79770969a589fcb3709087768fd322bb42cebd730b20262ad09b3d701e246ccd8776a91796b7cf0d92fb8e18a99849d19efe60447221b919edc2f531f13948889024755416adcef4f869146439fba3b8ba7040c7271cbfc45653fa6365d0f31c0e16f56b86584d18d4e40d8ea59d5b91dc7624503fc62afbd9b79cb5d6e6d0d9e8198b157148adb7ead85988d490bf16b3d9e9ac596154c81cbacac1cae1b9204c8f3a9389a5a0ccbfd3f675a475966d56 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\720FC15DDC27D456D098FABF3CDD78D31EF5A8DA C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3E42A18706BD0C9CCF594750D2E4D6AB0048FDC4 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8EB03FC3CF7BB292866268B751223DB5103405CB\Blob = 0b000000010000006c0000004a006100700061006e002000430065007200740069006600690063006100740069006f006e002000530065007200760069006300650073002c00200049006e0063002e0020005300650063007500720065005300690067006e00200052006f006f0074004300410033000000090000000100000016000000301406082b0601050507030406082b060105050703010300000001000000140000008eb03fc3cf7bb292866268b751223db5103405cb20000000010000002d030000308203293082021102085f60585f00000000300d06092a864886f70d01010505003057310b3009060355040613024a50312b3029060355040a13224a6170616e2043657274696669636174696f6e2053657276696365732c20496e632e311b3019060355040313125365637572655369676e20526f6f74434133301e170d3939303931353135303030315a170d3230303931353134353935395a3057310b3009060355040613024a50312b3029060355040a13224a6170616e2043657274696669636174696f6e2053657276696365732c20496e632e311b3019060355040313125365637572655369676e20526f6f7443413330820122300d06092a864886f70d01010105000382010f003082010a0282010100995e1e8096662364ce9c8c003e0aaf08e9b804e084b86d53754d36a8b5e0d78c4e6055b603979b5a1aa7f3ba3dd99a9431767423c9f7ec125dd820d41de91ba23776040f3eac16693be1ff102f5625e433501309cc4e0eabf0e475db71d5fc4acdeddb0f350515d5b0667b427b26e559e2b5c7c0b2c7a143fd0f2f0b8325255781bbbbd13530749190b28f9f68d5d243b7b245a923c056d88712d373fecb59eaaffce71f5e54451caa6d9593624742415e4feb36070e2878540a7cc0c32413860302b9ac76924a5addc5dcecf8b3db2bb51b36e778824c957e2056b2751c7d97ef7f943829a200e2d1eab1e33436314058b8aab7ce811a0c17810dfdebb8d3bd0203010001300d06092a864886f70d010105050003820101008e9884d61b8d81acd0037ae839bc4de5126aafaa7260317f1a2c7a617e3c4c9c1c6a5c4cd13d96590b2f91b1adf3e1a8d29fc18b76dc8fac30a9b02bda65d6a38edc504b564d42454a121d61952b9a9d8264155df5fbc016b3370f03aa1b8055390046d294882e2cb4cdab5bb5e9cb9be65f30bed0745e9b102f80753f09f92ee1661f596ced6f2e3e3ba7249034bbe490a74bc82f79295f36681e1d1a156ae0df2b8141c63b4a4691bfca937be1912c2d3c075f02ac7b9e4e0dad3e5ce41c68229fcf81b17b6f98cda138f3d4892543844f4ee26e5e24245d94c239cfa5f9716018fa4ac9e4007c5efd8952b76d8277786fad45c672d1804da50543edcbe2b3 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\68ED18B309CD5291C0D3357C1D1141BF883866B1 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5F3B8CF2F810B37D78B4CEEC1919C37334B9C774 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7FBB6ACD7E0AB438DAAF6FD50210D007C6C0829C C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E0925E18C7765E22DABD9427529DA6AF4E066428 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\78E9DD0650624DB9CB36B50767F209B843BE15B3\Blob = 0f00000001000000100000000a847af1bfcc7e73c55ee55ff03da4e00b000000010000001200000056006500720069005300690067006e000000090000000100000016000000301406082b0601050507030406082b0601050507030203000000010000001400000078e9dd0650624db9cb36b50767f209b843be15b32000000001000000400200003082023c308201a50210325033cf50d156f35c81ad655c4fc825300d06092a864886f70d0101020500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732031205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3230303130373233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732031205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100e519bf6da356612d994871f667deb98debb79e86800a910efa3825af468882e573a8a09b245d0d1fcc656e0cb0d0568418879a069b10a173dfb458396b6ec1f615d5a8a83faa12068d31ac7fb034d78f34678809cd1411e24e4556691f780280dadc479129bb36c9635cc5e0d72d877ba1b732b07b30ba2a2f31aaeea367dadb0203010001300d06092a864886f70d0101020500038181004b4466606864e4981bf3b072e695897cdd7bb395c01d2ed8d819d02d343dc6509a10868caa3f3ba804fc375295c3d9c9dbcdf28606c4b11bf0828830428e17501c647ab83e99497497fcac0243fb960c5604250c7c7c879d24a7d8f03229b5a4df5da24cc51632a842f645a6b636b9e0bf653693c2d2d76bdcde59d6a235f845 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob = 140000000100000014000000c07a98688d89fbab05640c117daa7d65b8cacc4e0b0000000100000026000000470065006f0054007200750073007400200047006c006f00620061006c002000430041000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308030000000100000014000000de28f4a4ffe5b92fa3c503d1a349a7f9962a82120f0000000100000014000000f6d2ef0341d7f1baa1de015024af0d8221ef716e200000000100000058030000308203543082023ca0030201020203023456300d06092a864886f70d01010505003042310b300906035504061302555331163014060355040a130d47656f547275737420496e632e311b30190603550403131247656f547275737420476c6f62616c204341301e170d3032303532313034303030305a170d3232303532313034303030305a3042310b300906035504061302555331163014060355040a130d47656f547275737420496e632e311b30190603550403131247656f547275737420476c6f62616c20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100dacc186330fdf417231a567e5bdf3c6c38e471b77891d4bca1d84cf8a843b603e94d21070888da582f663929bd05788b9d38e805b76a7e71a4e6c460a6b0ef80e489280f9e25d6ed83f3ada691c798c9421835149dad9846922e4fcaf18743c11695572d50ef892d807a57adf2ee5f6bd2008db914f8141535d9c046a37b72c891bfc9552bcdd0973e9c2664ccdfce831971ca4ee6d4d57ba919cd55dec8ecd25e3853e55c4f8c2dfe502336fc66e6cb8ea4391900b7950239910b0efe382ed11d059af64d3e6f0f071daf2c1e8f6039e2fa36531339d45e262bdb3da814bd32eb180328520471e5ab333de138bb073684629c79ea1630f45fc02be8716be4f90203010001a3533051300f0603551d130101ff040530030101ff301d0603551d0e04160414c07a98688d89fbab05640c117daa7d65b8cacc4e301f0603551d23041830168014c07a98688d89fbab05640c117daa7d65b8cacc4e300d06092a864886f70d0101050500038201010035e3296ae52f5d548e2950949f991a14e48f782a6294a227679ed0cf1a5e47e9c1b2a4cfdd411a054e9b4bee4a6f5552b324a1370aeb64762a2e2cf3fd3b7590bffa71d8c73d37d2b5059562b9a6de893d367b38774897aca6208f2ea6c90cc2b2994500c7ce11512222e0a5eab615480964ea5e4f74f7053ec78a520cdb15b4bd6d9be5c6b15468a9e36990b69aa50fb8b93f207dae4ab5b89ce41db6abe694a5c1c783addbf527870e046cd5ffdda05ded8752b72b1502ae39a66a74e9dac4e7bc4d341ea95c4d335f92092f88665d7797c71d7613a9d5e5f116091135d5acdb2471702c98560bd917b4d1e3512b5e75e8d5d0dc4f34edc2056680a1cbe633 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b0000000100000014000000550053004500520054007200750073007400000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\C9321DE6B5A82666CF6971A18A56F2D3A8675602\Blob = 0b000000010000001e00000045002d004d00450020005300530049002000280052004300410029000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308030000000100000014000000c9321de6b5a82666cf6971a18a56f2d3a86756022000000001000000e4050000308205e0308203c8a00302010202102eefdbfbd8893d8f491c9372fe45dfed300d06092a864886f70d01010505003050310b3009060355040613024c5631283026060355040b131f536572746966696b6163696a61732070616b616c706f6a756d752064616c61311730150603550403130e452d4d4520535349202852434129301e170d3039303531393038343535365a170d3237303531393038343831355a3050310b3009060355040613024c5631283026060355040b131f536572746966696b6163696a61732070616b616c706f6a756d752064616c61311730150603550403130e452d4d452053534920285243412930820222300d06092a864886f70d01010105000382020f003082020a0282020100c4046b00c3b0e02e3be853050508bec8842755d61d8a12e217225a6cffb3ddb699c3cac1eaf9d825b5df3a9d9d3f52c5e9f2acbf89748a54ae4ecf6ef25eaedabd12079995cf64abfe999164598cc9be446a319b98eabaead1210e280b399be3d68aa6f702ba3f3dd959f47999ded3249b8b701b2a84d6e5090f262624588f255ef3c59d7489a536c5e552b2ebe88693476ea72987a47edcb4a3cb3256f74580da5cc72fa0a7d7eff5fcb5a8cd849562f8a92b233b6dd3b792c8eac1bc144de86b9c167ad3ec07fb0725104f14877b9236ce5682654b132606d8a3a3a6dfc27afb7b3505a2133d3e76bc1c57830351c734de5af53cbd36259c160f4dcee80d1acb5d43a2146fba7c60d4028576c56b2ab845b15c774711ada025a966918c51176d61550a193f9b02ffc4f5d6d2b3e92553e1043d8f22d0a265e5aea7b4e01d916ac28692f73a5d13a77a4c42df5ab34a88442cef47baa9afd6cf62738a0622162cc2ec1f06a8d34750593212e5b99d62359eca5e0ab49d2388c2d34f2c2cc993e87eb809eca6d9dd63e1c9a86a68dc8451ac5a12e73ba6b5070