metastealer | 7660ad82024cfb2faa8b7bea2cdd85509c1b665dcdd40ec0b7cd6c508bb6c4a1

Analysis

max time kernel
3574s
max time network
3608s
platform
windows10_x64
resource
win10-20220414-en
submitted
14-04-2022 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Honeygain_install (1).exe
Size

13.7MB
MD5

6d2fb27e84276095fd2beb3d9f741d79
SHA1

b1dd139c731e3c633441a2f964bb85cc6bf72767
SHA256

7660ad82024cfb2faa8b7bea2cdd85509c1b665dcdd40ec0b7cd6c508bb6c4a1
SHA512

a77f9450975fb81cdb81b9a1729114b79b214526193f96da8a89c9cca6170e085498f191f63432420befb9e4ff03cd684d4d10e5300febe365787052b5a4f937

Score

10^/10

metastealer persistence stealer

Malware Config

Signatures

Meta Stealer Stealer
Meta Stealer steals passwords stored in browsers, written in C++.
stealer metastealer

Blocklisted process makes network request 2 IoCs

flow	pid	Process
16	2620	rundll32.exe
17	304	rundll32.exe

Executes dropped EXE 2 IoCs

pid	Process
2316	Honeygain.exe
3380	HoneygainUpdater.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Control Panel\International\Geo\Nation	Honeygain.exe

Loads dropped DLL 64 IoCs

pid	Process
1584	Honeygain_install (1).exe
4076	MsiExec.exe
4076	MsiExec.exe
4076	MsiExec.exe
4076	MsiExec.exe
4076	MsiExec.exe
4076	MsiExec.exe
4076	MsiExec.exe
4076	MsiExec.exe
4076	MsiExec.exe
4076	MsiExec.exe
4076	MsiExec.exe
1736	MsiExec.exe
1736	MsiExec.exe
1736	MsiExec.exe
1736	MsiExec.exe
1736	MsiExec.exe
1736	MsiExec.exe
1736	MsiExec.exe
1736	MsiExec.exe
1192	rundll32.exe
1192	rundll32.exe
1192	rundll32.exe
1192	rundll32.exe
1192	rundll32.exe
1736	MsiExec.exe
2620	rundll32.exe
2620	rundll32.exe
2620	rundll32.exe
2620	rundll32.exe
2620	rundll32.exe
2620	rundll32.exe
2620	rundll32.exe
2620	rundll32.exe
1736	MsiExec.exe
304	rundll32.exe
304	rundll32.exe
304	rundll32.exe
304	rundll32.exe
304	rundll32.exe
304	rundll32.exe
304	rundll32.exe
304	rundll32.exe
4076	MsiExec.exe
4076	MsiExec.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce	Honeygain_install (1).exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\Windows\CurrentVersion\Run\Honeygain = "C:\\Program Files (x86)\\Honeygain\\Honeygain.exe"	Honeygain.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	Honeygain_install (1).exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\I:	Honeygain_install (1).exe
File opened (read-only)	\??\J:	Honeygain_install (1).exe
File opened (read-only)	\??\R:	Honeygain_install (1).exe
File opened (read-only)	\??\B:	Honeygain_install (1).exe
File opened (read-only)	\??\K:	Honeygain_install (1).exe
File opened (read-only)	\??\N:	Honeygain_install (1).exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\E:	Honeygain_install (1).exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\H:	Honeygain_install (1).exe
File opened (read-only)	\??\U:	Honeygain_install (1).exe
File opened (read-only)	\??\B:	Honeygain_install (1).exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\F:	Honeygain_install (1).exe
File opened (read-only)	\??\M:	Honeygain_install (1).exe
File opened (read-only)	\??\I:	Honeygain_install (1).exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\A:	Honeygain_install (1).exe
File opened (read-only)	\??\J:	Honeygain_install (1).exe
File opened (read-only)	\??\R:	Honeygain_install (1).exe
File opened (read-only)	\??\X:	Honeygain_install (1).exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\N:	Honeygain_install (1).exe
File opened (read-only)	\??\O:	Honeygain_install (1).exe
File opened (read-only)	\??\V:	Honeygain_install (1).exe
File opened (read-only)	\??\U:	Honeygain_install (1).exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	Honeygain_install (1).exe
File opened (read-only)	\??\S:	Honeygain_install (1).exe
File opened (read-only)	\??\W:	Honeygain_install (1).exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Q:	Honeygain_install (1).exe
File opened (read-only)	\??\O:	Honeygain_install (1).exe
File opened (read-only)	\??\A:	Honeygain_install (1).exe
File opened (read-only)	\??\H:	Honeygain_install (1).exe
File opened (read-only)	\??\L:	Honeygain_install (1).exe
File opened (read-only)	\??\M:	Honeygain_install (1).exe
File opened (read-only)	\??\L:	Honeygain_install (1).exe
File opened (read-only)	\??\Y:	Honeygain_install (1).exe
File opened (read-only)	\??\P:	Honeygain_install (1).exe
File opened (read-only)	\??\Y:	Honeygain_install (1).exe
File opened (read-only)	\??\Z:	Honeygain_install (1).exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	Honeygain_install (1).exe
File opened (read-only)	\??\S:	Honeygain_install (1).exe
File opened (read-only)	\??\V:	Honeygain_install (1).exe
File opened (read-only)	\??\W:	Honeygain_install (1).exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\P:	Honeygain_install (1).exe
File opened (read-only)	\??\F:	Honeygain_install (1).exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\G:	Honeygain_install (1).exe
File opened (read-only)	\??\T:	Honeygain_install (1).exe
File opened (read-only)	\??\Q:	msiexec.exe

Drops file in Program Files directory 38 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Honeygain\hgwin.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Microsoft.Threading.Tasks.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Microsoft.Threading.Tasks.Extensions.Desktop.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Sentry.Protocol.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Honeygain.Proxies.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Microsoft.DotNet.PlatformAbstractions.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Sentry.PlatformAbstractions.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Google.Apis.Core.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Microsoft.Bcl.AsyncInterfaces.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\PeanutButter.TinyEventAggregator.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\pt-BR\Honeygain.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\WebView2Loader.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Honeygain.Common.dll.config	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Honeygain.Core.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Newtonsoft.Json.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Sentry.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Microsoft.Web.WebView2.Core.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\System.Numerics.Vectors.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\System.Threading.Tasks.Extensions.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\Honeygain\HoneygainUpdater.ini	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Honeygain.exe	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\HoneygainUpdater.exe	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Microsoft.Web.WebView2.WinForms.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\System.Diagnostics.DiagnosticSource.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Honeygain.Common.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Google.Apis.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Google.Apis.PlatformServices.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\es\Honeygain.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\System.Runtime.CompilerServices.Unsafe.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Countly.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Microsoft.Threading.Tasks.Extensions.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Facebook.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Google.Apis.Auth.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Google.Apis.Auth.PlatformServices.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Autofac.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\Honeygain.exe.config	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\System.Buffers.dll	msiexec.exe
File created	C:\Program Files (x86)\Honeygain\System.Memory.dll	msiexec.exe

Drops file in Windows directory 38 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIEF1C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEFD8.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3A4.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1412.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEE00.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEE7E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3A4.tmp-\Microsoft.Deployment.WindowsInstaller.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\{54AC30E4-CAD0-428F-A1E8-4C0B2CDAFBE3}\main_icon.exe	msiexec.exe
File created	C:\Windows\Installer\e56e97c.msi	msiexec.exe
File created	C:\Windows\Installer\e56e97a.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF597.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF597.tmp-\CustomAction.config	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIEC49.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF597.tmp-\Honeygain.Proxies.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIF597.tmp-\Honeygain.CustomActions.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI3A4.tmp-\CustomAction.config	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIF597.tmp-\Microsoft.Deployment.WindowsInstaller.dll	rundll32.exe
File created	C:\Windows\Installer\SourceHash{54AC30E4-CAD0-428F-A1E8-4C0B2CDAFBE3}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3A4.tmp-\Honeygain.CustomActions.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI3A4.tmp-\Honeygain.Proxies.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI13B2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1412.tmp-\Honeygain.Proxies.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIF335.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File opened for modification	C:\Windows\Installer\MSI1412.tmp-\Microsoft.Deployment.WindowsInstaller.dll	rundll32.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Installer\MSIED44.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF597.tmp-\hgwin.dll	rundll32.exe
File created	C:\Windows\Installer\{54AC30E4-CAD0-428F-A1E8-4C0B2CDAFBE3}\main_icon.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1412.tmp-\CustomAction.config	rundll32.exe
File opened for modification	C:\Windows\Installer\e56e97a.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1412.tmp-\hgwin.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI3A4.tmp-\hgwin.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI1412.tmp-\Honeygain.CustomActions.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI269.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI = "{ADAC1F00-914D-4B58-9782-017A93C29C4D}"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4E03CA450DACF8241A8EC4B0C2ADBF3E\ProductName = "Honeygain"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\FlipAheadCompletedVersion = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\87F45A54E3EC37E4A9C35636860D2B76	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\AllComplete = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites\Order = 0c0000000a000000000000000c0000000100000000000000	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{DC5EED66-6336-47AA-B5EC-35F188F41305} = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = 6aa8dc891250d801	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4E03CA450DACF8241A8EC4B0C2ADBF3E\Assignment = "1"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\MigrationTime = 6aa8dc891250d801	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4E03CA450DACF8241A8EC4B0C2ADBF3E	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4E03CA450DACF8241A8EC4B0C2ADBF3E\PackageCode = "54385B18403317E4E923614AF214B4A9"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4E03CA450DACF8241A8EC4B0C2ADBF3E\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows\AllowInPrivate	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000c5e645c3753ef0fb7fb348988ee028a11db5fb997923992d5a142f8fb68d1211ac3da863bed9963e81016ce35cf39062c0f11b9d06b4d70c302b	MicrosoftEdge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4E03CA450DACF8241A8EC4B0C2ADBF3E	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4E03CA450DACF8241A8EC4B0C2ADBF3E\SourceList\PackageName = "Honeygain_install.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4E03CA450DACF8241A8EC4B0C2ADBF3E\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\Honeygain\\Honeygain 0.11.1.0\\install\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4E03CA450DACF8241A8EC4B0C2ADBF3E\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\Honeygain\\Honeygain 0.11.1.0\\install\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4E03CA450DACF8241A8EC4B0C2ADBF3E\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\87F45A54E3EC37E4A9C35636860D2B76\4E03CA450DACF8241A8EC4B0C2ADBF3E	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI = "5"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\EnableNegotiate = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\ManagerHistoryComplete = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\AllComplete = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\SmartScreenCompletedVersio = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\DatabaseComplete = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Zoom	MicrosoftEdge.exe

