a21a9d5389728fdac6a7288953dddeea774ef2bee07f1caf7ea20bbed8f5a2c6

Resubmissions

05-02-2023 01:33

230205-byjz3aba8w 8

Analysis

max time kernel
60s
max time network
67s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05-02-2023 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ADE_4.5_Installer.exe
Size

8.6MB
MD5

1efcd0c92784169fc1eec4e87788f6e8
SHA1

585e9eb828859ec005a5c280ff99408e65df1cb8
SHA256

a21a9d5389728fdac6a7288953dddeea774ef2bee07f1caf7ea20bbed8f5a2c6
SHA512

96353fa0dfba41c13f8742aac480dc14484107a285edf5c2d6e191c7f39fe3c78ccb68c226fbecd566fcd11561145c6dfdc187264d6d36959917eea3e0d1b5b9
SSDEEP

196608:/MUfuaC/K12qiyD6dmS/qY2fvYG2zZ8igA7Tt:EUWaK8iU6AsevY9ZUKt

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
1916	DigitalEditions.exe
1592	ADEAutoUpdater_450.exe

Loads dropped DLL 13 IoCs

pid	Process
2032	ADE_4.5_Installer.exe
2032	ADE_4.5_Installer.exe
2032	ADE_4.5_Installer.exe
2032	ADE_4.5_Installer.exe
2032	ADE_4.5_Installer.exe
2032	ADE_4.5_Installer.exe
2032	ADE_4.5_Installer.exe
2032	ADE_4.5_Installer.exe
2032	ADE_4.5_Installer.exe
2032	ADE_4.5_Installer.exe
2032	ADE_4.5_Installer.exe
1916	DigitalEditions.exe
1916	DigitalEditions.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	DigitalEditions.exe
File opened (read-only)	\??\H:	DigitalEditions.exe
File opened (read-only)	\??\N:	DigitalEditions.exe
File opened (read-only)	\??\R:	DigitalEditions.exe
File opened (read-only)	\??\U:	DigitalEditions.exe
File opened (read-only)	\??\X:	DigitalEditions.exe
File opened (read-only)	\??\Y:	DigitalEditions.exe
File opened (read-only)	\??\F:	DigitalEditions.exe
File opened (read-only)	\??\L:	DigitalEditions.exe
File opened (read-only)	\??\M:	DigitalEditions.exe
File opened (read-only)	\??\T:	DigitalEditions.exe
File opened (read-only)	\??\Z:	DigitalEditions.exe
File opened (read-only)	\??\I:	DigitalEditions.exe
File opened (read-only)	\??\S:	DigitalEditions.exe
File opened (read-only)	\??\W:	DigitalEditions.exe
File opened (read-only)	\??\G:	DigitalEditions.exe
File opened (read-only)	\??\J:	DigitalEditions.exe
File opened (read-only)	\??\K:	DigitalEditions.exe
File opened (read-only)	\??\O:	DigitalEditions.exe
File opened (read-only)	\??\P:	DigitalEditions.exe
File opened (read-only)	\??\Q:	DigitalEditions.exe
File opened (read-only)	\??\V:	DigitalEditions.exe

Drops file in Program Files directory 62 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ko\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\pt\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\uninstall.exe	ADE_4.5_Installer.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\migration.exe	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\migration.exe	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MyriadPro-Regular.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\hyphenDicts\hyph_es.dic	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\static\MOHighlight.css	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\es\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ADEAutoUpdater_450.exe	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\rmsdk_wrapper.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\ReaderClientCert.sig	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MyriadPro-Bold.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ja\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\it\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ko\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\zh-Hans\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\CourierStd-Oblique.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\de\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\hyphenDicts\hyph_de.dic	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\zh-Hans\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\zh-Hant\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MinionPro-BoldIt.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\README.md	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\hyphenDicts\hyph_it.dic	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\Readium.js	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\zh-Hant\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\rmsdk_epubReadingSystem.js	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\contentframe\load.js	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\de\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\nl\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\fr\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\static\annotations.css	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\static\sdk.css	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\nl\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MinionPro-Regular.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\SymbolStd.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\hyphenDicts\hyph_en.dic	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\host_app_feedback.js	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\reader.html	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\CourierStd-Bold.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MinionPro-Bold.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MyriadPro-It.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\hyphenDicts\hyph_fr.dic	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\fr\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\it\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MinionPro-It.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\ReadiumJS_InputFiles.txt	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\host_app_reference_files\sample_styles.css	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\lib\mathjax\MathJax.js	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\es\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\log4net.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\hyphenDicts\hyph_pt.dic	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\AdobeRDMHelper.js	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ja\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\pt\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\userStyle.css	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\CourierStd-BoldOblique.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\CourierStd.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MyriadPro-BoldIt.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\load.html	ADE_4.5_Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x0006000000016803-65.dat	nsis_installer_1
behavioral1/files/0x0006000000016803-65.dat	nsis_installer_2