ab1aa4eb3b4a257df376c164eab99327af09c23258bca9aa88ce03821b4cef76c61c8e20c1259068126365a0f3573d41645fdde95ded64b5c9f73d9be19bde7bfe4556ac86b44f7c7b8338879190d0664e8af0ba1750c5265ba0a239571f763fc7ee58c8fccd10203010001a381b53081b2300e0603551d0f0101ff040403020106301806082b06010505070103040c300a3008060604008e460101300f0603551d130101ff040530030101ff301d0603551d0e041604143b2603bacfe359464250ad149cbf033befd63e31301006092b0601040182371501040302010030440603551d20043d303b3039060b2b0601040181fa3d010101302a302806082b06010505070201161c687474703a2f2f7777772e656d652e6c762f7265706f7369746f7279300d06092a864886f70d0101050500038202010085e6a694e4d9465f9dbf93bbf96b766428aebf3c452a8a93796cd34b8886206b2226383d1c13aaeb61976c2e3e579c6c43a2de6d40c431f26dba4616b32dc6bba6dce52fb1d8c1d5911e117ffb5fa1dc1d61f86d9b61f0e23f2b71d50dcbdedf653fa06f959b7acbdb3537295d5e9db954b1ac6012e563d9cdaf521b0596137cda247501add49ea5cbc112454f57af23bf29bcea8ead78f88723e848cb40a8be5d33d6ecc60643c2672ae8e3852e609e442f2b4f31b1079d9521d52a92af8091d3c729bdcdf1150c9f01eef82d3ba40770497924edbca1d39651829fc2c8bcde239ac7502b9ab67852aace95f6603ba299f92666f4472c4125bc41fad68b7fbd5f827cd34585b44cd8ecb317ef443af52865eff59e71cc21dee8d6511c10fb40fc49e55c8417afaa195ea2ed4e1ea2fbca471c1c643e1491a2391934887f91cb3b9d1970ea28fbfc500fccbd3d5e02036b7935444176eeb62d7484e18271d325b0d3c39944ab3fe20ca5eebda6fca41100ee9cbd37d1d662c430142d100a978a88f5253c96be46401a8ac08576c4a049e049a5e719b509f3cc4ded165e9ad4d3c869d0d88a37856b4ee4aa07925cd471718148d378f55660fecc02d400931f4c924097be7253792e2652bea6a374b194d914633a6e5bd13c92275290325a92d20f4e5b0b063a62e5d6270c01f62502b88b102942a9f769cadceb0a924b283186 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3C71D70E35A5DAA8B2E3812DC3677417F5990DF3 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\67248980DE775D2C9B04E40307940BADB351F395 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob = 1900000001000000100000000b6cd9778e41ad67fd6be0a6903710440f00000001000000140000001e427a3639cce4c27e94b1777964ca289a722cad0b000000010000000e000000430065007200740075006d00000009000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b060105050703090300000001000000140000006252dc40f71143a22fde9ef7348e064251b181181400000001000000140000006daa9b0987c4d0d422ed4007374d19f191ffded32000000001000000100300003082030c308201f4a0030201020203010020300d06092a864886f70d0101050500303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d204341301e170d3032303631313130343633395a170d3237303631313130343633395a303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ceb1c12ed34f7ccd25ce183e4fc48c6f806a73c85b51f89bd2dcbb005cb1a0fc7503ee81f088ee2352e9e615338dac2d09c576f92b398089e4974b90a5a878f873437ba461b0d858cce16c667e9cf3095e556384d5a8eff3b12e3068b3c43cd8ac6e8d995a904e34dc369a8f818850b76d964209f3d795830d414bb06a6bf8fc0f7e629f67c4ed265f10260f084ff0a45728ce8fb8ed45f66eee255daa6e39bee4932fd947a072ebfaa65bafca533fe20ec69656116ef7e966a926d87f9553ed0a8588ba4f29a5428c5eb6fc852000aa680ba11a85019cc446638288b622b1eefeaa46597ecf352cd5b6da5df748331454b6ebd96fcecd88d6ab1bda963b1d590203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100b88dceefe714bacfeeb044926cb4393ea2846eadb82177d2d4778287e6204181eee2f811b763d11737be1976241c041a4ceb3daa676f2dd4cdfe653170c51ba6020aba607b6d58c29a49fe63320b6be33ac0acab3bb0e8d309518c1083c634e0c52be01ab66014276c32778cbcb27298cfcdcc3fb9c8244214d657fce62643a91de58090ce0354283ef73fd3f84ded6a0a3a93139b3b142313639c3fd1872779e54c51e301ad855d1a3bb1d57310a4d3f2bc6e64f55a5690a8c70e4c740f2e713bf7c847f4696f15f2115e831e9c7c52aefd02da12a8596718dbbc70dd9bb169ed80ce8940486a0e35ca29661521942ce8602a9b854a40f36b8a24ec06162c73 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\34D499426F9FC2BB27B075BAB682AAE5EFFCBA74\Blob = 0b000000010000003c00000053006500630072006500740061007200690061002000640065002000450063006f006e006f006d006900610020004d0065007800690063006f000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b0601050507030703000000010000001400000034d499426f9fc2bb27b075bab682aae5effcba74200000000100000098050000308205943082047ca003020102020101300d06092a864886f70d010105050030820131311730150603550407130e416c7661726f204f627265676f6e3119301706035504081310446973747269746f204665646572616c310b3009060355040613024d58310e300c060355041113053031303330311d301b06035504091314496e73757267656e74657320537572203139343031423040060355040313394175746f726964616420436572746966696361646f7261205261697a206465206c6120536563726574617269612064652045636f6e6f6d696131343032060355040b132b446972656363696f6e2047656e6572616c206465204e6f726d6174697669646164204d657263616e74696c311f301d060355040a1316536563726574617269612064652045636f6e6f6d69613124302206092a864886f70d010901161561637273654065636f6e6f6d69612e676f622e6d78301e170d3035303530383030303030305a170d3235303530383030303030305a30820131311730150603550407130e416c7661726f204f627265676f6e3119301706035504081310446973747269746f204665646572616c310b3009060355040613024d58310e300c060355041113053031303330311d301b06035504091314496e73757267656e74657320537572203139343031423040060355040313394175746f726964616420436572746966696361646f7261205261697a206465206c6120536563726574617269612064652045636f6e6f6d696131343032060355040b132b446972656363696f6e2047656e6572616c206465204e6f726d6174697669646164204d657263616e74696c311f301d060355040a1316536563726574617269612064652045636f6e6f6d69613124302206092a864886f70d010901161561637273654065636f6e6f6d69612e676f622e6d7830820122300d06092a864886f70d01010105000382010f003082010a0282010100c164a0f4e75270b2ea9313f4353a1fea3a1cc51b8b58e196d602415e8e8540ff41664053fc98b5d13232976740809dee203f0e54fb4207fb771a99d886f41c2a8825f3e944a34efe07beb1c8ef3c8d87e01eca49103b28ef2451a1fc88174ae71cc8546763e86a31e6436cf6401186c456eebdc91da6463c1e46c2828d2ea9e8ee760a43e0724d8cf4c506fa2c01003360ce3870346b171aeb7a6461a793a4656ad723c7767a94510bec9ea8cf3ba250321c42bd63e187cbb985480ec0d558b6f6ce4bf207cfe304d51fc2d6a36ea3bbb6b76ec4f1a21f16bcb62db0eff45a9b298dbce1fc075b1e09338278cc406d71b363132fd34c36ac394fc6c1b0b6f5850203010001a381b23081af30330603551d1f042c302a3028a026a0248622687474703a2f2f61632e65636f6e6f6d69612e676f622e6d782f6c6173742e63726c30470603551d200440303e303c0608608364650a823c013030302e06082b060105050702011622687474703a2f2f61632e65636f6e6f6d69612e676f622e6d782f6370732e68746d6c300f0603551d130101ff040530030101ff300b0603551d0f040403020106301106096086480186f8420101040403020007300d06092a864886f70d010105050003820101004c2a785304967360ab35acc0c4e3e7c870a5292f8718e5a882de07d508f4cf9e3d9efc4a2c167c9fa29d6510ccc11b9b6a67dab2b31dffcd647a3863ad48fdf372e1fa9fbb57ddbfccc254d8953c66d76b06baafa9e06d08efa4b6903d0c6e2017a796a77c684a9c98c4076fc1026291389b9de38a79539d9f247625f6ad285606aaef07acbaf66ce425317d88803a7846f879e138e013e7612947f3cb1400d3dae2dded73df4bf263e426d875d04d43149016944701ffa1594be4769b5903ded617f67bd75cf8e9e36fc84ee04726b1e29c7c4a31e56411e0b05fda9136481ffa098a6568f50ec29fefb86acf77fe12ed36da1136ad196ac2d48e52d768ef31 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1CBCA5DB2D52A7F693B674DE5F05A1D0C957DF0\Blob = 0f00000001000000300000000b043572c899dec43efd590cfce610cf443a6315925ebfe589f7506907e44824608489581c7ca0e041458514cf157614030000000100000014000000d1cbca5db2d52a7f693b674de5f05a1d0c957df0090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b0000000100000014000000550053004500520054007200750073007400000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c02000000001000000930200003082028f30820215a00302010202105c8b99c55a94c5d27156decd8980cc26300a06082a8648ce3d040303308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374204543432043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374204543432043657274696669636174696f6e20417574686f726974793076301006072a8648ce3d020106052b81040022036200041aac545aa9f96823e77ad5246f53c65ad84babc6d5b6d1e67371aedd9cd60c61fddba08903b80514ec57ceee5d3fe221b3cef7d48a79e0a3837e2d97d061c4f199dc259163ab7f30a3b470e2c7a1339cf3bf2e5c53b15fb37d327f8a34e37979a3423040301d0603551d0e041604143ae10986d4cf19c29676744976dce035c663639a300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300a06082a8648ce3d040303036800306502303667a11608dce49700411d4ebee16301cf3baa421164a09d94390211795c7b1dfa64b9ee1642b3bf8ac209c4ece4b14d023100e92a61478c524a4b4e1870f6d644d66ef583ba6d58bd24d95648eaefc4a24681886a3a46d1a99b4dc961dad15d576a18 