Modifies system certificate store 2 TTPs 64 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\89D483034F9E9A48805F7237D4A9A6EFCB7C1FD1\Blob = 03000000010000001400000089d483034f9e9a48805f7237d4a9a6efcb7c1fd120000000010000004402000030820240308201e5a003020102020c015448ef21fd97590df5040a300a06082a8648ce3d0403023071310b30090603550406130248553111300f06035504070c08427564617065737431163014060355040a0c0d4d6963726f736563204c74642e3117301506035504610c0e56415448552d3233353834343937311e301c06035504030c15652d537a69676e6f20526f6f742043412032303137301e170d3137303832323132303730365a170d3432303832323132303730365a3071310b30090603550406130248553111300f06035504070c08427564617065737431163014060355040a0c0d4d6963726f736563204c74642e3117301506035504610c0e56415448552d3233353834343937311e301c06035504030c15652d537a69676e6f20526f6f7420434120323031373059301306072a8648ce3d020106082a8648ce3d0301070342000496dc3d8ad8b07b6fc627be4490b1b356157b8e43247d1a8459ee6368b2c65e87d015481ea890adbd53a2dade3a90a6605f6832b58641df875b2c7bc5fe7c7adaa3633061300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e0416041487111508d1aac1780cb1afcec6c990efbf3004c0301f0603551d2304183016801487111508d1aac1780cb1afcec6c990efbf3004c0300a06082a8648ce3d0403020349003046022100b557ddd78a550b36e18644fad4d9688db8dc238a8a0dd42f7dea73ecbf4d6ca8022100cba5b412fae7b5e8cf7e93fcf3358f6f4e5a7cb4bc4eb2fc72aa5b59f9e7dc31	Honeygain.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Honeygain_install (1).exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\6A92E4A8EE1BEC964537E3295749CD96E3E5D260	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\2D0D5214FF9EAD9924017420476E6C852727F543	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\20D80640DF9B25F512253A11EAF7598AEB14B547\Blob = 03000000010000001400000020d80640df9b25f512253a11eaf7598aeb14b5472000000001000000fd020000308202f930820280a003020102020d00a68b79290000000050d091f9300a06082a8648ce3d0403033081bf310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230313220456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c79313330310603550403132a456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20454331301e170d3132313231383135323533365a170d3337313231383135353533365a3081bf310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230313220456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c79313330310603550403132a456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204543313076301006072a8648ce3d020106052b81040022036200048413c9d0ba6d417be26cd0eb555f66021a24f45b896947e3b8c27df1f202c59fa0f65bd58b0619864f53106d072427a1a0f8d54719614c7dca9327ea740cef6f9609fe63ec705d36ad6777aec99d7c55443aa263511ff5e362d4a947073ecc20a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414b763e71add8de908a65583a4e06a504165114249300a06082a8648ce3d040303036700306402306179d8e54247df1cae539917b66f1c7de1bf1194d1038875e48d89a48a7746de6d61ef02f5fbb5dfccfe4efffea9e6a702305b99d7853706b57b08fdeb278b4a94f9e1faa78e2608e87c92686d73d86f26ac2102b899b726415b2560aed0481aee06	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\B12E13634586A46F1AB2606837582DC4ACFD9497	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\DF717EAA4AD94EC9558499602D48DE5FBCF03A25\Blob = 030000000100000014000000df717eaa4ad94ec9558499602d48de5fbcf03a252000000001000000640500003082056030820348a00302010202100a0142800000014523c844b500000002300d06092a864886f70d01010b0500304a310b300906035504061302555331123010060355040a13094964656e5472757374312730250603550403131e4964656e547275737420436f6d6d65726369616c20526f6f742043412031301e170d3134303131363138313232335a170d3334303131363138313232335a304a310b300906035504061302555331123010060355040a13094964656e5472757374312730250603550403131e4964656e547275737420436f6d6d65726369616c20526f6f74204341203130820222300d06092a864886f70d01010105000382020f003082020a0282020100a75019de3f993dd43346f16f516182b2a94f8f67895d84d953dd0c28d9d7f0ffae95437299f9b55d7c8ac142e1315074d1810d7ccd9b21ab43e2acad5e866ef3098a1f5a32bda2eb94f9e85c0aecff98d2af71b3b4539f4e87ef92bcbdec4f3230884b175e57c453c2f602978dd9622bbf241f628ddfc3b8294b49783c93608822fc99da36c8c2a2d42c540067356e73bf0258f0a4dde5b0a2267acae036a51916f5fdb7efae3f40f56d5a04fdce34ca24dc74231b5d3313125dc40125f630dd025d9fe0d547bdb4eb1ba1bb4949d89f5b02f38ae42490e4624f4fc1af8b0e7417a8d172886a7a0149ccb44679c617b1da981e0759fa75218565dd9056cefbaba5609dc49df952b08bbd87f98f2b230a23763bf733e1c900f369f94ba2e04ebc7e93398407f744707efe075ae5b1acd118ccf235e5494908ca56c93dfb0f187d8b3bc113c24d8fc94f0e37e91fa10e6adf622ecb350651792cc82538f4fa4ba7895c9cd2e30d39864a747cd55987c23f4e0c5c52f43df75282f1eaa3acfd49341a28f341883a13eee8deff991d5fbacbe81ef2b95060c031d373e5efbea0ed330b74be2020c4676cf008037a55807f464e96a7f41e3ee1f6d809e133642b63d7325e9ff9c07b0f786f97bc939af99c1290787a808715d772749c557478b1bae16e7004ba4fa0ba68c37bff31f0733d3d942ab10b410ea0fe4d88656b7933b4d70203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ed4419c0d3f0068beea47bbe42e72654c88e3676300d06092a864886f70d01010b050003820201000dae9032f6a64b7c447619611e2728cd5e54ef25bce30890f929d7ae6808e1940058ef2e2e7e53528cb65c07ea88ba998b5094d78280df61090093ad0d14e6cec1f2379478b05f9cb3a273b88f059338cd8d3eb0b8fbc0cfb1f2ec2d2d1bccecaa9ab3aa60821b2d3bc3843d578a961e9c75b8d330cd60088390d38e54f14d66c05d740340a3ee857ec21f779c06e8c1a7185d5295edc9dd259e6dfaa9eda33a34d0597bdaed50f335bfedeb144d31c760f4daf1879ce248e2c6c537fb0610fa755966314729da769a1ce982aeef9ab951f788239a6995623ce5558036d75402fff1b95dced4236fd845844a5b65ef890cdd14a720cb18a525b40df901f0a2d2f400c8748ea12a488e65db13c4e225177debbe875b17205451934a53030bec5dca33ed62fd45c72f5bdc58a08039e6fad7fe1314a6ed3d944a4274d4c3775973cd8f46be5538effae89132ea97580422de38c3ccbc6dc9333a6a0a693fa0c8ea728f8c638623bd6d3c969e95e0494caaa2b92a1b9c368178edc3e846e2265944751ed9758951cd10849d6160cb5df997224d8e98e6e37ff65bbbaecdca4a816b5e0bf351e1742be97e27a7d999494ef8a580db250f1c63628ac933676b3c1083c6addea8cd168e8df00737719ff2abfc41f5c18bec00375d09e54e80effab15c3806a51b4ae1dc382d3cdcab1f901ad54a9ceed1706ccceef457f818ba846e87	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\B561EBEAA4DEE4254B691A98A55747C234C7D971\Blob = 030000000100000014000000b561ebeaa4dee4254b691a98a55747c234c7d97120000000010000006d0500003082056930820351a00302010202090092b888dbb08ac163300d06092a864886f70d01010b05003052310b300906035504061302534b311330110603550407130a4272617469736c61766131133011060355040a130a446973696720612e732e3119301706035504031310434120446973696720526f6f74205232301e170d3132303731393039313533305a170d3432303731393039313533305a3052310b300906035504061302534b311330110603550407130a4272617469736c61766131133011060355040a130a446973696720612e732e3119301706035504031310434120446973696720526f6f7420523230820222300d06092a864886f70d01010105000382020f003082020a0282020100a2a3c40009d6855d2d6d14f6c2c3739e35c271557e81fbab4650e0c17c4978e6ab79583cdaff7c1c9fd89702783e6b4104e941bdbe032c45f62f64d4ab5da3473d649be9689ac6cc1b3fbabeb28b34022e985519fc8c6faa5fda4cce4d0321a3d8d234935696cb4c0c00163c5f1acdc8c76ca6add331a7bce8e5e166d6d2fb03b44165c910ae0e0563c6806a6930fdd2ee90ef0d27df9f9573f4e125da6c16de413834ea8bfcd1e80414612d417eacc7774ecb5154fb5e92181b045a68c6c9c4fab713a098b7112bb7d657cc7c9e17d1cb25fe864e242e560c784d9e0112a62ba701656e7c621d8484dfeac06bb5a52a9583c353110c731d0bb24690d1423ace406e95adffc694ad6e97848e7d6f9e8a800d496d73e27b921ec3f3c1f3eb2e056fd91bcf377604c8b45ae417a7cbdd761fd01976e82c05b3d69c34d896dc61879105e4440833c1dab90865d4aeb2360debba38ba0ce59b9eeb8d66dd99cfd68941f604928a29296d6b3a1ce7757d02710ef3c0e7bdcb19dd9d60b2c26660b6b104eec9e686b99a6640a8e711ed8145038bf66759e8c10611bdddcf80024f6540785c4750c89be61f817be444a85b859ae2de5ad5c7f93a44664be432547ce46c9cb30e3d17a2b23412d67eb2a849bbd17a2840bea2161fdfe4371f1173fb900a6543a20d7cf8060155337db00db8f4f5aea542577c36118c7b5ec4039d8c799d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414b599f8afb094f5e320d60aadce4e56a42e6e42ed300d06092a864886f70d01010b0500038202010026065e70e76533c8826ed99c173a1b7a66b201f6783b695e2feaff4ef928c3982a614cb424128a7d6d1114f79cb5cae6bc9e278e4c19c8a9bd7ac0d7360e6d85726ea8c6a26df6fa73637fbc6e79081c9d8a9f1a8a53a6d8bbd93555b111c5a903b3563bb98493225e7ec1f612528bea2c67bcfe364cf5b8cfd1b349923bd3290e991b96f761b83bc42bb6786cb4236ff0fdd3b25e751f9995a8acf6dae1c5317bfbd146b3d2bc67b46254ba09f763b093a29af9e9522e8b6012abfcf56056ef105c8bc41a42dc835b640ecbb5bcd64fc17c3c6e8d136dfb7beb30d0dc4dafc5d5b6a54c5b71c9e831bee8380648a11ae2ead2de1239581aff800e8275e6b7c9076c0eefff38f19871c4b77f0e15d02569bd229d2bed05f64647acedc0f0d43be2ecee965b90134e1e563aebb0ef96bb962311baf24386746495c82875df1d35bad23783385338363bcf6ce9f96b0ed0fb04e84f77d7650178860c7a3e2162f17f63710cc99f44dba827a275be6e813ed7c0eb1b980f705c34b28accc08518eb6e7ab3f75aa107bfa94292f3602297e414a1079b4e76c08e7dfda425c747edff1f73acccc3a5e96f0a8e9b65c25085b5a3a05312cc558761f381ae104661bd4421b8c23d74cf7e2435fa1c070e9b3d22caef312f8cac12bdef4028fc29679fb2134f6624c45319e91e2915efe66db07f2d67fdf36c1b7546a3e54a17e9a4d70b	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a42000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\0FF9407618D3D76A4B98F0A8359E0CFD27ACCCED	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\FFBDCDE782C8435E3C6F26865CCAA83A455BC30A\Blob = 030000000100000014000000ffbdcde782c8435e3c6f26865ccaa83a455bc30a2000000001000000340400003082043030820318a003020102020900da9bec71f303b019300d06092a864886f70d01010b05003081a4310b3009060355040613025041310f300d06035504080c0650616e616d613114301206035504070c0b50616e616d61204369747931243022060355040a0c1b5472757374436f722053797374656d7320532e20646520522e4c2e31273025060355040b0c1e5472757374436f7220436572746966696361746520417574686f72697479311f301d06035504030c165472757374436f7220526f6f74436572742043412d31301e170d3136303230343132333231365a170d3239313233313137323331365a3081a4310b3009060355040613025041310f300d06035504080c0650616e616d613114301206035504070c0b50616e616d61204369747931243022060355040a0c1b5472757374436f722053797374656d7320532e20646520522e4c2e31273025060355040b0c1e5472757374436f7220436572746966696361746520417574686f72697479311f301d06035504030c165472757374436f7220526f6f74436572742043412d3130820122300d06092a864886f70d01010105000382010f003082010a0282010100bf8eb795e2c226126b3319c740580aab59aa8d00a3fc80c7507b8ed42026ba3212d8235449251022989d46d2c1c99e4e1b2e2c0e38f31a25681ca65a05e61e8b48bf9896743e69cae9b578a506bcd5005e090af2277a52fc2dd5b1eab4896124f31a13dba9cf52ed0c24bab99eec7e0074fa93ad6c2992ae51b4bbd357bfb3f3a88d9cf4244b2ad6999ef49efec07e423ae70b9553dab7680e904cfb703f8f4a2c94f326dd6369a994d8104ec5470890991b174db96c6eef6095118e2180b5bda073d8d0b277c445ea5a26fb667676f8061f616d0f55c583b71056720607a5f3b11a0305640e9d5a8ad686701b24defe288a2bd06ab0fc7aa2dcb2790e8b650f0203010001a3633061301d0603551d0e04160414ee6b493c7a3f0de3b109b78ac8ab199f733350e7301f0603551d23041830168014ee6b493c7a3f0de3b109b78ac8ab199f733350e7300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186300d06092a864886f70d01010b050003820101002518d4918f13ee8f1e1d1153da2d442919a01e6b319e4d0e9ead3d5c416f952b24a179983a3836fbbb669e48ff9090ef3dd4b89bb487753f209bce72cfa155c14d64a21906a107330c0b29e5f1eaaba3ecb50a7490c77d72f2d75c9f91ef918bb7dced66a2cf8e663bbc9f3a02e027dd1698c095d40aa4e4819a7594359c905f883706ad59950ab0d167d319ca89e7325a361c3e82a85a93bec6d06491b6cfd9b618cfdb7ed265a3a6c48e1731c1fb7e76dbd385e358b2777a763b6c2f501ce7dbf667791ff582959a07a714af8fdc28216709d2d64d5a1c191c8e775cc394243d326b4b7ed4789483be374dce5fc71e4e3ce08933950b0fa532d63c5a792c19	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\9FF1718D92D59AF37D7497B4BC6F84680BBAB666	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\93057A8815C64FCE882FFA9116522878BC536417\Blob = 03000000010000001400000093057a8815c64fce882ffa9116522878bc5364172000000001000000d7070000308207d3308205bba00302010202085ec3b7a6437fa4e0300d06092a864886f70d010105050030423112301006035504030c09414343565241495a313110300e060355040b0c07504b4941434356310d300b060355040a0c0441434356310b3009060355040613024553301e170d3131303530353039333733375a170d3330313233313039333733375a30423112301006035504030c09414343565241495a313110300e060355040b0c07504b4941434356310d300b060355040a0c0441434356310b300906035504061302455330820222300d06092a864886f70d01010105000382020f003082020a02820201009ba9abbf614a97af2f97669a745fd0d996fdcfe2e466ef1f1f4733c244a3df9ade1fb554dd157c6935116fbbc80c8e6a181ed88fd916bc1048365cf063b3905a5c2437d7a3d6cb0971b9f1017284b07ddb4d80cdfcd36fc9f8dab60e82d24585a81b68a83de8f4446cbda1c2cb03be8c3e130084df4a48c0e3220ae8e937a7184cb1090d23567f044dd9178418a5c8da409473ebce0e573c03813a9d0aa1574369ac576d799078e5b5b43bd8bc4c8d28a1a7a3a7ba024e25d12aaeedae0322b86b200f302854957fe0eece0a669dd1402d6e22af9d1ac10519d26fc0f29ff87bb30242fb50a91d2d930f23abc6c10f92ffd0a215f55309711cff451384e6265ef8e0881c0afc16b6a87306b8f0638402a0c65aece774df70aea38325ead6c7978793a7c68a8a33976037103e973e6e2915d6a10fd1882c129f6faaa4c642eb41a2e39543d301856d8ebb3bf32336c7fe3be0a1250748abc98974ff088f80bfc09665f3eeec4b68bd9d88c331b340f1e8cff638bb9ce4d17fd4e5589b7cfad4f30e9b7591e4ba522e197ed1f5cd5a19fcba06f6fb52a84b9904ddf8f9b48b50a34e6289f08724fa8342c187fad52d292a5a717a646ad72760630ddbce49f58d1f90893217f87343b8d25a938661d6e1750aea796676884f71eb0425d60a5a7a93e5b94b17400fb1b6b9f5de4fdce0b3ac3b117060844a436e9920c029710ac0650203010001a38202cb308202c7307d06082b060105050701010471306f304c06082b060105050730028640687474703a2f2f7777772e616363762e65732f66696c6561646d696e2f4172636869766f732f636572746966696361646f732f7261697a61636376312e637274301f06082b060105050730018613687474703a2f2f6f6373702e616363762e6573301d0603551d0e04160414d287b4e3df37279355f656ea81e536cc8c1e3fbd300f0603551d130101ff040530030101ff301f0603551d23041830168014d287b4e3df37279355f656ea81e536cc8c1e3fbd308201730603551d200482016a30820166308201620604551d2000308201583082012206082b06010505070202308201141e820110004100750074006f0072006900640061006400200064006500200043006500720074006900660069006300610063006900f3006e00200052006100ed007a0020006400650020006c00610020004100430043005600200028004100670065006e0063006900610020006400650020005400650063006e006f006c006f006700ed00610020007900200043006500720074006900660069006300610063006900f3006e00200045006c006500630074007200f3006e006900630061002c002000430049004600200051003400360030003100310035003600450029002e002000430050005300200065006e00200068007400740070003a002f002f007700770077002e0061006300630076002e00650073303006082b060105050702011624687474703a2f2f7777772e616363762e65732f6c656769736c6163696f6e5f632e68746d30550603551d1f044e304c304aa048a0468644687474703a2f2f7777772e616363762e65732f66696c6561646d696e2f4172636869766f732f636572746966696361646f732f7261697a61636376315f6465722e63726c300e0603551d0f0101ff04040302010630170603551d110410300e810c6163637640616363762e6573300d06092a864886f70d010105050003820201009731029fe7fd4367484414e42987ed4c2866d08f35da4d61b74a974db5db90e0052e0ec679d0f297690fbd0447d9bedbb529da9bd9aea999d5d33c3093f58da1a8fc068d44f4ca16957c33dc628ba837f827d8092d1befc8142720a96444ff2ed675aa6c4d60401949435463dae2ccba66e54f447a5bd96a812b40d57ff90127582cc8ed48917c3fa600cfc429731136de86193e9dee198a1bd5b0ed8e3d9c2ac00dd83d66e33c0dbdd5945ce2e2a7351b0400f63f5a8dea43bd5f891da9c1b0cc99e24d000adac9275be713905ce4f533a2556ddce0094d2fb1265b27750009c4627729085f9e59acb67ead9f54302203c11e7164fef9380a9618dd0214ac23cb061c1ea47d8d0dde2741e8adda15b7b023dd2ba8d3da2587ede855444d88f4367e849a78acf70e56490ed63325d68450426c20121d2ad5bebcf27081a47060be05b59b9e0444be6123ace9a5248c1180945aa2a2b949d2c1dcd1a7ed31112c9e19a6eee155e1c0eacf0d84e417b7a27ca5de552506eeccc0875c40dacc953f55e035c7b884beb45dcd7a830172ee87e65f1daeb585c626dfe6c19ae91e02479f2aa86da95bcfec45777f98279a325d2ae384eec598662f96201dddd8c327d7b0f9fed97dcdd09f8f0b1458519f2f8bc3382ddee88fd68d87a4f5564316992cf4a456b434b86137c9c258801ba097a1fc598de911f6d10f4b5534462a8b863b	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\A3A1B06F2461234AE336A5C237FCA6FFDDF0D73A\Blob = 030000000100000014000000a3a1b06f2461234ae336a5c237fca6ffddf0d73a20000000010000005e0500003082055a30820342a00302010202104fd22b8ff564c8339e4f345866237060300d06092a864886f70d01010b05003047310b300906035504061302434e3111300f060355040a0c08556e6954727573743125302306035504030c1c55434120457874656e6465642056616c69646174696f6e20526f6f74301e170d3135303331333030303030305a170d3338313233313030303030305a3047310b300906035504061302434e3111300f060355040a0c08556e6954727573743125302306035504030c1c55434120457874656e6465642056616c69646174696f6e20526f6f7430820222300d06092a864886f70d01010105000382020f003082020a0282020100a90907281302b099e064aa1e43167a73b191a0753ea8fae338007aec896a200f8bc5b09b33035a86c65886d5c185bb4fc69c404dcabeee6996b8ad81309a7c9205eb052b9a48d0b8763e96c820bbd2b0f18fd8ac4546ffaa6760b4777e6a1f3c1a527a043d073c850d84d01f760af76a14df72e3347c574e56013e79f1aa293b6cfaf88f6d4dc835dfaeebdc24ee7945a785b60588de885d257c97646709d9bf5a150586f3091eec58323311f37764b0761fe41035171bf20eb16ca42aa373fc091f1e32195311e7d9b32c2e762ea1a3de7e6a8809e8f2078af8b2cd10e7e2734093bb08d13fe1fc0b94b325ef7ca6d7d1af9fff969af5917b980b77d47ee807d262b59539e3f3f16d0f0e65848a6354c580b6e09e4b7d4726a701085dd1889ed7c33244fa824a0a68547f385303cca400336451590ba382917a5eec16c2f32ae662da2adb596210254a2a810b470743067087d2fa9311297a484deb94c7704daf67d551b180200101b47a08a6907f4ee0ef074187af6aa55e8bfbcf50b29a54afc389ba582df53098b13672397e4904fd29a74c79e40557db94b916538d46b31d956157567faff0165b61586f3650110bd8ac2b95161a0e1f08cd363465106266d5805f14205f2d0ca0780a68d62cd7e96f2bd24a0593fc9e6f6b67ff88f14ea5694a523705eac6168dd2c499d1822b3bba3575f7515158f3c807dde4b4037f0203010001a3423040301d0603551d0e04160414d9743ae4303d0df712dc7e5a059f1e349af7e114300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186300d06092a864886f70d01010b05000382020100368d97cc42156429379b262cd6fbae15692c6b1a1af75fb6f9074c59eaf3c9c8b9aeccba2e7adcc0f5b02dc03baf9f7005116a9f254f012970e3e50ce1ea5a7cdc49bbc11e2a81f5164b7291c8a231b9aadafc9d1ff35d400213fc4e1c06cab31490541719121af11fd70c695af67178f4947d910b8eec90548ebc6fa14cabfc7464fd719af84107a1cd91e43c9ae09b323973ab2ad569c8789126317de2c730f1fc147877120e13f4dd1694bf4b677b705385cab0bbf3384d2c9039c00dc25d6be9e2e5d5888dd62cbfab1bbeb528871217746efc7dfc8fd08726b01bfbb96cabe29e3d15c13b2e670258919feff8421f2cb768f575adcfb5f6ff117dc2f024a5add3faa03ca9fa5ddca5a0ef44a4bed6e8e5e41396177b063e32edc7b742bc76a3d865382b383551210e0e6f2e341340e12b670c6d4a413018235a325599c917e03cdef6ec79ad2b5819a2ad2c221a958ebe96905d4257c4f91403352b1c2d515708a73ade3fe4c8b40373c2c12680bb0b421fad0daf2672daccbeb3a383580d82c51f4651e39c18cc8d9b8dec49eb7550d58c2859ca7434da8c0b21ab1eea1be5c7fd153ec017aafb236e2646cbfaf9b1726b69cf22840b620facd9190094a2763cd42d9aed049e2d06621037521c85721b27e5ccc631ec37ec63599b0b1d76cc7e329a8895083652bbde765f764949ad7fbd6520b2c9c12b7618769f56b1	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\1B8EEA5796291AC939EAB80A811A7373C0937967\Blob = 