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG	ADEAutoUpdater_450.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main	ADEAutoUpdater_450.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	ADEAutoUpdater_450.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG	ADEAutoUpdater_450.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG\DigitalEditions.exe = "1"	ADEAutoUpdater_450.exe

Modifies registry class 43 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB\shell\open\command\ = "\"C:\\Program Files (x86)\\Adobe\\Adobe Digital Editions 4.5\\DigitalEditions.exe\" \"%1\""	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MIME\Database\Content Type\application/epub+zip	ADE_4.5_Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\EditFlags = 00010000	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB\shell\open	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB\DefaultIcon\ = "C:\\Program Files (x86)\\Adobe\\Adobe Digital Editions 4.5\\DigitalEditions.exe,-103"	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.adobe.adept+xml\Extension = ".acsm"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.DigitalEditions\DefaultIcon	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB\shell	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.acsm\ = "Adobe.ACSMessage"	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.acsm\Content Type = "application/vnd.adobe.adept+xml"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.DigitalEditions\shell\open\command	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions\shell\open	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.EPUB	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.ACSMessage\shell\open\command	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MIME\Database\Content Type\application/vnd.adobe.adept+xml	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.acsm	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\shell	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.epub\Content Type = "application/epub+zip"	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions\DefaultIcon\ = "C:\\Program Files (x86)\\Adobe\\Adobe Digital Editions 4.5\\DigitalEditions.exe,-103"	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions\shell\open\command\ = "\"C:\\Program Files (x86)\\Adobe\\Adobe Digital Editions 4.5\\DigitalEditions.exe\" \"%1\""	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.EPUB\shell\open\command	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB\shell\open\command	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\shell\open\command\ = "\"C:\\Program Files (x86)\\Adobe\\Adobe Digital Editions 4.5\\DigitalEditions.exe\" \"%1\""	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.epub	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\DefaultIcon\ = "C:\\Program Files (x86)\\Adobe\\Adobe Digital Editions 4.5\\DigitalEditions.exe,-102"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\shell\open	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\shell\open\command	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.adobe.adept+xml\ = "Adobe.ACSMessage"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions\DefaultIcon	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions\shell	ADE_4.5_Installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\BrowserFlags = "8"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.ACSMessage\DefaultIcon	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.EPUB\DefaultIcon	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/epub+zip\ = "Adobe.EPUB"	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.epub\ = "Adobe.DigitalEditions"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions\shell\open\command	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB\ = "Adobe epub Document"	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/epub+zip\Extension = ".epub"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.ACSMessage	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\ = "Adobe Content Server Message"	ADE_4.5_Installer.exe

Modifies system certificate store 2 TTPs 13 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	DigitalEditions.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	ADE_4.5_Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	ADE_4.5_Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	ADE_4.5_Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	DigitalEditions.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	DigitalEditions.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	DigitalEditions.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	ADE_4.5_Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	ADE_4.5_Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	DigitalEditions.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	DigitalEditions.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	DigitalEditions.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 1916	2032	ADE_4.5_Installer.exe	31
PID 2032 wrote to memory of 1916	2032	ADE_4.5_Installer.exe	31
PID 2032 wrote to memory of 1916	2032	ADE_4.5_Installer.exe	31
PID 2032 wrote to memory of 1916	2032	ADE_4.5_Installer.exe	31
PID 1916 wrote to memory of 1592	1916	DigitalEditions.exe	32
PID 1916 wrote to memory of 1592	1916	DigitalEditions.exe	32
PID 1916 wrote to memory of 1592	1916	DigitalEditions.exe	32
PID 1916 wrote to memory of 1592	1916	DigitalEditions.exe	32
PID 1916 wrote to memory of 1592	1916	DigitalEditions.exe	32
PID 1916 wrote to memory of 1592	1916	DigitalEditions.exe	32
PID 1916 wrote to memory of 1592	1916	DigitalEditions.exe	32