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B80186D1EB9C86A54104CF3054F34C52B7E558C6\Blob = 0f00000001000000140000007dc305dfeecbc204ad650e5bcaf99c84ac749c3f53000000010000002600000030243022060c6086480186fd64010102040130123010060a2b0601040182373c0101030200c00b0000000100000014000000540072007500730074007700610076006500000009000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b06010505070309030000000100000014000000b80186d1eb9c86a54104cf3054f34c52b7e558c62000000001000000340400003082043030820318a003020102021050946cec18ead59c4dd597ef758fa0ad300d06092a864886f70d0101050500308182310b3009060355040613025553311e301c060355040b13157777772e7872616d7073656375726974792e636f6d31243022060355040a131b5852616d7020536563757269747920536572766963657320496e63312d302b060355040313245852616d7020476c6f62616c2043657274696669636174696f6e20417574686f72697479301e170d3034313130313137313430345a170d3335303130313035333731395a308182310b3009060355040613025553311e301c060355040b13157777772e7872616d7073656375726974792e636f6d31243022060355040a131b5852616d7020536563757269747920536572766963657320496e63312d302b060355040313245852616d7020476c6f62616c2043657274696669636174696f6e20417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010098241ebd15b4badfc78ca527b6380b69f3b64ea82c2e211d5c44df215d7e2374fe5e7eb44ab7a6ad1faee00616e29b5bd967746b5d808f299d861bd99c0d986d76102858e465b07f4a98799fe0c3317e802bb58cc0403b1186d0cba2863660a4d530826dd96ed00f120433975f4f615af0e4f991abe71d3bbce8cff46b2d347ce248611c8ef36144cc6fa04aa994b04ddae7a9347a7238a841cc3c94117debc8a68cb786cbca333bd93d378bfb7a3e862ce773d70a57ac649b19ebf40f04088aac03171964f45a25228d342cb2f6681d126dd38a1e14dac48fa6e22385d57a0dbd6ae0e9ecec17bb421b67aa25ed458321fcc1c97cd5623efaf2c52dd3fdd4650203010001a3819f30819c301306092b060104018237140204061e0400430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c64fa23d066384099cce62e404ac8d5cb5e9b61b30360603551d1f042f302d302ba029a0278625687474703a2f2f63726c2e7872616d7073656375726974792e636f6d2f584743412e63726c301006092b06010401823715010403020101300d06092a864886f70d0101050500038201010091153903011b67fb4a1cf90a605ba1da4d9762f9245327d782644e902ec3491b2b9adcfca8786735f11df011bdb748e310f60ddf3fd2c9b6aa55a448ba02dbde592e155b3b9d167d47d737ea5f4d761236bb1fd7a181044620a32c6da99e017e3f29ce0093dffdc992738989649ee72be41c912cd2b9ce7dce6f3199d3e6bed21e90f00914795c23ab4dd2da211f4d99799de1cf279f109b1c880db08a644131b80e6c9024a49b5c718fbabb7e1c1bdb6a800f21bce9dba6b740f4b28ba9b1e4ef9a1ad03d6999eea828a3e13cb3f0b2119ccf7c40e6dde7437da2d83ab5a98df23499c4d410e106fd0984103beec44cf4ec277c42c2747c828a09c9b40325bc C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\EC93DE083C93D933A986B3D5CDE25ACB2FEECF8E\Blob = 140000000100000014000000e6a11383fe974bf2d8ff31a1a7743389ce5e7fa4030000000100000014000000ec93de083c93d933a986b3d5cde25acb2feecf8e090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b000000010000005e0000004e00650074004c006f0063006b00200050006c006100740069006e0061002000280043006c00610073007300200050006c006100740069006e0075006d002900200046005101740061006e00fa007300ed0074007600e1006e00790000000f0000000100000020000000f908c630a787ea72d2e2a66b3569a32eeb9194d35c3d0f6e2c2f32fa16a6e6ee2000000001000000250600003082062130820409a003020102020649412dec0010300d06092a864886f70d01010b05003081ad310b30090603550406130248553111300f06035504070c08427564617065737431153013060355040a0c0c4e65744c6f636b204b66742e31373035060355040b0c2e54616ec3ba73c3ad7476c3a16e796b696164c3b36b202843657274696669636174696f6e20536572766963657329313b303906035504030c324e65744c6f636b20506c6174696e612028436c61737320506c6174696e756d292046c59174616ec3ba73c3ad7476c3a16e79301e170d3038313231313135313234345a170d3238313230363135313234345a3081ad310b30090603550406130248553111300f06035504070c08427564617065737431153013060355040a0c0c4e65744c6f636b204b66742e31373035060355040b0c2e54616ec3ba73c3ad7476c3a16e796b696164c3b36b202843657274696669636174696f6e20536572766963657329313b303906035504030c324e65744c6f636b20506c6174696e612028436c61737320506c6174696e756d292046c59174616ec3ba73c3ad7476c3a16e7930820222300d06092a864886f70d01010105000382020f003082020a0282020100cdf2eec41a7aeb74294cb6bde4d60a176c65e2663dc4d1bc0cb65ad62b705f2dcc21d15910e4b113bdf6cc2295d66c464e9132b3ebf5accb04014f76dd533e789ff95ebcb5821346ca10e31d2d692b9432107321aba938c5e36e1364d563a9ed0966ec8a6f898d1186d0f5bf32960b7570f52858425eac69b4f5fc91392ea29140d13c5441872364504879684b68934b72eb8069b34a1c90beb241a3a5cd17c0d11a697f02184ab5628726572d6ca82c2139f5975e9b9aa6f8e74c79c47b3b56dc7af8b458ce760aae2255eb8fc784647bbd6bca954fd8be3113bf8da10a2bd579b7f576adda515c814762a8aaffcf53e03471cf0d2553a99e6347af8591f8cf1911e54ef9cfede33505012203cf9a7cea1d515acbfd733d390b31ebc43bca852a111400a01b81a2098848f37ca264a1ec67b45887f014eaa9bea522414decbda40ee83d87f72faace35864f3057928d36ae78d6fd18fcd7251ecf7afc19fda03f72173608413f9736950c89957145fa84d6d42060b3450af2b7953d0be5a4c3b812f2916ce96d6083f6451105bae64783d991e26ee1bb466b481bbcc6fbcf7ede2cbb9084eeb62739e78da2310fdf81b72c6c00e2b1d82a175c1b1e47894b17511440404fc4391832c2806036e57a4767f6a80554c15d96a01fb688520c02be8d557e144bc3a201ee9c8a415df95f9691098eb4e4b5c504dfd636ad59b4b2d7020300f391a345304330120603551d130101ff040830060101ff020104300e0603551d0f0101ff040403020106301d0603551d0e04160414e6a11383fe974bf2d8ff31a1a7743389ce5e7fa4300d06092a864886f70d01010b05000382020100698442c0e35e1361972049f1f41685a59fa4110825c463868ff04bafb329f507571a62c71b456eaf5d16b7c1d064833b97f543b64590f1662a83242aff88e97a0bf9c25b7aaf63f70978864859345e9b6a104ef16e9589364a68d06f9be07e4fb7350fe379b105af277caa890a43defa0cefd9572f2871cd696b5242c98a304559a1ccfa594a8ff7d6dd44a5b32e5b1118e2b2b5e7115338fe824cd373be65921a3aa8d2d2aabcd4be6d3652ff6bd4d2b51b37f31742f12ea7d5906c749d74f5fa5f221bd3dc75a8b5fff21ad1bc2b005c3cc5b886085449a29c23fbefa68d70f442524d1b200081f8a0b8f474239cbef4b90eec1e6ad8654a1575f1775b6ed8b1e60fb496b81dfa86c8926e8be97ddfa20ed5f1f17cae4ae366bf5dfc5bef48b29e69c77d90a055b6947081b90abd897553ec84a903a5df519908d0740c02d67372067b8bbb5daa4efc6767d88e1003192d373ad477a93a1c9dc0797b6c2977324d4a8b3088c2e736ce68a39a9886f989159ebfaa517df15046540f022e5c9fe3de573315fe189261a8d229055d65441e9be3effbdc05df15aba6d80ba473b24c3ae09ed4b36ae53a0e0af04ecf78811fbea9986fb147517d423336b3a6a9025205747e2a6cd4aa9256b03e3b2358b18d35a7138f671e7115a6b3b50386b82066c0486fb9acd44a0355b237df04dd220c53862a4a2aa1c1383e3ce53cdf7597 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\C9321DE6B5A82666CF6971A18A56F2D3A8675602\Blob = 1400000001000000140000003b2603bacfe359464250ad149cbf033befd63e310b000000010000001e00000045002d004d00450020005300530049002000280052004300410029000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308030000000100000014000000c9321de6b5a82666cf6971a18a56f2d3a86756020f0000000100000014000000dade06769a15956e024d13665b3abe47fe28a1962000000001000000e4050000308205e0308203c8a00302010202102eefdbfbd8893d8f491c9372fe45dfed300d06092a864886f70d01010505003050310b3009060355040613024c5631283026060355040b131f536572746966696b6163696a61732070616b616c706f6a756d752064616c61311730150603550403130e452d4d4520535349202852434129301e170d3039303531393038343535365a170d3237303531393038343831355a3050310b3009060355040613024c5631283026060355040b131f536572746966696b6163696a61732070616b616c706f6a756d752064616c61311730150603550403130e452d4d452053534920285243412930820222300d06092a864886f70d01010105000382020f003082020a0282020100c4046b00c3b0e02e3be853050508bec8842755d61d8a12e217225a6cffb3ddb699c3cac1eaf9d825b5df3a9d9d3f52c5e9f2acbf89748a54ae4ecf6ef25eaedabd12079995cf64abfe999164598cc9be446a319b98eabaead1210e280b399be3d68aa6f702ba3f3dd959f47999ded3249b8b701b2a84d6e5090f262624588f255ef3c59d7489a536c5e552b2ebe88693476ea72987a47edcb4a3cb3256f74580da5cc72fa0a7d7eff5fcb5a8cd849562f8a92b233b6dd3b792c8eac1bc144de86b9c167ad3ec07fb0725104f14877b9236ce5682654b132606d8a3a3a6dfc27afb7b3505a2133d3e76bc1c57830351c734de5af53cbd36259c160f4dcee80d1acb5d43a2146fba7c60d4028576c56b2ab845b15c774711ada025a966918c51176d61550a193f9b02ffc4f5d6d2b3e92553e1043d8f22d0a265e5aea7b4e01d916ac28692f73a5d13a77a4c42df5ab34a88442cef47baa9afd6cf62738a0622162cc2ec1f06a8d34750593212e5b99d62359eca5e0ab49d2388c2d34f2c2cc993e87eb809eca6d9dd63e1c9a86a68dc8451ac5a12e73ba6b5070ab1aa4eb3b4a257df376c164eab99327af09c23258bca9aa88ce03821b4cef76c61c8e20c1259068126365