0300000001000000140000001b8eea5796291ac939eab80a811a7373c09379672000000001000000640500003082056030820348a003020102021478585f2ead2c194be3370735341328b596d46593300d06092a864886f70d01010b05003048310b300906035504061302424d31193017060355040a131051756f5661646973204c696d69746564311e301c0603550403131551756f566164697320526f6f742043412031204733301e170d3132303131323137323734345a170d3432303131323137323734345a3048310b300906035504061302424d31193017060355040a131051756f5661646973204c696d69746564311e301c0603550403131551756f566164697320526f6f74204341203120473330820222300d06092a864886f70d01010105000382020f003082020a0282020100a0be50108ee9f26c40b4049c85b931cadc2de411a9043c1b55c1e758301d24b4c3ef85de8c2ce1c13ddf82e64fad47876cec5b49c14ad5bb8fec87ac7f829a86ec3d03995201d2359eacdaf053c9663cd4ac0201da24d33ba80246afa41ce3f8735876b7f60e900db5f0cfccfaf9c64ce5c386300a8d177e35ebc5dfbb0e9cc08d87e388388567fa3ec7abe0139c051898cf93f5b192b4fc23d3cfd5c42749e09e3c9b08a38b5d2a21e0fc39aa53da7d7ecf1a0953bc5d0504cfa14a8f8b76820da1f8d2c714775b903607819b3e06fa525e63c5a600fea5e9521b52b5923972030962bdb060166ea6dd25c20366ddf304d140e24e8b86f46fe583a027845e04c1f590bd303dc4efa869bc389ba4a496d162da69c00196aecbc45134ea0caaff218e598f4a5ce4619aa7d2e92a788d513d3a15eea2598ea95cdec5f99022e5884571dd91996c7a9f3d3d987c5ef6be1668a05eae0b23fc5a0faa22762dc9a1101de4d3442390889fc62ae6d7f59ab3581e2f3089081b54a2b59823ec08771c955d61d1cb899c5fa24a919aef21aa491608a8bd612831c974ad85f6d9c5b18bd1e510324d5f8b203a3c491f3385590ddbcb0975436973fb6b717df0dfc44c7dc6a32ec89579cb73a28e4e4d24fb5ee404be721ba6272d495a997ad75c0920b77f94b94ff10d1c5e88421b11b7e791db9e6cf46adf8c069803adcc28efa547f3530203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a397d6f35ea210e1ab459f3c17643cee01709ccc300d06092a864886f70d01010b0500038202010018fa5b75fc3e7ac75f77c7cadfcf5fc312c4405dd432aab86ad7d51515469823a5e6905b18994ce3ad42a382313688cde9fbc40496488b01c78d01cf5b3306964666741d4fedc1b6b9b40d61cc637ed72e778c961c2a23686b855776703313fee14fa6237718fa1a8ce8bd65c9cf3ff4c917dcebc7bcc0042e2d462f6966c31b8ffeec3ed3ca94bf760a250da97b021ca9d03b5f0bc0813a3d64e1bfa72d4ebd4dc4d829c62218d0c5ac7202823faa3aa23a229731dd0863c37514b960282d5b68e016a966822351f5eb53d8319b7be9b79d4beb8816cff95d388a49308fedf1eb19f4771a31184d67546c2f6f65f9db3dec21ec5ef4f48bca606554d17164f4f9a6a38133363371f0a4785f4ead8321de34498de859ac9df2765a36f213f4afe009c7612a6cf7e09daebb864a286f2eeeb479cd9033c3b376faf5f06c9d0190fa9e90f69c72cf47dac31fe4352053f254d1df6183a602e22538de85322d5e7390525d42c4ce3d4be1f919841dd5a250cc41fb4114c3bdd6c95aa363660280bd053a3b479cec00264cf58851bfa8237f1807b00bed8b26a164d3614aeb5c9fdeb3af6703b31fdd6d5d696869ab5e3aec7c69bcc73b854e9e15b9b4154fc3957a58d7c96ce96cb9f329635eb42cf02d3ded5a65e0a95b40c24899816d9e1f062a3c12b48b0f9ba224f0a68dd67ae04bb66496639584c24acd1c2e24873360e5c3	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\DAFAF7FA6684EC068F1450BDC7C281A5BCA96457	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\96C91B0B95B4109842FAD0D82279FE60FAB91683	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\96C91B0B95B4109842FAD0D82279FE60FAB91683\Blob = 03000000010000001400000096c91b0b95b4109842fad0d82279fe60fab91683200000000100000047040000308204433082032ba00302010202030983f4300d06092a864886f70d01010b05003050310b300906035504061302444531153013060355040a0c0c442d547275737420476d6248312a302806035504030c21442d545255535420526f6f7420436c617373203320434120322045562032303039301e170d3039313130353038353034365a170d3239313130353038353034365a3050310b300906035504061302444531153013060355040a0c0c442d547275737420476d6248312a302806035504030c21442d545255535420526f6f7420436c61737320332043412032204556203230303930820122300d06092a864886f70d01010105000382010f003082010a028201010099f1843470ba2fb730a08ebd7c04cfbe62bc99fd8297d27a0a67963809f6104e952273998dda152de705fc197322b78e9800bc3c3daca16cfbd679254badf0cc64da883e29b80f09d334dd33f562d1e1cd19e9ee184f4c58aee21ed60c5b155ad83ab8c418641ee333b2b589774e0cbfd9946b13976f12a3fe99a904cc15ec606836ed087bb7f5bf93ed6631838cc67134874e17eaaf8b918d1c5641ae22375e37f21dd9d12d0d2f6951a7be66a68a3a2abdc71ab1e114f0be3a1db9cf5bb16afeb4b14620a2fb1e3b70ef93987d8c7396f2c5ef8570ad2926fc1e043e1ca0d80fcb5283627cee8b539590a957a2ea6105d8f94dc427fa6eadedf9d751f76ba50203010001a382012430820120300f0603551d130101ff040530030101ff301d0603551d0e04160414d3948a4c62132a192eccaf728a7d36d79a1cdc67300e0603551d0f0101ff0404030201063081dd0603551d1f0481d53081d2308187a08184a08181867f6c6461703a2f2f6469726563746f72792e642d74727573742e6e65742f434e3d442d5452555354253230526f6f74253230436c617373253230332532304341253230322532304556253230323030392c4f3d442d5472757374253230476d62482c433d44453f63657274696669636174657265766f636174696f6e6c6973743046a044a0428640687474703a2f2f7777772e642d74727573742e6e65742f63726c2f642d74727573745f726f6f745f636c6173735f335f63615f325f65765f323030392e63726c300d06092a864886f70d01010b0500038201010034ed7b5a3ca49488ef1a1175072fb3fe3cfa1e5126eb87f629dee0f1d4c62409e9c1cf551bb430d9ce1afe0651a615a42defb24bbf20282549d1a6367734e864df52b111c7737acd399ec2ad8c7121f25a6bafdf3c4e55afb284651489b977cb2a31becfa36dcf6f489432466fe7718ca0a684193707f20345092b86757cdf5f695700db6ed8a672224b50d4759856dfb718ff434350ae7a447bf07951d7433da7d381d3f0c94fb9dac69786d082c3e4426dfeb0e2644e0e26e7403426b50889d70863633827751e33ea6ea8dd9f994f744d8189804bdd9a97295c2fbe8141b98cffea7d60069ecdd73dd32ea315bca8e626e56fc3dcb80321ea9f16f12c54b5	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\C88344C018AE9FCCF187B78F22D1C5D74584BAE5	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\093C61F38B8BDC7D55DF7538020500E125F5C836	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\89DF74FE5CF40F4A80F9E3377D54DA91E101318E\Blob = 03000000010000001400000089df74fe5cf40f4a80f9e3377d54da91e101318e20000000010000000e0400003082040a308202f2a003020102020900c27e43044e473f19300d06092a864886f70d01010b0500308182310b30090603550406130248553111300f06035504070c08427564617065737431163014060355040a0c0d4d6963726f736563204c74642e3127302506035504030c1e4d6963726f73656320652d537a69676e6f20526f6f742043412032303039311f301d06092a864886f70d0109011610696e666f40652d737a69676e6f2e6875301e170d3039303631363131333031385a170d3239313233303131333031385a308182310b30090603550406130248553111300f06035504070c08427564617065737431163014060355040a0c0d4d6963726f736563204c74642e3127302506035504030c1e4d6963726f73656320652d537a69676e6f20526f6f742043412032303039311f301d06092a864886f70d0109011610696e666f40652d737a69676e6f2e687530820122300d06092a864886f70d01010105000382010f003082010a0282010100e9f88ff363adda86d8a7e042fbcf91dea626f899a56370ad9baeca33407d6d966ea10e44eee1139d9442529abd7585742ca80e1d93b618b78c2ca8cffb5c71b9daecfee87e8fe42f1db2a87587d8b7a1e53bcf994a46d083197dc0a1121c956d4af4d8c7a54d332e853940757e147c80129850c74167b8a0806154a66c4e1fe09d0e07e9c9ba33e7fec055282c0280a719f59edc555303977b0748ff99fb378a24c459cc5010638eaaa91ab0841a86f95fbbb1506ea4d10accd5717e1fa71b7cf5536e225fcb2be6d47c5daed6c2c64ce50501d9ed57fcc12379fcfac8248395f3b56a5101d077d6e912a1f91a83fb821bb9b097f47606334349a0ff0bb5fab50203010001a38180307e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414cb0fc6df4243cc3dcbb54823a11a7aa62abb3468301f0603551d23041830168014cb0fc6df4243cc3dcbb54823a11a7aa62abb3468301b0603551d11041430128110696e666f40652d737a69676e6f2e6875300d06092a864886f70d01010b05000382010100c9d10e5e2ed5ccb37c3ecbfc3dff0d28959304c8bfdacd79b84390f0a4beeff2ef2198bcd4d45d06f6ee42ec306ca0aaa9caf1af8afa3f0b736a3eea2e407e1fae546179eb2e0837d723f38c9fbe1db1e1a475dba0e25414b1ba1c29a418f612baa21414e33135c840ffb7e0057657c11c59f2f8bfe4ed25625c84f07e7e1fb3bef9b72111cc03015670a710921e1b34811ead9c1ac3043ced0261d61e06f35f3a87f22bf14587e53dacd1c75784bd6baedcd8f9b61b62700b3d36c942f232d77a61e6d2db3dcfc8a9c99bdcdb5844d76f38af7f78d3a3ad1a75ba1cc1367c8f1e6d1cc37546ae3505a6f65c3d21ee56f0c982222d7a54ab70c37d2265827096	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Honeygain.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Honeygain_install (1).exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\1B8EEA5796291AC939EAB80A811A7373C0937967	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\4812BD923CA8C43906E7306D2796E6A4CF222E7D	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\8AC7AD8F73AC4EC1B5754DA540F4FCCF7CB58E8C\Blob = 0300000001000000140000008ac7ad8f73ac4ec1b5754da540f4fccf7cb58e8c200000000100000098030000308203943082027ca003020102020a31f5e4620c6c58edd6d8300d06092a864886f70d01010b05003067310b300906035504061302494e31133011060355040b130a656d5369676e20504b4931253023060355040a131c654d756468726120546563686e6f6c6f67696573204c696d69746564311c301a06035504031313656d5369676e20526f6f74204341202d204731301e170d3138303231383138333030305a170d3433303231383138333030305a3067310b300906035504061302494e31133011060355040b130a656d5369676e20504b4931253023060355040a131c654d756468726120546563686e6f6c6f67696573204c696d69746564311c301a06035504031313656d5369676e20526f6f74204341202d20473130820122300d06092a864886f70d01010105000382010f003082010a0282010100934bbbe9668aee9d5bd53493d01b1ec3e79eb864337f637868b4cd2e7175d79b20c64d29bcb668608af7219a56355af376bdd8cd9aff93564ba55906a1933429dd1634754ef281b4c7964ead1915524afe3c707570cdaf2bab159a333caab38baacd43fdf5ea70ffedcf113b94ce4e3216d323402a77b3af3c012c6ced992c8bd94e6998b2f78f41b0327861d60d5fc3faa240921d5c17e6703e35e7a2b7c262e2aba4384cb539356fea0369fa3a5468856dd6f22f43551e910d0ed8d56aa496d1133c2c7850e83a92d21756e5351a401c3e8d2ced39df42e0834174dfa3cdc286604868e3690b54008be47669210d794e34085e14c2ccb1b7add77c708ac7850203010001a3423040301d0603551d0e04160414fbef0d869eb0e3dda9b9f121177f3efcf0772b1a300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010059fff28cf5877d713da39f1b5bd1daf8d39c6b36bd9ba961ebde162c743d9ee675dad7baa7bc4217e73d91ebe57ddd3e9cf1cf92ac6c48ccc2223f693bc5b6152fa335c6682a1c57af39ef8dd035c3180c7b00561ccd8b1974debe0f12e0d0aaa13f0234b170ce9d18d608030946ee60e07eb6c44904517d7060bcaab2ff79727aa61d3d5f2af8cae2fd39b747b9eb7edf0423affa9c0607e9fb63938040b5c66c0a3128ce0c9fcfb3233580418d6cc4377b812f80a1404285e9d9388de8a153cd01bf69e85a06f2450b90faaee1bf9df2ae573ca5aeb256f48b6540e9fd31812cf43909d8ee6ba7b4a61d15a598f70181d8857df3515c7188debacc1f807e4a	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\EDE571802BC892B95B833CD232683F09CDA01E46	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\C3197C3924E654AF1BC4AB20957AE2C30E13026A	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\D1CBCA5DB2D52A7F693B674DE5F05A1D0C957DF0\Blob = 030000000100000014000000d1cbca5db2d52a7f693b674de5f05a1d0c957df02000000001000000930200003082028f30820215a00302010202105c8b99c55a94c5d27156decd8980cc26300a06082a8648ce3d040303308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374204543432043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374204543432043657274696669636174696f6e20417574686f726974793076301006072a8648ce3d020106052b81040022036200041aac545aa9f96823e77ad5246f53c65ad84babc6d5b6d1e67371aedd9cd60c61fddba08903b80514ec57ceee5d3fe221b3cef7d48a79e0a3837e2d97d061c4f199dc259163ab7f30a3b470e2c7a1339cf3bf2e5c53b15fb37d327f8a34e37979a3423040301d0603551d0e041604143ae10986d4cf19c29676744976dce035c663639a300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300a06082a8648ce3d040303036800306502303667a11608dce49700411d4ebee16301cf3baa421164a09d94390211795c7b1dfa64b9ee1642b3bf8ac209c4ece4b14d023100e92a61478c524a4b4e1870f6d644d66ef583ba6d58bd24d95648eaefc4a24681886a3a46d1a99b4dc961dad15d576a18	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\74F8A3C3EFE7B390064B83903C21646020E5DFCE	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\47BEABC922EAE80E78783462A79F45C254FDE68B\Blob = 03000000010000001400000047beabc922eae80e78783462a79f45c254fde68b2000000001000000c9030000308203c5308202ada003020102020100300d06092a864886f70d01010b0500308183310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e3131302f06035504031328476f20446164647920526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a308183310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e3131302f06035504031328476f20446164647920526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bf716208f1fa5934f71bc918a3f7804958e9228313a6c52043013b84f1e685499f27eaf6841b4ea0b4db7098c73201b1053e074eeef4fa4f2f593022e7ab19566be28007fcf316758039517be5f935b6744ea98d8213e4b63fa90383faa2be8a156a7fde0bc3b6191405caeac3a804943b467c320df3006622c88d696d368c1118b7d3b21c60b438fa028cced3dd4607de0a3eeb5d7cc87cfbb02b53a4926269512505611a44818c2ca9439623dfac3a819a0e29c51ca9e95d1eb69e9e300a39cef18880fb4b5dcc32ec85624325340256270191b43b702a3f6eb1e89c88017d9fd4f9db536d609dbf2ce758abb85f46fccec41b033c09eb49315c6946b3e0470203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604143a9a8507106728b6eff6bd05416e20c194da0fde300d06092a864886f70d01010b0500038201010099db5d79d5f99759670361f17e3b0631752da1208e4f6587b4f7a69cbcd8e92fd0db5aeecf748c73b43842da057bf80275b8fda5b1d7aef6d7de13cb53107e8a46d197fab72e2b11ab90b02780f9e89f5ae9379fabe4df6cb385179d3dd9244f799135d65f04eb8083ab9a022db510f4d890c7047340ed7225a0a99fec9eab68129957c68f123a09a4bd44fd061537c19be432a3ed38e8d864f32c7e14fc02ea9fcdff076817db2290382d7a8dd154f169e35f33ca7a3d7b0ae3ca7f5f39e5e275bac5761833ce2cf02f4cadf7b1e7ce4fa8c49b4a5406c57f7dd5080fe21cfe7e17b8ac5ef6d416b243090c4df6a76bb4998465ca7a88e2e244be5cf7ea1cf5	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\9F744E9F2B4DBAEC0F312C50B6563B8E2D93C311	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\010C0695A6981914FFBF5FC6B0B695EA29E912A6	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\B31EB1B740E36C8402DADC37D44DF5D4674952F9	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\DF717EAA4AD94EC9558499602D48DE5FBCF03A25	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\58E8ABB0361533FB80F79B1B6D29D3FF8D5F00F0\Blob = 03000000010000001400000058e8abb0361533fb80f79b1b6d29d3ff8d5f00f0200000000100000037040000308204333082031ba00302010202030983f3300d06092a864886f70d01010b0500304d310b300906035504061302444531153013060355040a0c0c442d547275737420476d62483127302506035504030c1e442d545255535420526f6f7420436c617373203320434120322032303039301e170d3039313130353038333535385a170d3239313130353038333535385a304d310b300906035504061302444531153013060355040a0c0c442d547275737420476d62483127302506035504030c1e442d545255535420526f6f7420436c61737320332043412032203230303930820122300d06092a864886f70d01010105000382010f003082010a0282010100d3b24acf7a47ef759b23fa3a2fd6504589353ac66bdbfedb0068a8e003111d3750089f4d4a689435b353d19463a72056afde5178ec2a3df34848503e0adf46558b276dc3104d0d915243d887e05d4e36b521ca5f3940045f5b7ecca3c62ba9401ed93684d648f3921e34462024c1a4518e4a1aef503f695d197f45c3c7018f51c923e872aeb4bc56097f12cb1cb1af29900ac955cc0fd3b41aed47355a4aed9c730421d0aabd0c13b500ca266cc46b0c945a9594da509af1ffa52b6631a4c938a0df1d1fb8092ef3a7e86752ab951fe0463ed8a4c3ca5ac53180e8489a9f9469fe19ddd8737c81ca96de8eedb33205658434e6e6fd5710b55f76bf2fb0100dc50203010001a382011a30820116300f0603551d130101ff040530030101ff301d0603551d0e04160414fdda14c49f30de21bd1e4239fcab632349e0f184300e0603551d0f0101ff0404030201063081d30603551d1f0481cb3081c8308180a07ea07c867a6c6461703a2f2f6469726563746f72792e642d74727573742e6e65742f434e3d442d5452555354253230526f6f74253230436c61737325323033253230434125323032253230323030392c4f3d442d5472757374253230476d62482c433d44453f63657274696669636174657265766f636174696f6e6c6973743043a041a03f863d687474703a2f2f7777772e642d74727573742e6e65742f63726c2f642d74727573745f726f6f745f636c6173735f335f63615f325f323030392e63726c300d06092a864886f70d01010b050003820101007f97db30c8dfa49c7d217a8070ce141269881495604401acb2e9304f9b50c266d87e8d30b57031e9e269c7f370db201586d00df0beac017584ce7e9f4dbfb7603b9cf3ca1de25e68d8a39d97e54060d23621fed0b4b817da74a37fd4dfb09802ac6f6b6b2c252472a165ee255ae5e632e7f2dfab49faf3906923db04d9e75c58fc65d497beccfc2e0acc252a3504f8609115753d41ff231f19c86ceb825304a6e44c224d8d8cbace5b73ec6454506dd19c55fb69c336c38cbc3c85a66b0a260de0939860ae7ec624978a615f918e6692098736cd8b9b2d3ef651d450d45928bd83f2cc287b53866dd8268870d7ea91cd3eb9cac0906e5ac65e7465d75cfea3e2	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\76E27EC14FDB82C1C0A675B505BE3D29B4EDDBBB	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\B80186D1EB9C86A54104CF3054F34C52B7E558C6	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\06083F593F15A104A069A46BA903D006B7970991	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\9BAAE59F56EE21CB435ABE2593DFA7F040D11DCB	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\E72EF1DFFCB20928CF5DD4D56737B151CB864F01\Blob = 030000000100000014000000e72ef1dffcb20928cf5dd4d56737b151cb864f01200000000100000077030000308203733082025ba003020102020b00aecf00bac4cf32f843b2300d06092a864886f70d01010b05003056310b300906035504061302555331133011060355040b130a656d5369676e20504b4931143012060355040a130b654d756468726120496e63311c301a06035504031313656d5369676e20526f6f74204341202d204331301e170d3138303231383138333030305a170d3433303231383138333030305a3056310b300906035504061302555331133011060355040b130a656d5369676e20504b4931143012060355040a130b654d756468726120496e63311c301a06035504031313656d5369676e20526f6f74204341202d20433130820122300d06092a864886f70d01010105000382010f003082010a0282010100cfeba9b9f19905ccd828214af3733451845610f5a04f2c12e3fa139a27d0cff9791a745f1d7939fc5bf8708ee09252f7e425f95483d91dd3c85a853f5ec7b607ee3ec0ce9aafac56422a392570d6bfb57b36adacf673dccdd71d8a83a5fb2b9015376b1c2647dc3b2956936ab3c16a3a9d3df5c1973858058b1c11e3e4b4b85d851d83fe785f0b45681848a54673343bfe0fc876bbc718f305d186f385ede7b9d932ad5588cea6b691b04fac7e152396f63ff0203416de0ac6c40445797fa7fdbed2a9a5af9cc5232af73c216cbdaf8f4ec53ab2f33412fcdf801a49a4d4a995f79e895ea289ac94cba8689baf8a6527cd89eedd8cb56b297043a0690be4b90f0203010001a3423040301d0603551d0e04160414fea1e0701e2a0339525a42be5c91857a18aa4db5300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100c24a56fa15217b28a2e9e51dfbf82dc43996414c3b272cc46c181580c6acaf47592f260be336b0ef3bfe439749329912155bdf1129ffab53f8bbc1780fac9c53af57bd688c3d6933f0a3a023633b64672244add571cb562a7892a34f12313636e2defe00c4a3600f27ada0b08ab5367a52a1bd27f4202762e84d942413e40a04e93cab2ec843094ac66104e549347ed3c4c8f50fc0aae9ba545ef3632b4f4f50d4feb97b998c3dc02ebc022bd3c440e48a07311e9bce269913fb11ea9a220c1119c75e1b815030c896126ee7cb417f913ba247b754801bdc00cc9a90eac3c35006620c30c01548a7a8597ce1ae22a2e20a7a0ffa62ab524ce1f1dfcabe830d42	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\8F6BF2A9274ADA14A0C4F48E6127F9C01E785DD1	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\2F8F364FE1589744215987A52A9AD06995267FB5\Blob = 