a0f3573d41645fdde95ded64b5c9f73d9be19bde7bfe4556ac86b44f7c7b8338879190d0664e8af0ba1750c5265ba0a239571f763fc7ee58c8fccd10203010001a381b53081b2300e0603551d0f0101ff040403020106301806082b06010505070103040c300a3008060604008e460101300f0603551d130101ff040530030101ff301d0603551d0e041604143b2603bacfe359464250ad149cbf033befd63e31301006092b0601040182371501040302010030440603551d20043d303b3039060b2b0601040181fa3d010101302a302806082b06010505070201161c687474703a2f2f7777772e656d652e6c762f7265706f7369746f7279300d06092a864886f70d0101050500038202010085e6a694e4d9465f9dbf93bbf96b766428aebf3c452a8a93796cd34b8886206b2226383d1c13aaeb61976c2e3e579c6c43a2de6d40c431f26dba4616b32dc6bba6dce52fb1d8c1d5911e117ffb5fa1dc1d61f86d9b61f0e23f2b71d50dcbdedf653fa06f959b7acbdb3537295d5e9db954b1ac6012e563d9cdaf521b0596137cda247501add49ea5cbc112454f57af23bf29bcea8ead78f88723e848cb40a8be5d33d6ecc60643c2672ae8e3852e609e442f2b4f31b1079d9521d52a92af8091d3c729bdcdf1150c9f01eef82d3ba40770497924edbca1d39651829fc2c8bcde239ac7502b9ab67852aace95f6603ba299f92666f4472c4125bc41fad68b7fbd5f827cd34585b44cd8ecb317ef443af52865eff59e71cc21dee8d6511c10fb40fc49e55c8417afaa195ea2ed4e1ea2fbca471c1c643e1491a2391934887f91cb3b9d1970ea28fbfc500fccbd3d5e02036b7935444176eeb62d7484e18271d325b0d3c39944ab3fe20ca5eebda6fca41100ee9cbd37d1d662c430142d100a978a88f5253c96be46401a8ac08576c4a049e049a5e719b509f3cc4ded165e9ad4d3c869d0d88a37856b4ee4aa07925cd471718148d378f55660fecc02d400931f4c924097be7253792e2652bea6a374b194d914633a6e5bd13c92275290325a92d20f4e5b0b063a62e5d6270c01f62502b88b102942a9f769cadceb0a924b283186 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8025EFF46E70C8D472246584FE403B8A8D6ADBF5\Blob = 1900000001000000100000002cf804f587eb328708a71ad97204a4370f00000001000000140000002beee4c82f7f140fe80ee5269da60ba6d3d2c2ae0300000001000000140000008025eff46e70c8d472246584fe403b8a8d6adbf5090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080b000000010000003a00000054004300200054007200750073007400430065006e00740065007200200043006c00610073007300200033002000430041002000490049000000140000000100000014000000d4a2fc9fb3c3d803d3575c07a4d024a7c0f200d42000000001000000ae040000308204aa30820392a003020102020e4a4700010002e5a05dd63f0051bf300d06092a864886f70d01010505003076310b3009060355040613024445311c301a060355040a1313544320547275737443656e74657220476d624831223020060355040b1319544320547275737443656e74657220436c6173732033204341312530230603550403131c544320547275737443656e74657220436c6173732033204341204949301e170d3036303131323134343135375a170d3235313233313232353935395a3076310b3009060355040613024445311c301a060355040a1313544320547275737443656e74657220476d624831223020060355040b1319544320547275737443656e74657220436c6173732033204341312530230603550403131c544320547275737443656e74657220436c617373203320434120494930820122300d06092a864886f70d01010105000382010f003082010a0282010100b4e0bb51bb395c8b04c54c791c23863110634355273fc645c7a43dec090d1a1e20c2561ede1b370730222f6ff106f1abadd6c8ab61a32f43c4b0b22dfcc396697b7e8ae4ccc03912904260c9cc3568eeda5f90565fcd1c4d5b5849eb0e014f64fa2c3c8958d82f2ee2b068e9223b7589d6441a65f21b97261d286dace8bd591d2b24f6d68403668824007860f1f8abfe02b26bfb22fb35e616d1adf62e12e4fa356ae519b95ddb3b1e1afbd3ff151408d8096aba459d1479607daf408a0773b39396d374348d3a3729de5cecf5ee2e31c220dcbef14f7f2352d95be264d99caa0708b545bdd1d031c1ab549fa9d2c3626003f1bb394a924a3d0ab99dc5a0fe370203010001a382013430820130300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414d4a2fc9fb3c3d803d3575c07a4d024a7c0f200d43081ed0603551d1f0481e53081e23081dfa081dca081d98635687474703a2f2f7777772e747275737463656e7465722e64652f63726c2f76322f74635f636c6173735f335f63615f49492e63726c86819f6c6461703a2f2f7777772e747275737463656e7465722e64652f434e3d5443253230547275737443656e746572253230436c61737325323033253230434125323049492c4f3d5443253230547275737443656e746572253230476d62482c4f553d726f6f7463657274732c44433d747275737463656e7465722c44433d64653f63657274696669636174655265766f636174696f6e4c6973743f626173653f300d06092a864886f70d010105050003820101003660e470f7062043d9231a42f2f8a3b2b94d8ab4f3c29a55317cc43b679ab4df4d0e8a934a178b1b8dca89e1cf3a1eac1df19c32b48e5976a241852537a013d0f57c4ed5ea96e26e72c1bb2afe6c6ef8919846fcc91b575beac81a3b3fb051983c07da2c5901da8b44e8e174fda768dd54ba8346ecc846b5f8af97c03b091c8fce72963d335670bc96cbd8d57d209a839f1adc39f1c572a31103fd3b425229dbe801f79b5e8cd68d864e19fabc1cbec521a5879e782e36db0971a37234f86ce30609f25e56a5d3dd98fad4e606f4f0b620634bea29bdaa82661efb81aaa737ad1318e692c381c133bb881ea1e7e2b4bd316c0e513d6ffb965680e23617d1dce4 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F\Blob = 03000000010000001400000085371ca6e550143dce2803471bde3a09e8f8770f09000000010000002a000000302806082b0601050507030406082b0601050507030206082b0601050507030306082b060105050703010b000000010000001200000056006500720069005300690067006e000000200000000100000006030000308203023082026b02107dd9fe07cfa81eb7107967fba78934c6300d06092a864886f70d01010505003081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b301e170d3938303531383030303030305a170d3238303830313233353935395a3081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b30819f300d06092a864886f70d010101050003818d0030818902818100cc5ed1115d5c69d0abd3b96a4c991f5998308e168520466d473fd4852084e16db3f8a4ed0cf1170f3bf9a7f925d7c1cf8463f27c63cfa247f2c65b338e64400468c180b9641c4577c7d86ef595293c50e834d7781fa8ba6d4391958f45575e7ec5fbcaa404ebea973754306fbb01473233cddc579b646961f89b1d1c894f5c670203010001300d06092a864886f70d010105050003818100514dcdbe5ccb98199c15b20139782e4d0f67707099c6105a94a4534d546d2baf0d5d408b64d3d7eede5661925fa6c41d106136d32c273ce82909b9116474ccb5739f1c48a9bc6101eee217a60ce340083b0ee7eb44732a9af16992ef7114c339ac71a791096fe47106b3ba5957267900f6f80da2333028d4aa58a09d9d6991fd C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\30779E9315022E94856A3FF8BCF815B082F9AEFD C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\23E594945195F2414803B4D564D2A3A3F5D88B8C\Blob = 1400000001000000140000000715286d7073aab28a7c0f86ce38930038058ab10b000000010000000e0000007400680061007700740065000000090000000100000016000000301406082b0601050507030106082b0601050507030303000000010000001400000023e594945195f2414803b4d564d2a3a3f5d88b8c0f00000001000000100000001015676c3b5dedec330183a43e1fcca2200000000100000017030000308203133082027ca003020102020101300d06092a864886f70d01010405003081c4310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311d301b060355040a131454686177746520436f6e73756c74696e6720636331283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3119301706035504031310546861777465205365727665722043413126302406092a864886f70d01090116177365727665722d6365727473407468617774652e636f6d301e170d3936303830313030303030305a170d3230313233313233353935395a3081c4310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311d301b060355040a131454686177746520436f6e73756c74696e6720636331283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3119301706035504031310546861777465205365727665722043413126302406092a864886f70d01090116177365727665722d6365727473407468617774652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d3a4506ec8ff566be6cf5db6ea0c687547a2aac2da8425fca8f44751da85b5207494861e0f75c9e90861f5066d306e151902e952c062db4d999ee26a0c4438cdfebee3640970c5feb16b29b62f49c83bd427042510972fe7906dc0284299d74c43dec3f5216d549f5dc358e1c0e4d95bb0b8dcb47bdf363ac2b5662212d6870d0203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010405000381810007fa4c695cfb95cc46ee85834d21308ecad9a86f491ae6da51e360706c846111a11ac8483e59437d4f953da18bb70b62987a758add884e4e9e40dba8cc3274b96f0dc6e3b3440bd98a6f9a299b9918283bd1e340289a5a3cd5b5e7201b8bcaa4ab8de951d9e24c2c59a9dab9b2751bf642f2efc7f218f989bca3ff8a232e7047 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0B77BEBBCB7AA24705DECC0FBD6A02FC7ABD9B52\Blob = 14000000010000001400000098e69d042e46a9cce320ac942eb6991bc9ab2f910b000000010000001200000056006500720069005300690067006e00000009000000010000002a000000302806082b0601050507030406082b0601050507030206082b0601050507030306082b060105050703010300000001000000140000000b77bebbcb7aa24705decc0fbd6a02fc7abd9b520f0000000100000014000000b1af8f4a301480d7bca52f908f2001ee2577a6b1200000000100000006030000308203023082026b021032888e9ad2f5eb1347f87fc4203725f8300d06092a864886f70d01010505003081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732034205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b301e170d3938303531383030303030305a170d3238303830313233353935395a3081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732034205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b30819f300d06092a864886f70d010101050003818d0030818902818100baf0e4cff9c4ae8554b90757f98fc57f6811f8c417b044dce33073d52a622ab8d0cc1ced285b7ebd6adcb39124ca41623cfc0201bf1c1631940597766ea2adbd61176c4e3086f051372a50c7a86281dc5b4aaac1a0b46eeb2fe557c5b12b4070db5a4da18e1fbd031fd803d48f4c9971bce282cc58e8983a86d38638f300291f0203010001300d06092a864886f70d010105050003818100858c12c1a7b950157acb3eacb8438adcaadd14ba89817e013c237121882f82dc63fa0245ac4559d72a58445bb79f813b92683de23724f57b6c8f76359609a8599db9ce23ab74d683fd327327d8693e4374f6aec5899ae7537ce97bf64bf3c16583de8d8a9c3c888d3959fcaa3f228da1c1665081724ced22644f4fca8091b629 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4ABDEEEC950D359C89AEC752A12C5B29F6D6AA0C\Blob = 1900000001000000100000008f6b72e6ddc37f1878078f4ed3a326690f00000001000000140000006036808a80bcff19f1aecc97fbaaf2ff618cba820300000001000000140000004abdeeec950d359c89aec752a12c5b29f6d6aa0c090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b000000010000003e00000047006c006f00620061006c0020004300680061006d006200650072007300690067006e00200052006f006f00740020002d0020003200300030003800000053000000010000002700000030253023060d2b0601040181872e0a080c010230123010060a2b0601040182373c0101030200c0140000000100000014000000b909ca9c1edbd36c3a6baeed54f15b9306352e5e20000000010000004d0700003082074930820531a003020102020900c9cdd3e9d57d23ce300d06092a864886f70d01010505003081ac310b3009060355040613024555314330410603550407133a4d616472696420287365652063757272656e742061646472657373206174207777772e63616d65726669726d612e636f6d2f61646472657373293112301006035504051309413832373433323837311b3019060355040a131241432043616d65726669726d6120532e412e312730250603550403131e476c6f62616c204368616d6265727369676e20526f6f74202d2032303038301e170d3038303830313132333134305a170d3338303733313132333134305a3081ac310b3009060355040613024555314330410603550407133a4d616472696420287365652063757272656e742061646472657373206174207777772e63616d65726669726d612e636f6d2f61646472657373293112301006035504051309413832373433323837311b3019060355040a131241432043616d65726669726d6120532e412e312730250603550403131e476c6f62616c204368616d6265727369676e20526f6f74202d203230303830820222300d06092a864886f70d01010105000382020f003082020a0282020100c0df56d3e43a9b7645b413dbffc1b6198b374118955247eb179d29888e356c06322e4762f34904bf7d4436b171ccbd5a0973d5d98544ff915725df5e368e70d15c71431dd9daef5cd2fb1bbd3ab5cbada3cc44a70dae21153fb97a5b9275d8a4123889198ab780d2e2326f569c91d688100bb37464927460f3f6cf184f60b223d0c73bce614b998fc20cd040b298dc0da84ea3b90aae60a0ad455263ba66bd68e0f9be1aa881bb1e417875d3c1fe0055b08754e82790351d4c33ad97fc972e9884bf2cc9a3bfd1981114ed63f8ca9888581799ed4503977e3c861e888cbef291848f6534d8004c7db731175a297a0a182430a337b57aa9017d26d6f90e8e59f1fd1b33b5293b173b41b621ddd4c03da59f9f1f4350c9bbbc6c7a9798eecd8c1ffb9c51ae8b70bd279f71c06bac7d9066e8d75d3a0db0d5c28dd5c89d9dc16dd0d0bf51e4e3f8c33836aed6a775e6af84435d93920c6a07de3b1d9822d6acc135dba3a025ff72b5761dde6de92c662c5284d04592ce1ce5e5331ddc075354a3aa823b9a372fdcdda064e9e6ddbdaefc64851d3ca7c906de84ff6be86b1a3cc5a2b342fb8b093e5f0852c762c4d40571bfc464e4f8a183e83e129ba81ed4364d2f71f68d28f683a913d261c191bb48c0348f418c4b4cdb6912ff50949c20835973ed7ca1f2f1fdddf749d34358a05663ca3d3de5355659e90eca20cc2b4b93290f0203010001a382016a3082016630120603551d130101ff040830060101ff02010c301d0603551d0e04160414b909ca9c1edbd36c3a6baeed54f15b9306352e5e3081e10603551d230481d93081d68014b909ca9c1edbd36c3a6baeed54f15b9306352e5ea181b2a481af3081ac310b3009060355040613024555314330410603550407133a4d616472696420287365652063757272656e742061646472657373206174207777772e63616d65726669726d612e636f6d2f61646472657373293112301006035504051309413832373433323837311b3019060355040a131241432043616d65726669726d6120532e412e312730250603550403131e476c6f62616c204368616d6265727369676e20526f6f74202d2032303038820900c9cdd3e9d57d23ce300e0603551d0f0101ff040403020106303d0603551d200436303430320604551d2000302a302806082b06010505070201161c687474703a2f2f706f6c6963792e63616d65726669726d612e636f6d300d06092a864886f70d0101050500038202010080887f70de9228d9059446ff9057a9f12fdf1a0d6bfa7c0e1c49247927d846aa6f295952887012eadd3df59b53546fe160a2a809b9eceb597cc635f1dc18e9f167e5afba45e009deca440fc2170e7791457a335f5f962c688bc1478f989b3dc0eccbf5d582928435d1be36385672315b472daa17a46351eb0a01ad7fec759ecba11ff17f12b1b9e4647f67d6232af4b8395d98e821a7e1bd3d421a749a70af686c505d49cffffb0e5de62c47d7813a5900b5736b6320f6314508390ef4707e40705a3fd06b42a9743d282f026d757295098d4863c6c6235792935e35c18df90af72c9d621cf6ad7cdda6311eb6b1c77e8526faa46ab5da6330d1ef9337b2662f7d05f7e7b74b989435c0d93a29c19db250331d4aa95aa6c903efedf4e7a86e8ab45784eba43fd0eeaaaa875b63e893e26ba8d4b872786b1bed39e45dcb9baa87d54f4e00fed96a9f3c310f2802017d98e8a7b0a2649e79f848f215a9cce6c844eb3f7899f27b713e3cf198a7c518123fe6bb283342e9450a7c6df286792fc582197d09897cb2547688aedec1f3cce16edb31d693ae99a0ef256a7398895b3a2e13881ebfc09294341be327b78b1e6f42ffe7e9379b501d2da2f902eecb58583a71bc68e3aac1af1c281fa2dc23653f81eaae99d3d830cf130d4f15c984bca7482df8302377d8464b796df68ced3a7f601178f4e99baed554c07480d10b429fc1 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7E206939CC5FA883635F64C750EBF5FDA9AEE653 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3B1EFD3A66EA28B16697394703A72CA340A05BD5\Blob = 0f000000010000002000000008fba831c08544208f5208686b991ca1b2cfc510e7301784ddf1eb5bf03932390300000001000000140000003b1efd3a66ea28b16697394703a72ca340a05bd50b00000001000000540000004d006900630072006f0073006f0066007400200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003100300000002000000001000000f1050000308205ed308203d5a003020102021028cc3a25bfba44ac449a9b586b4339aa300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303130301e170d3130303632333231353732345a170d3335303632333232303430315a308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f72697479203230313030820222300d06092a864886f70d01010105000382020f003082020a0282020100b9089e28e4e4ec064e5068b341c57bebaeb68eaf81ba22441f6534694cbe704017f2167be279fd86ed0d39f41ba8ad92901ecb3d768f5ad9b591102e3c058d8a6d2454e71fed56ad83b4509c15a51774885920fc08c58476d368d46f2878ce5cb8f3509044ffe3635fbea19a2c961504d607fe1e8421e0423111c4283694cf50a4629ec9d6ab7100b25b0ce696d40a2496f5ffc6d5b71bd7cbb72162af12dca15d37e31afb1a4698c09bc0e7631f2a0893027e1e6a8ef29f1889e42285a2b1845740fff50ed86f9cede2453101cd17e97fb08145e3aa214026a172aaa74f3c01057eee8358b15e06639962917882b70d930c246ab41bdb27ec5f95043f934a30f59718b3a7f919a793331d01c8db22525cd725c946f9a2fb875943be9b62b18d2d86441a46ac78617e3009faae89c4412a2266039139459cc78b0ca8ca0d2ffb52ea0cf76333239dfeb01fad67d6a75003c6047063b52cb1865a43b7fbaef96e296e21214126068cc9c3eeb0c28593a1b985d9e6326c4b4c3fd65da3e5b59d77c39cc055b77400e3b838ab839750e19a42241dc6c0a330d11a5ac85234f773f1c7181f33ad7aeccb4160f3239420c24845ac5c51c62e80c2e27715bd8587ed369d9691ee00b5a370ec9fe38d80688376baaf5d70522216e266fbbab3c5c2f73e2f77a6cadec1a6c6484cc3375123d327d7b84e7096f0a14476af78cf9ae166130203010001a351304f300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414d5f656cb8fe8a25c6268d13d94905bd7ce9a18c4301006092b06010401823715010403020100300d06092a864886f70d01010b05000382020100aca5968cbfbbaea6f6d7718743315688fd1c32715b35b7d4f091f2af37e214f1f30226053e16147f14bab84ffb89b2b2e7d409cc6db95b3b64657066b7f2b15adf1a02f3f551b8676d79f3bf567be484b92b1e9b409c2634f947189869d81cd7b6d1bf8f61c267c4b5ef60438e101b3649e420caada7c1b1276509f8cdf55b2ad08433f3ef1ff2f59c0b589337a075a0de72de6c752a6622f58c0630569f40b930aa40771582d78becc0d3b2bd83c5770c1eaeaf1953a04d79719f0faf30ce67f9d62ccc22417a07f2974218ce59791055de6f10e4b8da836640160968235b972e269a02bb578cc5b8ba69623280899ea1fdc0927c7b2b3319842a63c5006862fa9f478d997a453aa7e9edee6942b5f3819b4756107bfc7036841873eaeff9974d9e3323dd260bba2ab73f44dc8327ffbd61592b11b7ca4fdbc58b0c1c31ae32f8f8b942f77fdc619a76b15a04e1113d6645b71871bec92485d6f3d4ba41345d122d25b98da613486d4bb0077d99930961817457268aab69e3e4d9c788cc24d8ec52245c1ebc9114e296deeb0ada9edd5fb35bdbd482ecc620508725403afbc7eecdfe33e56ec3840955032539c0e9355d6531a8f6bfa009cd29c7b336322edc95f383c15acf8b8df6eab321f8a4ed1e310eb64c11ab600ba412232217a3366482910412e0ab6f1ecb500561b440ff598671d1d533697ca9738a38d7640cf169 