0300000001000000140000002f8f364fe1589744215987a52a9ad06995267fb52000000001000000de050000308205da308203c2a003020102020c05f70e86da49f346352ebab2300d06092a864886f70d01010b0500308188310b30090603550406130255533111300f06035504080c08496c6c696e6f69733110300e06035504070c074368696361676f3121301f060355040a0c1854727573747761766520486f6c64696e67732c20496e632e3131302f06035504030c2854727573747761766520476c6f62616c2043657274696669636174696f6e20417574686f72697479301e170d3137303832333139333431325a170d3432303832333139333431325a308188310b30090603550406130255533111300f06035504080c08496c6c696e6f69733110300e06035504070c074368696361676f3121301f060355040a0c1854727573747761766520486f6c64696e67732c20496e632e3131302f06035504030c2854727573747761766520476c6f62616c2043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a0282020100b95d51284b3c3792d182cebd1dbdcdddb8abcf0a3ee15de5dcaa09b957023ee66361dff20f8263aea3f7ac73d17ce7b30baf080009597fcd292a889387171880ed88b2b4b6101f2dd65f55a2135dd1c6eb06568988feac329dfd5cc305c76eee8689ba88039d72218690ae8f03a5dc9f8828cba392490fecd00fe26d444f806ab2d4e7a00a5301ba8e9791766ebcfcd56b36e64088d67b2f5f05e82c6d11f3e7b2be92444cd297a4fed2728143079ce9113ef58b1a597d1f6858dd04002c96f343b37e981974d99c73d918be41c73479d9f462c243b9b327b022cbf93d52c73047b3c93eb86ae2e7e881705e428b4f26a5fe3ac2206ebbf8168ecd0ca9b41b6c7610e15879463e54ce80a8570937291b99138f0cc8d62c1cfb05e808953d6546dceecd69e24d8f87284e340b3ecf14d9bbddb6509aad77d419d6da1a88c84e1b2775d8b208f1ae8330b9110ecd87f0848d15727ca1efccf28861baf469bb0c8c0b755704b84e2a142e3d0f1c1e32a66236ee66e222b80540631022f3331d74728a2cf53929a0d3e71b80842dc53de34db1fd1a6fba65073b58ec424526fbd8da2572c4f600b12279bde37c59624a9c056f3dcee6d6476399c6246f7212c8ac7f90b40b9170e8b7e616107117cede064f48417d354aa389f2c94b7b41116d67b708984ce51119ae4280dcfb9005d4f850cabee4adc7c294d7169de6178faf36fb0203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e0416041499e019670d62db76b3da3db85be8fd42d2310e87300e0603551d0f0101ff040403020106300d06092a864886f70d01010b05000382020100987370e2b0d3ed39ec4c60d9a91286171e96d0e854283b642d21a6f89d56136a483d4fc73e29db6d5883543d877d2305d4e41cdce8386586c575a75adb3505bd77debb2937400507c394529fca64ddf11b2bdc460a100231fd4a680d076490e61ef52aa1a8bb3c5df9a3080b110cf13f2d10946ffee2348783d6cfe51b356dd203e1b00da8a0aa46278236a715b608a6425457b6995ae20b7990d7571251351988416825d437178415fb0172dc95de5226209826e276f5276ffa003b4a61d90dcb51932afd160696a7239a2348fe51bdb6c4b0b154cede6c41ad16677edbfd38cdb9384eb2c160cb9d17df589e7a62b2268f74959be45b1dd20fdd981c9b59b923d331a0a6ff38ddcf204fe958563a67c3d1f699999dba36b6802f88474f86bf443a80e4371ca6baea979811d0846247641eaaee40bf34b19c8f4ee1f2924f1f8ef39e97def3a6796a89714f4b271748feecf4500f4f497dcc45e3bd7a40c541dc6156270669e5724181d3b60189a02f3a7279fe3a30bf41ecc7623e914bc7d9317642f9f73c63ec268c730c7d1a1deaa87c87a8c2277ce133410fcfcffc00a022809e4aa76f00b04145b722ca6848c542a2aedd1df2e06e4e0558b1c090162aa43d1040be8f626383a99c827d2d02e983307ccb27c9fd1e6600b02ed3212f8e33166c98ed10a807d6cc93cfdbd1691ce4cac9e0b69ce9ce7171de6c3f16a479	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\BDB1B93CD5978D45C6261455F8DB95C75AD153AF\Blob = 030000000100000014000000bdb1b93cd5978d45c6261455f8db95c75ad153af20000000010000001f0200003082021b308201a1a003020102021041d29dd172eaeea780c12c6ce92f8752300a06082a8648ce3d040303304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205832301e170d3230303930343030303030305a170d3430303931373136303030305a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f742058323076301006072a8648ce3d020106052b8104002203620004cd9bd59f80830aec094af3164a3e5ccf77acde67050d1d07b6dc16fb5a8b14dbe27160c4ba459511898eea06dff72a161ca4b9c5c532e003e01e8218388bd745d80a6a6ee60077fb02517d22d80a6e9a5b77dff0fa41ec39dc75ca68070c1feaa3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604147c4296aede4b483bfa92f89e8ccf6d8ba9723795300a06082a8648ce3d040303036800306502307b794e465084c24487461b4570ff5899def4fda4d255a6202d74d634bc41a3505f012756b4be277506af122e75988dfc0231008bf5776cd4c865aae00b2cee149d2737a4f953a551e42983d7f890315b429f0af5feae0068e78c490fb66f5b5b15f2e7	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob = 030000000100000014000000afe5d244a8d1194230ff479fe2f897bbcd7a8cb42000000001000000dc050000308205d8308203c0a00302010202104caaf9cadb636fe01ff74ed85b03869d300d06092a864886f70d01010c0500308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f72697479301e170d3130303131393030303030305a170d3338303131383233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a3423040301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201000af1d54684b7ae51bb6cb24d411400934c9ccbe5c054cfa0258e02f9fdb0a20df520983c132dac56a2b0d67e1192e92eba9e2e9a72b1bd19446c6135a29ab41612695a8ce1d73ea41ae82f03f4ae611d101b2aa48b7ac5fe05a6e1c0d6c8fe9eae8f2bba3d99f8d8730958466ea69cf4d727d395da3783721cd373e0a2479903385dd5497900291cc7ec9b201c0724695778b239fc3a84a0b59c7c8dbf2e936227b739da1718aebd3c0968ff849b3cd5d60b03e3579e14f7d1eb4fc8bd8723b7b6494379855cbaeb920ba1c6e868a84c16b11a990ae8532c92bba10918750c65a87bcb23b71ac22885c31bffd02b62efa47b099198678c1401cd68066a6321750380888a6e81c685f2a9a42de7f4a524104783cacdf48d7958b1069be71a2ad99d01d7947ded034acaf0dbe8a9013ef55699c91e8e493dbbe509b9e04f49923d168240cccc59c6e63aed122e693c6c95b1fdaa1d7b7f86be1e0e3246fbfb138f757f4c8b4b4663fe00344070c1c3b9a1dda670e204b341bce98091ea649c7ae12203a99c6e6f0e654f6c87875ef36ea0f975a59b40e853b2279d4ab9c077218dff87f2debc8cef17dfb7490bd1f26e300b1a0e4e76ed11fcf5e956b27dbfc76d0a938ca5d0c0b61dbe3a4e94a2d76e6c0bc28a7cfa20f3c4e4e5cd0da8cb9192b17c85ecb51469660e82e7cdcec82da6517f21c1355385064a5d9fadbb1b5f74	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\58D1DF9595676B63C0F05B1C174D8B840BC878BD	Honeygain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Honeygain_install (1).exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\1F24C630CDA418EF2069FFAD4FDD5F463A1B69AA	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\E252FA953FEDDB2460BD6E28F39CCCCF5EB33FDE\Blob = 030000000100000014000000e252fa953feddb2460bd6e28f39ccccf5eb33fde200000000100000076030000308203723082025aa00302010202143e8a5d07ec55d232d5b7e3b65f01eb2ddce4d6e4300d06092a864886f70d01010b05003051310b300906035504061302504c31283026060355040a0c1f4b72616a6f776120497a626120526f7a6c69637a656e696f776120532e412e3118301606035504030c0f535a4146495220524f4f5420434132301e170d3135313031393037343333305a170d3335313031393037343333305a3051310b300906035504061302504c31283026060355040a0c1f4b72616a6f776120497a626120526f7a6c69637a656e696f776120532e412e3118301606035504030c0f535a4146495220524f4f542043413230820122300d06092a864886f70d01010105000382010f003082010a0282010100b7bc3e50a84bcd40b5ce61e796cab4a1da0c22b0fab57b7600778c0bcf7da886cc2651e4203d850cd658e3e7f42a189ddad1ae26eeeb53dcf490d6134a0c903cc3f4dad28e0d923adcb1b1ff38dec3ba2d5f80b902bd4a9d1b0fb4c3c2c16703dddc1b9c3db3b0de001ea83447bb9aebfe0b14bd3684da0d20bffa5bcba91620ad3960ee2f75b6e7979cf93efd7e4d6f4d2fef880d6afaddf13d6e20a5a012b44d70b9ced7723b8993a780841c27497249b5ff3b959ec1ccc801ece80e8a0a96e7b3a687e5d6f9052b0d9740703cbaac755a9cd54d9d020ad24b9b664b46071765ad9f6c8800dc2289e0e164d467bc3179613cbbca41cd5c6a00c83c388e58af0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604142e16a94a18b5cbccf56f50f3235ff85de7acf0c8300d06092a864886f70d01010b05000382010100b573f803dc595b1d76e9a32a7b9028b24dc0334faa9ab1d4b8e427ffa99699ce46e06d7c4ca238a40670f0f44111ec3f478d3f7287f93bfda46f2b5300e0ff39b96a070eeb1d1cf6a27290cb823d11828bd2bb9f2aaf21e663869d7919eff7bb0c3590c38aed4f0ff5cc12d9a43ebba0fc20955f4f262f1123834e75070fbf9bd1b41de91004feca608fa24cb8adcfe1900fcdae0ac75d7bb750d2d461fad515dbd79f875154eba5e3ebc985a0252037fb8ece0c3484e13c81b2774e43a5885f8667a13de6b45c61b63edbfeb728c5a207aeb5caca8d2a12ef97edc230a4c92a7afbf34d231b993334a02ef5a90b3fd45de1cf849fe219c25f8ad6201ee373b7	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\FE45659B79035B98A161B5512EACDA580948224D	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\925A8F8D2C6D04E0665F596AFF22D863E8256F3F	Honeygain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	Honeygain_install (1).exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\B8236B002F1D16865301556C11A437CAEBFFC3BB\Blob = 030000000100000014000000b8236b002f1d16865301556c11a437caebffc3bb200000000100000002020000308201fe30820185a00302010202087497258ac73f7a54300a06082a8648ce3d0403033045310b300906035504061302555331143012060355040a0c0b41666669726d54727573743120301e06035504030c1741666669726d5472757374205072656d69756d20454343301e170d3130303132393134323032345a170d3430313233313134323032345a3045310b300906035504061302555331143012060355040a0c0b41666669726d54727573743120301e06035504030c1741666669726d5472757374205072656d69756d204543433076301006072a8648ce3d020106052b81040022036200040d305e1b159d03d0a17935b73a3c927aca151ccd62f39c265c073de554faa3d6cc12eaf4145fe88e19ab2f2e48e6ac184378acd037c3bdb2cd2ce647e21ae663b83d2e2f78c44fdbf40fa4684c55726b951d4e18429578cc373c91e29b652b29a3423040301d0603551d0e041604149aaf297ac011353526513000c36afe40d5aed63c300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106300a06082a8648ce3d040303036700306402301709f38788505aafc8c042bf475ff56c6a86e0c42774e43853d7057f1b34e3c62fb3ca093c379dd7e7b846f1fda1e271023042598743d451dfbad309325ace887e573d9c5f426bf5072db5f08293f9596fae64fa58e58b1ee363beb581cd6f028c79	Honeygain.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\62FFD99EC0650D03CE7593D2ED3F2D32C9E3E54A\Blob = 03000000010000001400000062ffd99ec0650d03ce7593d2ed3f2d32c9e3e54a2000000001000000720200003082026e308201f3a003020102021062f6326ce5c4e3685c1b62dd9c2e9d95300a06082a8648ce3d0403033078310b30090603550406130245533111300f060355040a0c08464e4d542d52434d310e300c060355040b0c0543657265733118301606035504610c0f56415445532d51323832363030344a312c302a06035504030c234143205241495a20464e4d542d52434d205345525649444f5245532053454755524f53301e170d3138313232303039333733335a170d3433313232303039333733335a3078310b30090603550406130245533111300f060355040a0c08464e4d542d52434d310e300c060355040b0c0543657265733118301606035504610c0f56415445532d51323832363030344a312c302a06035504030c234143205241495a20464e4d542d52434d205345525649444f5245532053454755524f533076301006072a8648ce3d020106052b8104002203620004f6ba5753c8caabdf364a5221e497d283679ef06551d05e87c747b159f257479b000293441769db42c7b1b23a180eb45d8cb3665da134f9362c49dbf346fcb34469441366fdd7c5fdaf364dce034d0771cfaf6a05d2a2435a0a526f01034e8e8ba3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e0416041401b92fefbf118660f24fd0416eab731fe7d26e49300a06082a8648ce3d0403030369003066023100ae4ae32b40c37411f295ad1623de4e0c1ae65da5245e6b447bfc38e24fcb9c4517114c1427265539754a03cc13909f92023100fa4a6c608873f3eeb89862a9ce2bc2d98aa670311dafb0944ceb4fc6e3d1f362a73cff932e075c49016769120272bfe7	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Honeygain.exe
Key created	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\55A6723ECBF2ECCDC3237470199D2ABE11E381D1	Honeygain.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Honeygain_install (1).exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\SystemCertificates\honeygain\Certificates\D8C5388AB7301B1B6ED47AE645253A6F9F1A2761\Blob = 030000000100000014000000d8c5388ab7301b1b6ed47ae645253a6f9f1a27612000000001000000be050000308205ba308203a2a003020102020900bb401c43f55e4fb0300d06092a864886f70d01010505003045310b300906035504061302434831153013060355040a130c53776973735369676e204147311f301d0603550403131653776973735369676e20476f6c64204341202d204732301e170d3036313032353038333033355a170d3336313032353038333033355a3045310b300906035504061302434831153013060355040a130c53776973735369676e204147311f301d0603550403131653776973735369676e20476f6c64204341202d20473230820222300d06092a864886f70d01010105000382020f003082020a0282020100afe4ee7e8b240e126ea9502d16443b92925ccab85d849242132abc655782403e5724cd508b252ab76ffcefa2d0c01f02244a13968f2313e6285800a347c706a784232bbbbd962b7f55cc8bc1571f0e62650fdd3d568a73daae7e6dba811c7e428c2035d9434d84fa84db522cf30e27770b6bbf112f72789f2ed83ee618375a2a72f9da62909295ca1f9ce9b33c2bcbf30113bf5acfc1b50a60bdddb5996453b8a096b36fe22677918ce06210029f340fa4d5923351debe8dba847a603c6adb9f2becdede013f6e4de55086cbb4afed4440c5ca5a8cdad22b7ca8eebea6e50aaa0ea5df0552b755c7225d326a97976313dbc9db79367b853a4ac55289f924e79d77a982ff551ca571692bd10224f2b326d46bda0455e5c10ac76d3037902ae49e14335e161755c55bb5cb348992f19d268fa107d4c6b27850db0c0c0b7c0b8c41d7b9e9dd8c88f7a34db232ccd817dacdb7ce669dd4fd5effbd973e2975e77ea76258af2534a541c73dbc0d50ca03030f085a1f95737862bfaf7214690ea5e5030e788e262842f0070b622010673946faa903cc04387a66ef2083b58c4a568e9100fc8e5c82de88a0c3e2686e7d8def3cdd65f45dac51ef2480aeaa56976ff9ad7dda613f98773ca591b61c8c26da65a2096dc1e254e3b9ca4c4c808f777b609a1edfb6f2481e0eba4e546d98e0e1a21aa27750cfc46392ec47199debe66bcec10203010001a381ac3081a9300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604145b257b96a465517eb839f3c078665ee83ae7f0ee301f0603551d230418301680145b257b96a465517eb839f3c078665ee83ae7f0ee30460603551d20043f303d303b0609608574015901020101302e302c06082b060105050702011620687474703a2f2f7265706f7369746f72792e73776973737369676e2e636f6d2f300d06092a864886f70d0101050500038202010027bae3947cf1aec0de17e6e5d8d5f554b083f4bbcd5e057b4f9f7566af3ce8567efc72783803d92b621b00b9f8e960cdccce518ac750316ee14a7e182f6959b63d64812be38384e622878e7de0ee029961b81ef4b82b88121684c23193389631a6b93b533fc32493565b6992ecc5c1bb3800e3ec17a9b8dcc77c01839f3247ba5222341d327a0956a77c2536a93d4bdac0826f0abb12c8874b2711f91e2dc7933f9edb5f266b52d92e8af114c6448d15a9b7bfbddea61aeeae2dfb487717febbecaf18f52a51f0398497956c6e1bc32bc474607925b00a27dfdf5ed239cf457d424bdfb32c1ec5c65dca553aa09c699a8fdaefb2b03c9f876c122b65701552311a24cf6f3123501f8c4f8f23c37441631c55a814dd3ee05150cff11b30560e92b08285d883cb2264bc2db825d554a2b806eaad92a424a0c186b54a136a47cf2e0b569554cbce9adb6ab4a6b2db4108862777f76aa0426c0b38ced775503292c2df2b302248d0d54138255da4e95d9fc69475d045fd3097438f90ab0ac78673604a692ddea578d706da6a9e4b3e773a20132201d0bf689e63606b354d0b6dbaa13dc093e07f23b355ad72254e46f9d216efb064c1019ee9caa06a980ecfd860f22f49b8e442e1383516f4c86e4ff78156e8baa3be23afaefd6f03e0023b3076fa1b6d41cf01b1e9b8c966f4db26f33aa474f249245bc9b0d057c1fa3e7ae197c9	Honeygain.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4076	MsiExec.exe
4076	MsiExec.exe
4076	MsiExec.exe
4076	MsiExec.exe
1736	MsiExec.exe
1736	MsiExec.exe
8	msiexec.exe
8	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	8	msiexec.exe
Token: SeCreateTokenPrivilege	1584	Honeygain_install (1).exe
Token: SeAssignPrimaryTokenPrivilege	1584	Honeygain_install (1).exe
Token: SeLockMemoryPrivilege	1584	Honeygain_install (1).exe
Token: SeIncreaseQuotaPrivilege	1584	Honeygain_install (1).exe
Token: SeMachineAccountPrivilege	1584	Honeygain_install (1).exe
Token: SeTcbPrivilege	1584	Honeygain_install (1).exe
Token: SeSecurityPrivilege	1584	Honeygain_install (1).exe
Token: SeTakeOwnershipPrivilege	1584	Honeygain_install (1).exe
Token: SeLoadDriverPrivilege	1584	Honeygain_install (1).exe
Token: SeSystemProfilePrivilege	1584	Honeygain_install (1).exe
Token: SeSystemtimePrivilege	1584	Honeygain_install (1).exe
Token: SeProfSingleProcessPrivilege	1584	Honeygain_install (1).exe
Token: SeIncBasePriorityPrivilege	1584	Honeygain_install (1).exe
Token: SeCreatePagefilePrivilege	1584	Honeygain_install (1).exe
Token: SeCreatePermanentPrivilege	1584	Honeygain_install (1).exe
Token: SeBackupPrivilege	1584	Honeygain_install (1).exe
Token: SeRestorePrivilege	1584	Honeygain_install (1).exe
Token: SeShutdownPrivilege	1584	Honeygain_install (1).exe
Token: SeDebugPrivilege	1584	Honeygain_install (1).exe
Token: SeAuditPrivilege	1584	Honeygain_install (1).exe
Token: SeSystemEnvironmentPrivilege	1584	Honeygain_install (1).exe
Token: SeChangeNotifyPrivilege	1584	Honeygain_install (1).exe
Token: SeRemoteShutdownPrivilege	1584	Honeygain_install (1).exe
Token: SeUndockPrivilege	1584	Honeygain_install (1).exe
Token: SeSyncAgentPrivilege	1584	Honeygain_install (1).exe
Token: SeEnableDelegationPrivilege	1584	Honeygain_install (1).exe
Token: SeManageVolumePrivilege	1584	Honeygain_install (1).exe
Token: SeImpersonatePrivilege	1584	Honeygain_install (1).exe
Token: SeCreateGlobalPrivilege	1584	Honeygain_install (1).exe
Token: SeCreateTokenPrivilege	1584	Honeygain_install (1).exe
Token: SeAssignPrimaryTokenPrivilege	1584	Honeygain_install (1).exe
Token: SeLockMemoryPrivilege	1584	Honeygain_install (1).exe
Token: SeIncreaseQuotaPrivilege	1584	Honeygain_install (1).exe
Token: SeMachineAccountPrivilege	1584	Honeygain_install (1).exe
Token: SeTcbPrivilege	1584	Honeygain_install (1).exe
Token: SeSecurityPrivilege	1584	Honeygain_install (1).exe
Token: SeTakeOwnershipPrivilege	1584	Honeygain_install (1).exe
Token: SeLoadDriverPrivilege	1584	Honeygain_install (1).exe
Token: SeSystemProfilePrivilege	1584	Honeygain_install (1).exe
Token: SeSystemtimePrivilege	1584	Honeygain_install (1).exe
Token: SeProfSingleProcessPrivilege	1584	Honeygain_install (1).exe
Token: SeIncBasePriorityPrivilege	1584	Honeygain_install (1).exe
Token: SeCreatePagefilePrivilege	1584	Honeygain_install (1).exe
Token: SeCreatePermanentPrivilege	1584	Honeygain_install (1).exe
Token: SeBackupPrivilege	1584	Honeygain_install (1).exe
Token: SeRestorePrivilege	1584	Honeygain_install (1).exe
Token: SeShutdownPrivilege	1584	Honeygain_install (1).exe
Token: SeDebugPrivilege	1584	Honeygain_install (1).exe
Token: SeAuditPrivilege	1584	Honeygain_install (1).exe
Token: SeSystemEnvironmentPrivilege	1584	Honeygain_install (1).exe
Token: SeChangeNotifyPrivilege	1584	Honeygain_install (1).exe
Token: SeRemoteShutdownPrivilege	1584	Honeygain_install (1).exe
Token: SeUndockPrivilege	1584	Honeygain_install (1).exe
Token: SeSyncAgentPrivilege	1584	Honeygain_install (1).exe
Token: SeEnableDelegationPrivilege	1584	Honeygain_install (1).exe
Token: SeManageVolumePrivilege	1584	Honeygain_install (1).exe
Token: SeImpersonatePrivilege	1584	Honeygain_install (1).exe
Token: SeCreateGlobalPrivilege	1584	Honeygain_install (1).exe
Token: SeCreateTokenPrivilege	1584	Honeygain_install (1).exe
Token: SeAssignPrimaryTokenPrivilege	1584	Honeygain_install (1).exe
Token: SeLockMemoryPrivilege	1584	Honeygain_install (1).exe
Token: SeIncreaseQuotaPrivilege	1584	Honeygain_install (1).exe
Token: SeMachineAccountPrivilege	1584	Honeygain_install (1).exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1584	Honeygain_install (1).exe
1584	Honeygain_install (1).exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe
2316	Honeygain.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2316	Honeygain.exe
2316	Honeygain.exe
1796	MicrosoftEdge.exe
216	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 4076	8	msiexec.exe	69
PID 8 wrote to memory of 4076	8	msiexec.exe	69
PID 8 wrote to memory of 4076	8	msiexec.exe	69
PID 1584 wrote to memory of 1908	1584	Honeygain_install (1).exe	70
PID 1584 wrote to memory of 1908	1584	Honeygain_install (1).exe	70
PID 1584 wrote to memory of 1908	1584	Honeygain_install (1).exe	70
PID 8 wrote to memory of 1736	8	msiexec.exe	73
PID 8 wrote to memory of 1736	8	msiexec.exe	73
PID 8 wrote to memory of 1736	8	msiexec.exe	73
PID 1736 wrote to memory of 1192	1736	MsiExec.exe	74
PID 1736 wrote to memory of 1192	1736	MsiExec.exe	74
PID 1736 wrote to memory of 1192	1736	MsiExec.exe	74
PID 1736 wrote to memory of 2620	1736	MsiExec.exe	75
PID 1736 wrote to memory of 2620	1736	MsiExec.exe	75
PID 1736 wrote to memory of 2620	1736	MsiExec.exe	75
PID 1736 wrote to memory of 304	1736	MsiExec.exe	77
PID 1736 wrote to memory of 304	1736	MsiExec.exe	77
PID 1736 wrote to memory of 304	1736	MsiExec.exe	77
PID 2316 wrote to memory of 3380	2316	Honeygain.exe	86
PID 2316 wrote to memory of 3380	2316	Honeygain.exe	86
PID 2316 wrote to memory of 3380	2316	Honeygain.exe	86

C:\Users\Admin\AppData\Local\Temp\Honeygain_install (1).exe
"C:\Users\Admin\AppData\Local\Temp\Honeygain_install (1).exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Users\Admin\AppData\Local\Temp\Honeygain_install (1).exe
  "C:\Users\Admin\AppData\Local\Temp\Honeygain_install (1).exe" /i "C:\Users\Admin\AppData\Roaming\Honeygain\Honeygain 0.11.1.0\install\Honeygain_install.msi" AI_EUIMSI=1 SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Honeygain" APPDIR="C:\Program Files (x86)\Honeygain" SECONDSEQUENCE="1" CLIENTPROCESSID="1584" AI_MORE_CMD_LINE=1
  2⤵
  - Enumerates connected drives
  - Modifies system certificate store
  PID:1908

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:8
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding BC1D65CB146AB4A8899F9C807E99EED8 C
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4076
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding DA064B9E993108965F4F4D671F7EB213
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1736
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe "C:\Windows\Installer\MSIF597.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240579984 93 Honeygain.CustomActions!Honeygain.CustomActions.CustomAction.InitEventParams
    3⤵
    - Loads dropped DLL
    - Drops file in Windows directory
    PID:1192
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe "C:\Windows\Installer\MSI3A4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240583609 97 Honeygain.CustomActions!Honeygain.CustomActions.CustomAction.SendStartEvent
    3⤵
    - Blocklisted process makes network request
    - Loads dropped DLL
    - Drops file in Windows directory
    PID:2620
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe "C:\Windows\Installer\MSI1412.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240587812 101 Honeygain.CustomActions!Honeygain.CustomActions.CustomAction.SendFinishEvent
    3⤵
    - Blocklisted process makes network request
    - Loads dropped DLL
    - Drops file in Windows directory
    PID:304