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\FA0882595F9CA6A11ECCBEAF65C764C0CCC311D0 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E1A45B141A21DA1A79F41A42A961D669CD0634C1\Blob = 1400000001000000140000004b019b3e561a653676cb7b97aa9205ee32e728310b000000010000001600000043006f006d005300690067006e00200043004100000009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303030000000100000014000000e1a45b141a21da1a79f41a42a961d669cd0634c10f00000001000000140000000437efce6c464d17fbe4da5db1552a44d69dbf1f200000000100000097030000308203933082027ba00302010202101413968314558cea7b63e5fc34877744300d06092a864886f70d01010505003034311330110603550403130a436f6d5369676e2043413110300e060355040a1307436f6d5369676e310b300906035504061302494c301e170d3034303332343131333231385a170d3239303331393135303231385a3034311330110603550403130a436f6d5369676e2043413110300e060355040a1307436f6d5369676e310b300906035504061302494c30820122300d06092a864886f70d01010105000382010f003082010a0282010100f0e454692bd3c78f6a44e47e5827f80bd0e494128af11b38382f1f319c06d42ca7de0b2aae1aa0e39e6abf9f3cc76ea2f98b646c3aad85555154a53855b8ab8304f23f6436f7c08d43436a66d1f7172ad5ef36fa301042d753cdf9fa33734cb3e984208ad6412735e438fa949bb87ae4791f33fb1bd82109287c4d18695e648a7a1993ca7eecf372e73707585928ac42f9c5ffcd3fe7a5fa38b1d00cc7d9521a53d681cc427a355bed4b3a7af6b58eccff0f7ce46036872fadf0a1257dffd24b11887054a641a8675352425ee4349ee4bea3ecaa625dddc34ca68241e4330bacc9330f6482572afd0cad36e10cae4bc5ef3b99d923b35b5db457ec74700c2a4f0203010001a381a030819d300c0603551d13040530030101ff303d0603551d1f043630343032a030a02e862c687474703a2f2f66656469722e636f6d7369676e2e636f2e696c2f63726c2f436f6d5369676e43412e63726c300e0603551d0f0101ff040403020186301f0603551d230418301680144b019b3e561a653676cb7b97aa9205ee32e72831301d0603551d0e041604144b019b3e561a653676cb7b97aa9205ee32e72831300d06092a864886f70d01010505000382010100d0d9a57efe2960459d7e83cf6ebc476ef51a9e54764271b43c583f2d402542f6819cf18910c80eaa784f380957b03cc008fc358ef148518d0c7174ba84c4d7729b847c384e6406272ae1a7b5ec0899b40a0dd48573c812e135edf105311d73990ceb96caddd3e685aaf08afb75c1f2093c656564f34cd8adcb8869f3e483b70cbd175a9617ca5bffadbb1ce92d8480d821be8552d9d474b96985ba4ded2832ebf9614ae4c4361e19dc6f84111f95f5832818a833924327dd5d1304454f87d546cd3da8baf0f3b8562445eb37c7e1764f723918df7e7472c7732d39ea60e6ad11a256877bc3689afef88c70a8df6532f4a4408ca1c244030e940067a071008248 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B72FFF92D2CE43DE0A8D4C548C503726A81E2B93\Blob = 1900000001000000100000007c8e1304ab7484ebb4bab9eebbc4cd2d0f0000000100000014000000c6d62908148da43de8b8f6f8eeadc17dd0a8aac3030000000100000014000000b72fff92d2ce43de0a8d4c548c503726a81e2b93090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001c000000440053005400200052006f006f0074004300410020005800310000001400000001000000140000001dea652c00eda3222321f906de8e78c082130d2f2000000001000000dc030000308203d8308202c0021100d01e408b0000027c0000000200000001300d06092a864886f70d01010505003081a9310b3009060355040613027573310d300b0603550408130455746168311730150603550407130e53616c74204c616b65204369747931243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e3111300f060355040b13084453544341205831311630140603550403130d44535420526f6f7443412058313121301f06092a864886f70d010901161263614064696773696774727573742e636f6d301e170d3938313230313138313835355a170d3038313132383138313835355a3081a9310b3009060355040613027573310d300b0603550408130455746168311730150603550407130e53616c74204c616b65204369747931243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e3111300f060355040b13084453544341205831311630140603550403130d44535420526f6f7443412058313121301f06092a864886f70d010901161263614064696773696774727573742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d2c626b6e7a53dc1c468d5506f53c56f491309b8af2c488d146aa3175f5af9d32e752fd82862d1932ffc4dd4ab87e508c799e7923f75bdeb25b415c19b193dd2448dd774206d37028f69935b8ac4199df4b20efc166cb9b1059283d1852c60943e4555a0d9ab0821e660e83b74f299505168d0032db180bea3d852b044cd434a708e588595e14e2cd62d416fd684e7c89844ca47db2c24a56926cf6bb82762c3f4c97a9223ed136782ae452e45e57e723f859d946210e63c91a1ad7700e015ecf38480727a8e6e6097c724591034835be1a5a469b657351c7859c6d32f3a7367ee94ca04130562067023b3f47cee45d9640b5b49aaa443ce26c444126cb8dd790203010001300d06092a864886f70d01010505000382010100a237b23f69fbd7867954493195332bf3d1091449626086a5b011e250c21d06573e2de83364be9baaad5f1b4dd49995a28b9ac96272b569ead958ab35ed15a243d6b6bc07796564737dd779ca7bd55a51c6e15304968d38cfa317ac39716b01c38b533c63e9ee79c0e4be9232647ab31f979462bdeab2201595fb97f2782f63364038e3460f1dddac95cae74b907bb14ba9d4c5eb9adaaad5a39414468d2d1ff33ad6933af63e79fce8e6b075edee3dc970c75daa814b46251cc76c15e3954e0faa3237940a172492138458d2636f2bf7e65b620b1317b00d524cfefe6f5ce2916e1dfda462d768fa8e7a4fd208da93dcf092117ad0dc72930c7393628568d0f4 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\ED8DC8386C4886AEEE079158AAC3BFE658E394B4 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6A6F2A8B6E2615088DF59CD24C402418AE42A3F1\Blob = 140000000100000014000000cd1742be54a4b5fad1a8c0364af084016c2a552e0300000001000000140000006a6f2a8b6e2615088df59cd24c402418ae42a3f109000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703080b000000010000005200000065005300690067006e0020004100750073007400720061006c00690061003a0020005000720069006d0061007200790020005500740069006c00690074007900200052006f006f00740020004300410000000f00000001000000100000008a8bfd6c0a8fd126c88d19cfd24f481f2000000001000000a8030000308203a43082028ca00302010202106f1c92c453004145ca9f7d896f1823e0300d06092a864886f70d0101040500305d31183016060355040a130f655369676e204175737472616c6961311f301d060355040b13165075626c6963205365637572652053657276696365733120301e060355040313175072696d617279205574696c69747920526f6f74204341301e170d3032303532343030303030305a170d3132303532333233353935395a305d31183016060355040a130f655369676e204175737472616c6961311f301d060355040b13165075626c6963205365637572652053657276696365733120301e060355040313175072696d617279205574696c69747920526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100a46daef21df44173ae6fc5c44466f3bcb1da860dc675444d467c17c467a707b47c55e30e50f6966741bf8d0603919e0fa7234da76e7de4f899489c7bb4e693a5ecf3ba9254d15aa58ba8698861bb6e60c531a63657ad8e678c0eba25818048d464a5baa046862a259de33ddc1b5a2c0c44352e56e36c7dcd87183b147d2b8f76425d99297d3d4ca5540bc20235854fcdc69e727071ca6b9278cbb87b8e9e3ec2e6a133c571df2d68f58f44f7fe0810d5a0387f914472406a0f049d0f262580390adf19e30b5c1270d5b96016b8945ade34f622ae3ba755a68ec0fbff7d39f7167d4a42f361c96089ee279703af350f602bf0e46e8fde45ecc7940f4e4d13165f0203010001a360305e300f0603551d13040830060101ff020108300b0603551d0f040403020106301d0603551d0e04160414cd1742be54a4b5fad1a8c0364af084016c2a552e301f0603551d23041830168014cd1742be54a4b5fad1a8c0364af084016c2a552e300d06092a864886f70d01010405000382010100070a3943ecce382c0af0a82d1256c3e5dfa0d79a24bff9a9f606b2eff4b786e01ba3705bba9204bd54f3e5d90c73b3112e7ba4c8d37495a04ce0f32d17dcef17ce37e78e9d92593c7f1231e2412d92f8228ffcd9cfe2939860b2c27dac5ea5abfefa05d1f11a1e484c70ffaaa7038d4f73d24b166ce1e3cefa594e3c1fd7acca91020a8df595efc1344929778bf77a53f70e64e4fd5f80b3e3dee89bbd91df5fb22254ae8ebdc28b9470a571b24d5f3bc628ef5c652a20429e5108fec509316a3942dce0166bc797cf9a5f3264e94aa120c449731747d883e64e34d859c262c720d76d11272e1e24ffb1186dcaf215c97f98cb6058758124a3c961ccbb508ba9 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0456F23D1E9C43AECB0D807F1C0647551A05F456\Blob = 