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:2372

C:\Program Files (x86)\Honeygain\Honeygain.exe
"C:\Program Files (x86)\Honeygain\Honeygain.exe"
1⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Adds Run key to start application
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Program Files (x86)\Honeygain\HoneygainUpdater.exe
  "C:\Program Files (x86)\Honeygain\HoneygainUpdater.exe" /silentall -nofreqcheck -nogui
  2⤵
  - Executes dropped EXE
  PID:3380

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1664

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:216

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4052

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_79CFD3DF2894C4BFDA2ADFD6675FA18B

Filesize
727B

MD5
2ab4a000a6fa197ddfa198e15a14fe27

SHA1
0bee6b06d40fa13bc18812267a1a1a288705f858

SHA256
53c1e2dc9d36e67ffcabe811a82e144b8215f8147b2b7b59c1cae08be2e5fb61

SHA512
967c1d99db9fdad0c54a52be1bc768e6fe996e5b72d85c2f2598a960e7f317cd8c7394f2ff08b280cd62421fdc843b4e12af3ec9d632614f951ba660f3135ef5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D11549FC90445E1CE90F96A21958A17_C82A74FFB2A57350BAF03147F5C60071

Filesize
510B

MD5
6c2d12f539b8f4e4d980d15803d6dff5

SHA1
07ada9193b9dcb43d0553e31ba401a73fcdcbeb2

SHA256
7e86552c312f05bc0ba07b6cb5be7047862666d7f6eb83878376655629119601

SHA512
e09b8d535a6721955b4caa568d2e377324c3ec15049a763ef959328193eb8fde2455ffc2409424d5451d01bb89e08936ad44e20e01562605170d815631b109d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691

Filesize
471B

MD5
a8e363183512243c81e90e9c64d87b1d

SHA1
1fe2753a55e54b6c48010e7740b23be600e2ee6a

SHA256
c20809a641cd445b837b223ad8193a5c7309974acc49fe54c4399687ad684ee1

SHA512
c43f8850f46f9a392acf73a00dd8a5791ab88417ef19eb07b0f51378f4011c18736d150343aaea7218ef11a333575851bf3ae8eef908e9ecd851b8dc2a9a6102

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_79CFD3DF2894C4BFDA2ADFD6675FA18B

Filesize
404B

MD5
ab4e59dddcd0e332bb4a5903bb6e1a02

SHA1
1f7c220e10ab8143a806ed08f7937ee7670ea624

SHA256
0dc4494b1e4ff9369f7931ec54c145428eb7f039ec7aec92cc9af86958253e66

SHA512
3add3f38a7d50ddd55ffcc115b029bbcebb9692b16eb94709dc18220add682bcef1bcd442cda667bf79b50db636f615b7c41269bf45e4e245e15a279e941ea02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D11549FC90445E1CE90F96A21958A17_C82A74FFB2A57350BAF03147F5C60071

Filesize
396B

MD5
025d67434f7ef79906172f0eb8f5efd5

SHA1
4496d2289b67554be2bab8e3cfbb80dd2e54ed05

SHA256
a11da51b6c89c07c6dd689bd95d719a4c93d4def4836c8fb5f7e1ac73f50c952

SHA512
414cb889712a01a98c9a096fcb0f67a426daa2807b05cbad8bcf60952e4d35514e6618a7b72e1b622fc709d8110a50178c19f1db695b11d71a63a45ae37f16bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691

Filesize
400B

MD5
24c08892e6b86fe12b3bb3da1e332f6a

SHA1
81df26b7cf7194a93af1f7c37aa2af7c626a9a2f

SHA256
08cb3fbbf419a517c0cb8518e168df0413b4aa27c69d4cba2710148469f3b44c

SHA512
41d56d99b724da8d3e07fa355fc7be587ed047a884660576b7a09032904c9287ac3c302cabed48c477014c9039919503798302300e31575be26651389ace00ce

Download Submit
C:\Users\Admin\AppData\Local\AdvinstAnalytics\5cda59d65f3c52452a06a98e\0.11.1.0\tracking.ini

Filesize
84B

MD5
962410cceb73241d34e788a99d0296ca

SHA1
9febbd0a68b4661c72ded7ed7164cc505dac7bb5

SHA256
9ab438f023f90104167a1126f2b6f0833c211f26d29ddb7f72a30459dd171fe5

SHA512
8e3bf73b6916e9fedaa25fd3060ca5365174b742927fca3b72521a8f6cd7dd44c61aace9e80e347b179f552546ab1ecf1d37acd3b5f92c4d85b9cdbb02784276