140000000100000014000000ccbbbb86d66ff8beb4472277b3b6add70159964d0b00000001000000540000004e004c00420020004e006f007600610020004c006a00750062006c006a0061006e0073006b0061002000420061006e006b006100200064002e0064002e0020004c006a00750062006c006a0061006e0061000000090000000100000056000000305406082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a0304060a2b0601040182370a030c06082b060105050703090300000001000000140000000456f23d1e9c43aecb0d807f1c0647551a05f4560f000000010000001400000062e76b5fc689d75ec27f690a55691934058abd982000000001000000bb030000308203b73082029fa00302010202043ec3868e300d06092a864886f70d0101050500301d310b3009060355040613025349310e300c060355040a130541434e4c42301e170d3033303531353131353234355a170d3233303531353132323234355a301d310b3009060355040613025349310e300c060355040a130541434e4c4230820122300d06092a864886f70d01010105000382010f003082010a0282010100bf76753d0c7c403a665f4d8cfbdd3c2efe7d9464ed4ad44948a1ee9171b279c88e2b1faaf032b428b2a3c2754fa4e9a61af6a266612327612c6e17900bfade1e71520229049979acc0b0c066989811376410cf9cbc3b421c295c5590f67a224e56af3768bf743a6c3cc698cc6021bfe20827e4d92bbce38495d7d42460fc7e2d2f9d21eb9d91c6bba4d1ebc912ada3e8c8b57f554beb990254c4811c0cae39e46a7a05d84e70a0fa0377b3aed8b81492fb417713356ab7a2ca884bad2d51bc769a6cbb40bde7244c22a6e6fd4e087b9d0b10d612d2a6c6a16432f401739681e248b0c128633d3be767ac6ec514f51713a29c1f2b57f01527755dddb134d693110203010001a381fe3081fb301106096086480186f8420101040403020007303f0603551d1f043830363034a032a030a42e302c310b3009060355040613025349310e300c060355040a130541434e4c42310d300b0603550403130443524c31302b0603551d1004243022800f32303033303531353131353234355a810f32303233303531353132323234355a300b0603551d0f040403020106301f0603551d23041830168014ccbbbb86d66ff8beb4472277b3b6add70159964d301d0603551d0e04160414ccbbbb86d66ff8beb4472277b3b6add70159964d300c0603551d13040530030101ff301d06092a864886f67d0741000410300e1b0856362e303a342e3003020490300d06092a864886f70d010105050003820101001167cbcb9a6b2021dd6f6983d53f0dba9315974e7076265ce89e24e737fe3c50f4d4f92a2f0c13a15d04bcd0b0e9c203178505613dc0a7aa764cc3b83a83a986cf03f9770e2bb23d761b65d16a716071dbbbb87a8ef2f92183f8574ca8c7dd65c6eeef6fb3b699bbb4c3d0ab5fb2a07edd74212cc35aeb8da1cad8f0c817ed76ba84636e5bb9b5ca6dd7fc3439802fba4fdf8dd8fc18c43c8a352f778296ad209218b2e736f4ae3274b847d1d80fd82ccb6ac20075f92cf8420ecbfe7393a98fe1c7ae2137f3cab90cb4e7897e711c563420c3f134b9554bd35352f1072d2b3e5b19409f10edd32933c5af0f105687da3bc8b1ed38d919fb4bf0502da4cdd458 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A59C9B10EC7357515ABB660C4D94F73B9E6E9272\Blob = 0f0000000100000014000000e2edafd4d1ab0ef7f3d77637e04a51d6ac4afe1b0b00000001000000500000004300650072007400690070006f0073007400200045002d005400720075007300740020005000720069006d0061007200790020004e006f0072006d0061006c0069007300650064002000430041000000090000000100000040000000303e06082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a030c030000000100000014000000a59c9b10ec7357515abb660c4d94f73b9e6e92722000000001000000e4030000308203e0308202c8a003020102020b040000000001055264c761300d06092a864886f70d0101050500305d310b3009060355040613024245311c301a060355040a13134365727469706f737420732e612e2f6e2e762e3130302e060355040313274365727469706f737420452d5472757374205072696d617279204e6f726d616c69736564204341301e170d3035303732363130303030305a170d3230303732363130303030305a305d310b3009060355040613024245311c301a060355040a13134365727469706f737420732e612e2f6e2e762e3130302e060355040313274365727469706f737420452d5472757374205072696d617279204e6f726d616c6973656420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100d5b3aa52847a1793220fb80418cac9f2822aac150ba75071b64c256bf7ff01aa575a774e5e13140d55f21ef185cd85d7821c0cda092bbdfdbc9efe6d894da20224e651ea377f31465a7b9a76b32ea05d5fe4f8990a07beee922612c97be75d6cd083470ec08ca7d17957c00b199c9b9e43c54e9125ce882b6d79d9798ad6664e22c31a454eefc8b062264e2654509f0c6fb36bcc7c9f7fde0f0db58fc36bd4e1c2fbbb5650aa8c3d8f008b3cfc48176ad25af3756d6581bd465d9fa26253aecef3a9e4912b5a26c37966d1a65366351c0671b1ee990ec4fb5812ac22462de22292dbe13cbfbbfe86e7933473cf7869d3cbdef90cb268dac98a0a6054c4f356630203010001a381a030819d300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff30480603551d200441303f303d060903900e0701000102003030302e06082b060105050702011622687474703a2f2f7777772e652d74727573742e62652f4350532f514e636572747320301d0603551d0e0416041411f20b96d2333881575813fd40a4116f4e99fa67301106096086480186f8420101040403020007300d06092a864886f70d01010505000382010100356b4fde9df303b61dc8bc8de75e6a9ea9e9eda22b97eaafd1e146d302497dc45285ebbaf6d3bf3962189d9349bd7803bfd35e15ddef271ce1bb45012281004d3ae085ca5a3203cc208fafefc1dba8faf3dcd7b2b10f03810929e0717c8bfa7fcb366e1be814cef04b26a132294fccb4f587480c13fcc79dafabd493f52a4d7f4882583e17ffc3802aab3f5755b8392c661064266d8c6bd6dda0831a5a56119646bdae7028d638575b91d53f4de9acb3c3244a96655c34d01ed4bf08a5975df746db76f0cd3e7563002bafadae86de5fa699540d8523a5fcbaed1b52fa491877855baa729b270835453727db97c9fa8b3dc8d09dde5aef5da316b69879ca7ccb C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D8C5388AB7301B1B6ED47AE645253A6F9F1A2761\Blob = 5300000001000000230000003021301f060960857401590102010130123010060a2b0601040182373c0101030200c00b0000000100000014000000530077006900730073005300690067006e00000009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303030000000100000014000000d8c5388ab7301b1b6ed47ae645253a6f9f1a27612000000001000000be050000308205ba308203a2a003020102020900bb401c43f55e4fb0300d06092a864886f70d01010505003045310b300906035504061302434831153013060355040a130c53776973735369676e204147311f301d0603550403131653776973735369676e20476f6c64204341202d204732301e170d3036313032353038333033355a170d3336313032353038333033355a3045310b300906035504061302434831153013060355040a130c53776973735369676e204147311f301d0603550403131653776973735369676e20476f6c64204341202d20473230820222300d06092a864886f70d01010105000382020f003082020a0282020100afe4ee7e8b240e126ea9502d16443b92925ccab85d849242132abc655782403e5724cd508b252ab76ffcefa2d0c01f02244a13968f2313e6285800a347c706a784232bbbbd962b7f55cc8bc1571f0e62650fdd3d568a73daae7e6dba811c7e428c2035d9434d84fa84db522cf30e27770b6bbf112f72789f2ed83ee618375a2a72f9da62909295ca1f9ce9b33c2bcbf30113bf5acfc1b50a60bdddb5996453b8a096b36fe22677918ce06210029f340fa4d5923351debe8dba847a603c6adb9f2becdede013f6e4de55086cbb4afed4440c5ca5a8cdad22b7ca8eebea6e50aaa0ea5df0552b755c7225d326a97976313dbc9db79367b853a4ac55289f924e79d77a982ff551ca571692bd10224f2b326d46bda0455e5c10ac76d3037902ae49e14335e161755c55bb5cb348992f19d268fa107d4c6b27850db0c0c0b7c0b8c41d7b9e9dd8c88f7a34db232ccd817dacdb7ce669dd4fd5effbd973e2975e77ea76258af2534a541c73dbc0d50ca03030f085a1f95737862bfaf7214690ea5e5030e788e262842f0070b622010673946faa903cc04387a66ef2083b58c4a568e9100fc8e5c82de88a0c3e2686e7d8def3cdd65f45dac51ef2480aeaa56976ff9ad7dda613f98773ca591b61c8c26da65a2096dc1e254e3b9ca4c4c808f777b609a1edfb6f2481e0eba4e546d98e0e1a21aa27750cfc46392ec47199debe66bcec10203010001a381ac3081a9300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604145b257b96a465517eb839f3c078665ee83ae7f0ee301f0603551d230418301680145b257b96a465517eb839f3c078665ee83ae7f0ee30460603551d20043f303d303b0609608574015901020101302e302c06082b060105050702011620687474703a2f2f7265706f7369746f72792e73776973737369676e2e636f6d2f300d06092a864886f70d0101050500038202010027bae3947cf1aec0de17e6e5d8d5f554b083f4bbcd5e057b4f9f7566af3ce8567efc72783803d92b621b00b9f8e960cdccce518ac750316ee14a7e182f6959b63d64812be38384e622878e7de0ee029961b81ef4b82b88121684c23193389631a6b93b533fc32493565b6992ecc5c1bb3800e3ec17a9b8dcc77c01839f3247ba5222341d327a0956a77c2536a93d4bdac0826f0abb12c8874b2711f91e2dc7933f9edb5f266b52d92e8af114c6448d15a9b7bfbddea61aeeae2dfb487717febbecaf18f52a51f0398497956c6e1bc32bc474607925b00a27dfdf5ed239cf457d424bdfb32c1ec5c65dca553aa09c699a8fdaefb2b03c9f876c122b65701552311a24cf6f3123501f8c4f8f23c37441631c55a814dd3ee05150cff11b30560e92b08285d883cb2264bc2db825d554a2b806eaad92a424a0c186b54a136a47cf2e0b569554cbce9adb6ab4a6b2db4108862777f76aa0426c0b38ced775503292c2df2b302248d0d54138255da4e95d9fc69475d045fd3097438f90ab0ac78673604a692ddea578d706da6a9e4b3e773a20132201d0bf689e63606b354d0b6dbaa13dc093e07f23b355ad72254e46f9d216efb064c1019ee9caa06a980ecfd860f22f49b8e442e1383516f4c86e4ff78156e8baa3be23afaefd6f03e0023b3076fa1b6d41cf01b1e9b8c966f4db26f33aa474f249245bc9b0d057c1fa3e7ae197c9 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F48B11BFDEABBE94542071E641DE6BBE882B40B9 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2144 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe
PID 2144 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe
PID 2144 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe
PID 2144 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe
PID 2144 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe
PID 2144 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe
PID 2144 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe
PID 2584 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
PID 2584 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe"

C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe

"C:\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe authroots.sst

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe updroots.sst

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -l roots.sst

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -d delroots.sst

Network

Country Destination Domain Proto
US 8.8.8.8:53 ss.shanhutech.cn udp
CN 114.116.204.212:80 ss.shanhutech.cn tcp
US 8.8.8.8:53 bizhi.shanhutech.cn udp
CN 114.116.220.52:80 bizhi.shanhutech.cn tcp
CN 114.116.211.100:80 ss.shanhutech.cn tcp
CN 114.116.204.252:80 ss.shanhutech.cn tcp

Files

\Users\Admin\AppData\Local\Temp\{309EBE12-6FF3-4aef-AF86-0BBBCC6CF984}.tmp\7z.dll

MD5 f0fef6362d4886e85a186a5e3766650a
SHA1 65843b7052a4d1b84762479d79445c46834e18b5
SHA256 15b9fe7d408cbf2204039087526e7df947df57b42ea479e303b682e956638816
SHA512 3f6dfd701cf62b77219f8825a2257c4bd7d44ebafc5654b06abaf906ced2571f4eeb04fe22ae6136c14bddebddb12555aa6efd322e779443d57bb122ea786043

C:\Users\Admin\AppData\Local\Temp\Cab1E6B.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar1E7E.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

\Users\Admin\AppData\Local\Temp\{49B45EC9-2FC6-4ee9-A199-7A0CE397BC88}.tmp\KB931125.exe

MD5 4a4d72d34f9da1fc5019e0748fcde2f5
SHA1 f54752ec63369522f37e545325519ee434cdf439
SHA256 83b660f3f3eaddd4b388ed3f806f7444f03429fb63fc1f8db3d86294914a05ca
SHA512 95986ffbf51483a0d1a256028847c7ee6ac73ffd62f6d838309a69e1833f719a7cfed5422815f4d4a49dbd599c449f8db8f60273136720cb1da5f8b0eb24cb33

\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

MD5 a64e4b204d44548eeb5c3d86eca2ad70
SHA1 e3245bf6dbb2e56d71a9cbad2697aa4fa0df6bbe
SHA256 985a5603ebf94539ac11549999f83b5e6dc008180994898c5daa6fd31ae1e9dc
SHA512 dca4099318954bab5f1204645be0d0e8fea0c2e97ee95496fa884fbed627e376358623fa94c39bf0abe97d07d46a7e6c5e1081496cdd1987e07e595995a46cd5

\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

MD5 9c18ae971cbffb096952177f6804ea31
SHA1 bb255dd1bd9bb39cdbb8671af66054432c686828
SHA256 2703c25453b09c40ee81fdc458b8cc24712e387a12d15ff94e12b02921fe98cb
SHA512 21086509bb4ea5afede55d034955de0bdf8b366d5d8d4bfa7a6c68b0f35fbf217ff3e932f87fc1d37f09022805e79ceeecbaf3dbccbd96d7c93029ffe7370e4c

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rootsupd.inf

MD5 421e60325404f5f29ac04c9b9d59096b
SHA1 aace2fd74d799e8af5c8d5b2646361bb67a1620c
SHA256 571a8da5298aacc37700c747ee5d72b5a7797835140e7a4d4f895e9604574d77
SHA512 86693975b1b187ee65b0a23b1f3f8e05d1a3f61e7e47b060f938fe1602bbad96021847b709e64c2d5a295b72f10f4db587a11a1e7ca0a0b64c3bed7fa683b1d2

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\authroots.sst

MD5 bb49ccc10926cdb601eba81afef749a2
SHA1 a4766c9aea8d211e9632148fd4b625cece195be9
SHA256 f013ee3b7fede9a95844e83e83ee298d38cba6efce5a5cafcd8b95255c32f86c
SHA512 94c2809727039d1ed07a3742a4b2f9300e865ea7c49bc1fcf547a30238eeecc88d8dd06a2d4f3112317f948908b9af082b50f412a41a2bcb48d5e30d6d8ecbba

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.sst

MD5 2d9b4498c847715418160bfd7e7c8a2d
SHA1 e0873091d476d2566aa6fc988cb364247c95dc97
SHA256 c49c05b701c390c679e5e3226ec621f22a08155b1065fcfc37b509f648f03b41
SHA512 dcf3208cdd1e4353f82823f796d735c1209f149f183eea827a90753ec55509a1c460a16c120e07c12a5eacf0e67d2661c25638491ecf4403e25d6508983e519b

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\roots.sst

MD5 9e5de0fd1f90486a66dee4bfe89a78d7
SHA1 90e3188ef63495aaa71c85d4ff0f23253c834b40
SHA256 8b95ff56d61586582864d05563762615c8705779578dca3c98a303c3b1f4122e
SHA512 60006fa6f57e4d280642d51055f85f8d27b913ce71373de5b928c515c77647295030ab73ab4a55024de4a40c18f200909f49ffb52c26cf554835fc3d4cc348f1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\delroots.sst

MD5 7b32871e409608ff887b6cf4d87debb0
SHA1 191f9ea1298ee52dbd6f977b3584109a064f57b9
SHA256 3f01268547364d2d60a0f65b46757cccfd9225fc39d581846a8fbffdb5756ff2
SHA512 534a384f7946db4083e639b8e02d83ac97293c60630b8811a84c85e0330e9c293f05f5cf71e0f3580551e7923bc5a3bfb7f0406432ca3cdb7efeb4a950ac5e8a

C:\Users\Admin\AppData\Local\Temp\{06CB2087-79E0-4753-AFDF-18FD024E2CDF}.tmp\360NetUL.dll

MD5 6c2cd3003689a373b158a4f8c6fe75a7
SHA1 f4938a64224b9cfc16920a83b4cb9ef83c8b68ff
SHA256 a7ff68fe983f3fc97efcd0970e3f93952658420290a3e3d1cec97a2e0bfa83ed
SHA512 8a89da3786bcc7b2936e090a35b51fe59fa37c5b80bac5fd471777b9068a79b8f46bdeaf22f8d5be8bf47a3e1e239366f04ea1fb49c2233526bd1ea545960bd0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 15:26

Reported

2024-06-14 15:29

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

53s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe"

Signatures

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\BirdWallpaper\{19878BD3-F022-447e-8C2E-0D4AEF4AA501}.tf C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
File opened for modification C:\Program Files (x86)\BirdWallpaper\bizhi_setup.log C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4668000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d86200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703080b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a00650063007400290000000f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb20000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob = 5c0000000100000004000000000400007e0000000100000008000000000010c51e92d201620000000100000020000000e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e7009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030119000000010000001000000091161b894b117ecdc257628db460cc04030000000100000014000000742c3192e607e424eb4549542be1bbc53e6174e21d000000010000001000000027b3517667331ce2c1e74002b5ff2298140000000100000014000000e27f7bd877d5df9e0a3f9eb4cb0e2ea9efdb69770b000000010000004600000056006500720069005300690067006e00200043006c006100730073002000330020005000750062006c006900630020005000720069006d00610072007900200043004100000004000000010000001000000010fc635df6263e0df325be5f79cd67670f0000000100000010000000d7c63be0837dbabf881d4fbf5f986ad853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07a000000010000000e000000300c060a2b0601040182375e010268000000010000000800000000003db65bd9d5012000000001000000400200003082023c308201a5021070bae41d10d92934b638ca7b03ccbabf300d06092a864886f70d0101020500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3238303830313233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c95c599ef21b8a0114b410df0440dbe357af6a45408f840c0bd133d9d911cfee02581f25f72aa84405aaec031f787f9e93b99a00aa237dd6ac85a26345c77227ccf44cc67571d239ef4f42f075df0a90c68e206f980ff8ac235f702936a4c986e7b19a20cb53a585e73dbe7d9afe244533dc7615ed0fa271644c652e816845a70203010001300d06092a864886f70d010102050003818100bb4c122bcf2c26004f1413dda6fbfc0a11848cf3281c67922f7cb6c5fadff0e895bc1d8f6c2ca851cc73d8a4c053f04ed626c076015781925e21f1d1b1ffe7d02158cd6917e3441c9c194439895cdc9c000f568d0299eda290454ce4bb10a43df032030ef1cef8e8c9518ce6629fe69fc07db7729cc9363a6b9f4ea8ff640d64 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 0f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb0b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a0065006300740029000000090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703086200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d81d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67087e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d901030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4620000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 040000000100000010000000a7f2e41606411150306b9ce3b49cb0c90f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb0b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a0065006300740029000000090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703086200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d81d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67087e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d901030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d46190000000100000010000000e843ac3b52ec8c297fa948c9b1fb281920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 5c000000010000000400000000080000190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4668000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d86200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703080b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a00650063007400290000000f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb040000000100000010000000a7f2e41606411150306b9ce3b49cb0c920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-14_31a72a2e0492167fb08f179a42e4febb_magniber.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 ss.shanhutech.cn udp
US 8.8.8.8:53 bizhi.shanhutech.cn udp

Files

C:\Users\Admin\AppData\Local\Temp\{5FFFB9A6-CCB2-4c6d-9F34-324671B013F8}.tmp\7z.dll

MD5 f0fef6362d4886e85a186a5e3766650a
SHA1 65843b7052a4d1b84762479d79445c46834e18b5
SHA256 15b9fe7d408cbf2204039087526e7df947df57b42ea479e303b682e956638816
SHA512 3f6dfd701cf62b77219f8825a2257c4bd7d44ebafc5654b06abaf906ced2571f4eeb04fe22ae6136c14bddebddb12555aa6efd322e779443d57bb122ea786043

C:\Users\Admin\AppData\Local\Temp\{463429AE-7A6F-4819-A463-71E1B3C1F0B0}.tmp\360NetUL.dll

MD5 6c2cd3003689a373b158a4f8c6fe75a7
SHA1 f4938a64224b9cfc16920a83b4cb9ef83c8b68ff
SHA256 a7ff68fe983f3fc97efcd0970e3f93952658420290a3e3d1cec97a2e0bfa83ed
SHA512 8a89da3786bcc7b2936e090a35b51fe59fa37c5b80bac5fd471777b9068a79b8f46bdeaf22f8d5be8bf47a3e1e239366f04ea1fb49c2233526bd1ea545960bd0