Download Submit
C:\Users\Admin\AppData\Local\AdvinstAnalytics\5cda59d65f3c52452a06a98e\0.11.1.0\tracking.ini

Filesize
84B

MD5
962410cceb73241d34e788a99d0296ca

SHA1
9febbd0a68b4661c72ded7ed7164cc505dac7bb5

SHA256
9ab438f023f90104167a1126f2b6f0833c211f26d29ddb7f72a30459dd171fe5

SHA512
8e3bf73b6916e9fedaa25fd3060ca5365174b742927fca3b72521a8f6cd7dd44c61aace9e80e347b179f552546ab1ecf1d37acd3b5f92c4d85b9cdbb02784276

Download Submit
C:\Users\Admin\AppData\Local\AdvinstAnalytics\5cda59d65f3c52452a06a98e\0.11.1.0\{BACC2EDD-0464-4A4F-A6DA-1603FF7A725F}.session

Filesize
12KB

MD5
ffdc8906e255292974730c369d0ec4e6

SHA1
4a7ad7f8bd4cdd6b307859e9c200c86df3853473

SHA256
cd9332e54ffe0099f90a0244c912e139ab2e952c526615144b03945a251589d2

SHA512
f5b275709fdab34417d72529c2ccc547979ca0ec05744efdf40cf1827b25bcf9e4f3e3885671409008920774023b1295ca756fb3086e62595990ddf1b8af7fa0

Download Submit
C:\Users\Admin\AppData\Local\AdvinstAnalytics\5cda59d65f3c52452a06a98e\0.11.1.0\{BACC2EDD-0464-4A4F-A6DA-1603FF7A725F}.session

Filesize
14KB

MD5
5ba193adfa951ac393e78d86f0e04f8d

SHA1
6954f0eb3731494c6d826bbfc6cccaa6a7c0e033

SHA256
42b3be242a4e158c6511d533bf1db50ec213d6d333bbe73615f646b13d51ecb7

SHA512
73d208e63a7d918730499c3314838f9ca8a8cff004d9f168d9db304f1f5b7edc1b4183c7226a648ba0aaa8c42e29f4bbe6f12536fea1e9696a89da4421c47cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

Filesize
651B

MD5
47c6667a0d9d4bdb4e5215578054c0d6

SHA1
56f494a719ad3cf29723458166d9831719941fa4

SHA256
b2526c381832cbe24e8f0d14bb7dbf8e9ab753e087a2f9b7d6b8e36065672355

SHA512
7af086ffeee540b70efd190db4b77867356452d2b22904665d6fb53fa0b3749cba6f0613cb96134bed91ba2fa80bf4cced1d8af28679d27f230748fc0d38e5e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIA6E8.tmp

Filesize
436KB

MD5
5788efa607d26332d6d7f5e6a1f6bd6f

SHA1
e7749843cc3e89bc81649087de4ad44c93d48bc6

SHA256
9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

SHA512
ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIA851.tmp

Filesize
875KB

MD5
01ab8034f722cbac50b8bcfc36e5b2e8

SHA1
b25868af5713e37c398b712f19692edd7db2d858

SHA256
e5c41b1af4d865b1b4b09a9fcb99a1f6eb2b2a75b148f4390298aff1ea348689

SHA512
25e24e4d691b1fecc6991997ace400682bb812d48374f95a14e21a9045d7905f4630f4672e88b41afd7933b11fb81c10935e49aba337b15924cfc7e814ca2558

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIAC0B.tmp

Filesize
436KB

MD5
5788efa607d26332d6d7f5e6a1f6bd6f

SHA1
e7749843cc3e89bc81649087de4ad44c93d48bc6

SHA256
9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

SHA512
ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIACF6.tmp

Filesize
436KB

MD5
5788efa607d26332d6d7f5e6a1f6bd6f

SHA1
e7749843cc3e89bc81649087de4ad44c93d48bc6

SHA256
9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

SHA512
ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIAE3F.tmp

Filesize
436KB

MD5
5788efa607d26332d6d7f5e6a1f6bd6f

SHA1
e7749843cc3e89bc81649087de4ad44c93d48bc6

SHA256
9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

SHA512
ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIAECD.tmp

Filesize
436KB

MD5
5788efa607d26332d6d7f5e6a1f6bd6f

SHA1
e7749843cc3e89bc81649087de4ad44c93d48bc6

SHA256
9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

SHA512
ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIAFD8.tmp

Filesize
777KB

MD5
0b34f587a33cd91ae3a465aa201544be

SHA1
7b5e8b8deb034a8830ff85653a467f260c2bd3d2

SHA256
ecd63718847708ac207679cf35179b8404975b35b72d3d448c97da423b8cc275

SHA512
badbb2f4ea18dd760836ac2d48342957c312e8fefbb99baf9f6bf687556ecc193080d1d00a093a2cd5357c14a03cdaa9b2a4c8cedd92f40fb7558bc14a8afec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB0F2.tmp

Filesize
575KB

MD5
8c1a778e0754301c97a660dbf3e8303b

SHA1
f489c45cde796de0d23ee862948f5e50379dee60

SHA256
000b773a448b107cbf3268fea3a0eec388daa71c5f911979c5d21f0cd8d6da54

SHA512
010e76ed659f73cc263ce9b2d2635d775b296c10e53ba133fba6aacde02ed409b19f4c4e2ba6df7730ddc8669c818e99773f25854a1916ccf8acf9e459482fea

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB316.tmp

Filesize
875KB

MD5
01ab8034f722cbac50b8bcfc36e5b2e8

SHA1
b25868af5713e37c398b712f19692edd7db2d858

SHA256
e5c41b1af4d865b1b4b09a9fcb99a1f6eb2b2a75b148f4390298aff1ea348689

SHA512
25e24e4d691b1fecc6991997ace400682bb812d48374f95a14e21a9045d7905f4630f4672e88b41afd7933b11fb81c10935e49aba337b15924cfc7e814ca2558

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB5B7.tmp

Filesize
777KB

MD5
0b34f587a33cd91ae3a465aa201544be

SHA1
7b5e8b8deb034a8830ff85653a467f260c2bd3d2

SHA256
ecd63718847708ac207679cf35179b8404975b35b72d3d448c97da423b8cc275

SHA512
badbb2f4ea18dd760836ac2d48342957c312e8fefbb99baf9f6bf687556ecc193080d1d00a093a2cd5357c14a03cdaa9b2a4c8cedd92f40fb7558bc14a8afec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB663.tmp

Filesize
436KB

MD5
5788efa607d26332d6d7f5e6a1f6bd6f

SHA1
e7749843cc3e89bc81649087de4ad44c93d48bc6

SHA256
9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

SHA512
ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

Download Submit
C:\Users\Admin\AppData\Roaming\Honeygain\Honeygain 0.11.1.0\install\Honeygain_install.msi

Filesize
4.8MB

MD5
24ac212b92e947241dc1b8ff873a2838

SHA1
c677d851592ef12f5179abef9088edeea126dbfb

SHA256
2969c9c669269600dafaeeb9be810748dc93fd9c808d13b5a6b1762b17ac8c12

SHA512
385fde0a29d1f8d6ede4bc0538fcb36d5f5c2ea9721dc59a8134d026ddfafdbb4f3e50d1fdeb97c89148e33b67ba6a7a219b1377c46524fb314d8ecfe6dd3e0c

Download Submit
C:\Users\Admin\AppData\Roaming\Honeygain\Honeygain 0.11.1.0\install\Honeygain_install1.cab

Filesize
4.1MB

MD5
0d634fd7e55941f7df5f420a72e5d8be

SHA1
58553abe1ecf9fc726be11e9d82e22d258e3901b

SHA256
5b4543e3d6cc322da44834e3dd1892dd6359cc3068d6d5423a7c2372ee42be82

SHA512
b9f283fb2e263e4e689b10929947649eaac5af50b6c30ff1f3564a4edad10277fb8de9ad954f93ef970bfb583db479fc81a9a543d22f783d79aade810de2c968

Download Submit
C:\Windows\Installer\MSI3A4.tmp

Filesize
1.8MB

MD5
330f56f3fb5d56ab41d92db847a85e0a

SHA1
d5057005281adf24b8b3f6eb469851454e9d000a

SHA256
399316fe296f92ef9e7d6d1dc26fbc0b7cf5947fa5eae0e83e629e42c5d00660

SHA512
afe4a01d2fb69768bb64b121e5a91a5ae7e38223b21841b228180d4596de654be94b48c247000f28e78b0eb916264f4d1f1f08acb363a21402b4b21848cdb43b

Download Submit
C:\Windows\Installer\MSIEC49.tmp

Filesize
436KB

MD5
5788efa607d26332d6d7f5e6a1f6bd6f

SHA1
e7749843cc3e89bc81649087de4ad44c93d48bc6

SHA256
9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

SHA512
ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

Download Submit
C:\Windows\Installer\MSIED44.tmp

Filesize
436KB

MD5
5788efa607d26332d6d7f5e6a1f6bd6f

SHA1
e7749843cc3e89bc81649087de4ad44c93d48bc6

SHA256
9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

SHA512
ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

Download Submit
C:\Windows\Installer\MSIEE00.tmp

Filesize
575KB

MD5
8c1a778e0754301c97a660dbf3e8303b

SHA1
f489c45cde796de0d23ee862948f5e50379dee60

SHA256
000b773a448b107cbf3268fea3a0eec388daa71c5f911979c5d21f0cd8d6da54

SHA512
010e76ed659f73cc263ce9b2d2635d775b296c10e53ba133fba6aacde02ed409b19f4c4e2ba6df7730ddc8669c818e99773f25854a1916ccf8acf9e459482fea

Download Submit
C:\Windows\Installer\MSIEE7E.tmp

Filesize
777KB

MD5
0b34f587a33cd91ae3a465aa201544be

SHA1
7b5e8b8deb034a8830ff85653a467f260c2bd3d2

SHA256
ecd63718847708ac207679cf35179b8404975b35b72d3d448c97da423b8cc275

SHA512
badbb2f4ea18dd760836ac2d48342957c312e8fefbb99baf9f6bf687556ecc193080d1d00a093a2cd5357c14a03cdaa9b2a4c8cedd92f40fb7558bc14a8afec6

Download Submit
C:\Windows\Installer\MSIEF1C.tmp

Filesize
436KB

MD5
5788efa607d26332d6d7f5e6a1f6bd6f

SHA1
e7749843cc3e89bc81649087de4ad44c93d48bc6

SHA256
9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

SHA512
ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

Download Submit
C:\Windows\Installer\MSIEFD8.tmp

Filesize
575KB

MD5
8c1a778e0754301c97a660dbf3e8303b

SHA1
f489c45cde796de0d23ee862948f5e50379dee60

SHA256
000b773a448b107cbf3268fea3a0eec388daa71c5f911979c5d21f0cd8d6da54

SHA512
010e76ed659f73cc263ce9b2d2635d775b296c10e53ba133fba6aacde02ed409b19f4c4e2ba6df7730ddc8669c818e99773f25854a1916ccf8acf9e459482fea

Download Submit
C:\Windows\Installer\MSIF335.tmp

Filesize
777KB

MD5
0b34f587a33cd91ae3a465aa201544be

SHA1
7b5e8b8deb034a8830ff85653a467f260c2bd3d2

SHA256
ecd63718847708ac207679cf35179b8404975b35b72d3d448c97da423b8cc275

SHA512
badbb2f4ea18dd760836ac2d48342957c312e8fefbb99baf9f6bf687556ecc193080d1d00a093a2cd5357c14a03cdaa9b2a4c8cedd92f40fb7558bc14a8afec6

Download Submit
C:\Windows\Installer\MSIF597.tmp

Filesize
1.8MB

MD5
330f56f3fb5d56ab41d92db847a85e0a

SHA1
d5057005281adf24b8b3f6eb469851454e9d000a

SHA256
399316fe296f92ef9e7d6d1dc26fbc0b7cf5947fa5eae0e83e629e42c5d00660

SHA512
afe4a01d2fb69768bb64b121e5a91a5ae7e38223b21841b228180d4596de654be94b48c247000f28e78b0eb916264f4d1f1f08acb363a21402b4b21848cdb43b

Download Submit
\Users\Admin\AppData\Local\Temp\INAA5EC.tmp

Filesize
777KB

MD5
0b34f587a33cd91ae3a465aa201544be

SHA1
7b5e8b8deb034a8830ff85653a467f260c2bd3d2

SHA256
ecd63718847708ac207679cf35179b8404975b35b72d3d448c97da423b8cc275

SHA512
badbb2f4ea18dd760836ac2d48342957c312e8fefbb99baf9f6bf687556ecc193080d1d00a093a2cd5357c14a03cdaa9b2a4c8cedd92f40fb7558bc14a8afec6

Download Submit
\Users\Admin\AppData\Local\Temp\MSIA6E8.tmp

Filesize
436KB

MD5
5788efa607d26332d6d7f5e6a1f6bd6f

SHA1
e7749843cc3e89bc81649087de4ad44c93d48bc6

SHA256
9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

SHA512
ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

Download Submit
\Users\Admin\AppData\Local\Temp\MSIA851.tmp

Filesize
875KB

MD5
01ab8034f722cbac50b8bcfc36e5b2e8

SHA1
b25868af5713e37c398b712f19692edd7db2d858

SHA256
e5c41b1af4d865b1b4b09a9fcb99a1f6eb2b2a75b148f4390298aff1ea348689

SHA512
25e24e4d691b1fecc6991997ace400682bb812d48374f95a14e21a9045d7905f4630f4672e88b41afd7933b11fb81c10935e49aba337b15924cfc7e814ca2558

Download Submit
\Users\Admin\AppData\Local\Temp\MSIAC0B.tmp

Filesize
436KB

MD5
5788efa607d26332d6d7f5e6a1f6bd6f

SHA1
e7749843cc3e89bc81649087de4ad44c93d48bc6

SHA256
9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

SHA512
ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

Download Submit
\Users\Admin\AppData\Local\Temp\MSIACF6.tmp

Filesize
436KB

MD5
5788efa607d26332d6d7f5e6a1f6bd6f

SHA1
e7749843cc3e89bc81649087de4ad44c93d48bc6

SHA256
9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

SHA512
ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

Download Submit
\Users\Admin\AppData\Local\Temp\MSIAE3F.tmp

Filesize
436KB

MD5
5788efa607d26332d6d7f5e6a1f6bd6f

SHA1
e7749843cc3e89bc81649087de4ad44c93d48bc6

SHA256
9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

SHA512
ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

Download Submit
\Users\Admin\AppData\Local\Temp\MSIAECD.tmp

Filesize
436KB

MD5
5788efa607d26332d6d7f5e6a1f6bd6f

SHA1
e7749843cc3e89bc81649087de4ad44c93d48bc6

SHA256
9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

SHA512
ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

Download Submit
\Users\Admin\AppData\Local\Temp\MSIAFD8.tmp

Filesize
777KB

MD5
0b34f587a33cd91ae3a465aa201544be

SHA1
7b5e8b8deb034a8830ff85653a467f260c2bd3d2

SHA256
ecd63718847708ac207679cf35179b8404975b35b72d3d448c97da423b8cc275

SHA512
badbb2f4ea18dd760836ac2d48342957c312e8fefbb99baf9f6bf687556ecc193080d1d00a093a2cd5357c14a03cdaa9b2a4c8cedd92f40fb7558bc14a8afec6

Download Submit
\Users\Admin\AppData\Local\Temp\MSIB0F2.tmp

Filesize
575KB

MD5
8c1a778e0754301c97a660dbf3e8303b

SHA1
f489c45cde796de0d23ee862948f5e50379dee60

SHA256
000b773a448b107cbf3268fea3a0eec388daa71c5f911979c5d21f0cd8d6da54

SHA512
010e76ed659f73cc263ce9b2d2635d775b296c10e53ba133fba6aacde02ed409b19f4c4e2ba6df7730ddc8669c818e99773f25854a1916ccf8acf9e459482fea

Download Submit
\Users\Admin\AppData\Local\Temp\MSIB316.tmp

Filesize
875KB

MD5
01ab8034f722cbac50b8bcfc36e5b2e8

SHA1
b25868af5713e37c398b712f19692edd7db2d858

SHA256
e5c41b1af4d865b1b4b09a9fcb99a1f6eb2b2a75b148f4390298aff1ea348689

SHA512
25e24e4d691b1fecc6991997ace400682bb812d48374f95a14e21a9045d7905f4630f4672e88b41afd7933b11fb81c10935e49aba337b15924cfc7e814ca2558

Download Submit
\Users\Admin\AppData\Local\Temp\MSIB5B7.tmp

Filesize
777KB

MD5
0b34f587a33cd91ae3a465aa201544be

SHA1
7b5e8b8deb034a8830ff85653a467f260c2bd3d2

SHA256
ecd63718847708ac207679cf35179b8404975b35b72d3d448c97da423b8cc275

SHA512
badbb2f4ea18dd760836ac2d48342957c312e8fefbb99baf9f6bf687556ecc193080d1d00a093a2cd5357c14a03cdaa9b2a4c8cedd92f40fb7558bc14a8afec6

Download Submit
\Users\Admin\AppData\Local\Temp\MSIB663.tmp

Filesize
436KB

MD5
5788efa607d26332d6d7f5e6a1f6bd6f

SHA1
e7749843cc3e89bc81649087de4ad44c93d48bc6

SHA256
9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

SHA512
ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

Download Submit
\Windows\Installer\MSI3A4.tmp

Filesize
1.8MB

MD5
330f56f3fb5d56ab41d92db847a85e0a

SHA1
d5057005281adf24b8b3f6eb469851454e9d000a

SHA256
399316fe296f92ef9e7d6d1dc26fbc0b7cf5947fa5eae0e83e629e42c5d00660

SHA512
afe4a01d2fb69768bb64b121e5a91a5ae7e38223b21841b228180d4596de654be94b48c247000f28e78b0eb916264f4d1f1f08acb363a21402b4b21848cdb43b

Download Submit
\Windows\Installer\MSI3A4.tmp

Filesize
1.8MB

MD5
330f56f3fb5d56ab41d92db847a85e0a

SHA1
d5057005281adf24b8b3f6eb469851454e9d000a

SHA256
399316fe296f92ef9e7d6d1dc26fbc0b7cf5947fa5eae0e83e629e42c5d00660

SHA512
afe4a01d2fb69768bb64b121e5a91a5ae7e38223b21841b228180d4596de654be94b48c247000f28e78b0eb916264f4d1f1f08acb363a21402b4b21848cdb43b

Download Submit
\Windows\Installer\MSI3A4.tmp-\Honeygain.CustomActions.dll

Filesize
9KB

MD5
b955fac391971547d01ba7c761405fb2

SHA1
faca86fd994d658fa55ef3e91c585d2440cc34a5

SHA256
b390ab45655ab0e38930013218476fe54735dbd321147e821e0d639f59cf0693

SHA512
0d776782fba137e49216f5aa635b8a5809b615417a40eea3d5acfa56ecf919d655591555a8d147df87440abcf27d065c052df6ad3d6f6a144c490648e46bea91

Download Submit
\Windows\Installer\MSI3A4.tmp-\Microsoft.Deployment.WindowsInstaller.dll

Filesize
179KB

MD5
1a5caea6734fdd07caa514c3f3fb75da

SHA1
f070ac0d91bd337d7952abd1ddf19a737b94510c

SHA256
cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

SHA512
a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

Download Submit
\Windows\Installer\MSI3A4.tmp-\Microsoft.Deployment.WindowsInstaller.dll

Filesize
179KB

MD5
1a5caea6734fdd07caa514c3f3fb75da

SHA1
f070ac0d91bd337d7952abd1ddf19a737b94510c

SHA256
cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

SHA512
a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

Download Submit
\Windows\Installer\MSIEC49.tmp

Filesize
436KB

MD5
5788efa607d26332d6d7f5e6a1f6bd6f

SHA1
e7749843cc3e89bc81649087de4ad44c93d48bc6

SHA256
9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

SHA512
ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

Download Submit
\Windows\Installer\MSIED44.tmp

Filesize
436KB

MD5
5788efa607d26332d6d7f5e6a1f6bd6f

SHA1
e7749843cc3e89bc81649087de4ad44c93d48bc6

SHA256
9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

SHA512
ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

Download Submit
\Windows\Installer\MSIEE00.tmp

Filesize
575KB

MD5
8c1a778e0754301c97a660dbf3e8303b

SHA1
f489c45cde796de0d23ee862948f5e50379dee60

SHA256
000b773a448b107cbf3268fea3a0eec388daa71c5f911979c5d21f0cd8d6da54

SHA512
010e76ed659f73cc263ce9b2d2635d775b296c10e53ba133fba6aacde02ed409b19f4c4e2ba6df7730ddc8669c818e99773f25854a1916ccf8acf9e459482fea

Download Submit
\Windows\Installer\MSIEE7E.tmp

Filesize
777KB

MD5
0b34f587a33cd91ae3a465aa201544be

SHA1
7b5e8b8deb034a8830ff85653a467f260c2bd3d2

SHA256
ecd63718847708ac207679cf35179b8404975b35b72d3d448c97da423b8cc275

SHA512
badbb2f4ea18dd760836ac2d48342957c312e8fefbb99baf9f6bf687556ecc193080d1d00a093a2cd5357c14a03cdaa9b2a4c8cedd92f40fb7558bc14a8afec6

Download Submit
\Windows\Installer\MSIEF1C.tmp

Filesize
436KB

MD5
5788efa607d26332d6d7f5e6a1f6bd6f

SHA1
e7749843cc3e89bc81649087de4ad44c93d48bc6

SHA256
9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

SHA512
ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

Download Submit
\Windows\Installer\MSIEFD8.tmp

Filesize
575KB

MD5
8c1a778e0754301c97a660dbf3e8303b

SHA1
f489c45cde796de0d23ee862948f5e50379dee60

SHA256
000b773a448b107cbf3268fea3a0eec388daa71c5f911979c5d21f0cd8d6da54

SHA512
010e76ed659f73cc263ce9b2d2635d775b296c10e53ba133fba6aacde02ed409b19f4c4e2ba6df7730ddc8669c818e99773f25854a1916ccf8acf9e459482fea

Download Submit
\Windows\Installer\MSIF335.tmp

Filesize
777KB

MD5
0b34f587a33cd91ae3a465aa201544be

SHA1
7b5e8b8deb034a8830ff85653a467f260c2bd3d2

SHA256
ecd63718847708ac207679cf35179b8404975b35b72d3d448c97da423b8cc275

SHA512
badbb2f4ea18dd760836ac2d48342957c312e8fefbb99baf9f6bf687556ecc193080d1d00a093a2cd5357c14a03cdaa9b2a4c8cedd92f40fb7558bc14a8afec6

Download Submit
\Windows\Installer\MSIF597.tmp

Filesize
1.8MB

MD5
330f56f3fb5d56ab41d92db847a85e0a

SHA1
d5057005281adf24b8b3f6eb469851454e9d000a

SHA256
399316fe296f92ef9e7d6d1dc26fbc0b7cf5947fa5eae0e83e629e42c5d00660

SHA512
afe4a01d2fb69768bb64b121e5a91a5ae7e38223b21841b228180d4596de654be94b48c247000f28e78b0eb916264f4d1f1f08acb363a21402b4b21848cdb43b

Download Submit
\Windows\Installer\MSIF597.tmp

Filesize
1.8MB

MD5
330f56f3fb5d56ab41d92db847a85e0a

SHA1
d5057005281adf24b8b3f6eb469851454e9d000a

SHA256
399316fe296f92ef9e7d6d1dc26fbc0b7cf5947fa5eae0e83e629e42c5d00660

SHA512
afe4a01d2fb69768bb64b121e5a91a5ae7e38223b21841b228180d4596de654be94b48c247000f28e78b0eb916264f4d1f1f08acb363a21402b4b21848cdb43b

Download Submit
\Windows\Installer\MSIF597.tmp-\Honeygain.CustomActions.dll

Filesize
9KB

MD5
b955fac391971547d01ba7c761405fb2

SHA1
faca86fd994d658fa55ef3e91c585d2440cc34a5

SHA256
b390ab45655ab0e38930013218476fe54735dbd321147e821e0d639f59cf0693

SHA512
0d776782fba137e49216f5aa635b8a5809b615417a40eea3d5acfa56ecf919d655591555a8d147df87440abcf27d065c052df6ad3d6f6a144c490648e46bea91

Download Submit
\Windows\Installer\MSIF597.tmp-\Honeygain.CustomActions.dll

Filesize
9KB

MD5
b955fac391971547d01ba7c761405fb2

SHA1
faca86fd994d658fa55ef3e91c585d2440cc34a5

SHA256
b390ab45655ab0e38930013218476fe54735dbd321147e821e0d639f59cf0693

SHA512
0d776782fba137e49216f5aa635b8a5809b615417a40eea3d5acfa56ecf919d655591555a8d147df87440abcf27d065c052df6ad3d6f6a144c490648e46bea91

Download Submit
\Windows\Installer\MSIF597.tmp-\Microsoft.Deployment.WindowsInstaller.dll

Filesize
179KB

MD5
1a5caea6734fdd07caa514c3f3fb75da

SHA1
f070ac0d91bd337d7952abd1ddf19a737b94510c

SHA256
cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

SHA512
a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

Download Submit
\Windows\Installer\MSIF597.tmp-\Microsoft.Deployment.WindowsInstaller.dll

Filesize
179KB

MD5
1a5caea6734fdd07caa514c3f3fb75da

SHA1
f070ac0d91bd337d7952abd1ddf19a737b94510c

SHA256
cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

SHA512
a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

Download Submit
memory/1192-185-0x0000000006590000-0x0000000006598000-memory.dmp

Filesize
32KB

Download
memory/1192-181-0x0000000001130000-0x000000000115E000-memory.dmp

Filesize
184KB

Download
memory/1192-182-0x00000000066C4000-0x00000000066C6000-memory.dmp

Filesize
8KB

Download
memory/2316-225-0x0000000005B30000-0x0000000005B42000-memory.dmp

Filesize
72KB

Download
memory/2316-220-0x0000000005080000-0x000000000509C000-memory.dmp

Filesize
112KB

Download
memory/2316-236-0x000000000C6B0000-0x000000000CE56000-memory.dmp

Filesize
7.6MB

Download
memory/2316-235-0x000000000A9D0000-0x000000000A9DA000-memory.dmp

Filesize
40KB

Download
memory/2316-234-0x0000000004EA0000-0x000000000539E000-memory.dmp

Filesize
5.0MB

Download
memory/2316-233-0x00000000068D0000-0x00000000068DA000-memory.dmp

Filesize
40KB

Download
memory/2316-207-0x0000000000160000-0x0000000000246000-memory.dmp

Filesize
920KB

Download
memory/2316-208-0x0000000004A50000-0x0000000004AA8000-memory.dmp

Filesize
352KB

Download
memory/2316-209-0x0000000000C90000-0x0000000000CAA000-memory.dmp

Filesize
104KB

Download
memory/2316-210-0x0000000000AB0000-0x0000000000ABA000-memory.dmp

Filesize
40KB

Download
memory/2316-211-0x0000000000CB0000-0x0000000000CBA000-memory.dmp

Filesize
40KB

Download
memory/2316-212-0x0000000004A30000-0x0000000004A3E000-memory.dmp

Filesize
56KB

Download
memory/2316-213-0x0000000004E80000-0x0000000004E9E000-memory.dmp

Filesize
120KB

Download
memory/2316-214-0x0000000004E70000-0x0000000004E7A000-memory.dmp

Filesize
40KB

Download
memory/2316-215-0x00000000053A0000-0x000000000589E000-memory.dmp

Filesize
5.0MB

Download
memory/2316-216-0x0000000004F90000-0x0000000005022000-memory.dmp

Filesize
584KB

Download
memory/2316-217-0x0000000004F30000-0x0000000004F38000-memory.dmp

Filesize
32KB

Download
memory/2316-218-0x0000000005030000-0x0000000005044000-memory.dmp

Filesize
80KB

Download
memory/2316-219-0x00000000050A0000-0x00000000050EA000-memory.dmp

Filesize
296KB

Download
memory/2316-232-0x00000000066A0000-0x00000000066E6000-memory.dmp

Filesize
280KB

Download
memory/2316-221-0x00000000050F0000-0x0000000005102000-memory.dmp

Filesize
72KB

Download
memory/2316-222-0x0000000005AE0000-0x0000000005B04000-memory.dmp

Filesize
144KB

Download
memory/2316-223-0x0000000005370000-0x0000000005378000-memory.dmp

Filesize
32KB

Download
memory/2316-224-0x0000000005390000-0x000000000539C000-memory.dmp

Filesize
48KB

Download
memory/2316-231-0x0000000006640000-0x000000000664A000-memory.dmp

Filesize
40KB

Download
memory/2316-226-0x0000000005B90000-0x0000000005BCE000-memory.dmp

Filesize
248KB

Download
memory/2316-227-0x0000000005C80000-0x0000000005D30000-memory.dmp

Filesize
704KB

Download
memory/2316-228-0x0000000005D30000-0x0000000005D96000-memory.dmp

Filesize
408KB

Download
memory/2316-229-0x0000000005C30000-0x0000000005C52000-memory.dmp

Filesize
136KB

Download
memory/2316-230-0x0000000005DA0000-0x00000000060F0000-memory.dmp

Filesize
3.3MB

Download
memory/2620-198-0x0000000005160000-0x0000000005168000-memory.dmp

Filesize
32KB

Download
memory/2620-201-0x0000000007E40000-0x000000000836C000-memory.dmp

Filesize
5.2MB

Download
memory/2620-200-0x0000000007740000-0x0000000007902000-memory.dmp

Filesize
1.8MB

Download
memory/2620-199-0x0000000004FE0000-0x00000000051E7000-memory.dmp

Filesize
2.0MB

Download