C:\Users\Admin\AppData\Local\Temp\ADE_4.5_Installer.exe
"C:\Users\Admin\AppData\Local\Temp\ADE_4.5_Installer.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe
  "C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Modifies system certificate store
  - Suspicious use of WriteProcessMemory
  PID:1916
- - C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ADEAutoUpdater_450.exe
    "C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ADEAutoUpdater_450.exe" -checkForUpdate https://adedownload.adobe.com/pub/adobe/digitaleditions/sha2/adeupdaterconfig.cfg 4.5.11.187303 en_US
    3⤵
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    PID:1592

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ADEAutoUpdater_450.exe

Filesize
269KB

MD5
092ec1a7666ebcaf151cdf4f70fe1661

SHA1
eb16f03ed74d027c5c8137e3c39e4af9da46f009

SHA256
92ad71d67349611e9774928221456d01f79b635caa3047334f26b684b89a43eb

SHA512
aebedd8d08d7ed4b7f82caf0a09e463fbefa0f51e77406889a8a58f2e8cc47637897fb751831be8a1ee1fd710881c386d9152752db5992f8715d1f3e0afccbc6

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ADEAutoUpdater_450.exe

Filesize
269KB

MD5
092ec1a7666ebcaf151cdf4f70fe1661

SHA1
eb16f03ed74d027c5c8137e3c39e4af9da46f009

SHA256
92ad71d67349611e9774928221456d01f79b635caa3047334f26b684b89a43eb

SHA512
aebedd8d08d7ed4b7f82caf0a09e463fbefa0f51e77406889a8a58f2e8cc47637897fb751831be8a1ee1fd710881c386d9152752db5992f8715d1f3e0afccbc6

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\ReaderClientCert.sig

Filesize
356B

MD5
e9be14f4cbc17bfef75a69dbeca0b225

SHA1
9592d54bbb3a1ce48e70fc20034dd98e21d06c9b

SHA256
e6ca43fc446dcc03ce6abe82d6dcb8be52262f84431ec1ea66bc694ab75d8446

SHA512
f7b0f4ba9ad60ab76e3e3862fac85b126f1d0f79b0997c31dfc4faf5ddf7dd1ed524dd8137e4f0e937292605d28f57e7d0b38e0c66fe5c7c93b2ea971f85589a

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MinionPro-Bold.otf

Filesize
211KB

MD5
b70a58eede7e7b52af9bcbf1969861ed

SHA1
b5c6d9e6e93195ab549a28517bd9849537c0ecd7

SHA256
5ac1c7daf112604e7c4039609a395d2c913315e8e40206bdf126d92a1d13385b

SHA512
91c79e690db644ba80e9f50b13c903821fade14763ecf5dc3932670f0c902003e6fffdeb032f5289a13222529b6993bc751c2af7873dc73ea249d4b71a91509f

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MinionPro-BoldIt.otf

Filesize
251KB

MD5
4b1b4c32d5c0ca98cf53cadb6908b535

SHA1
99412a58d24d1027aab10246001e2ea13b3056aa

SHA256
3b8455948a1b625b1554655cb0be69b3438863434ab985de0ba4c4f5afa57e0b

SHA512
1dadd6033453267fde494c9d0f7a4b91eaf47bd811a1a8e4d2e4e777526687a5bcf1e6f97705d58ea4f5d0eee4b64d22887737aa7fe28a0682f6ef17b4003d1a

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MinionPro-It.otf

Filesize
252KB

MD5
8a95f9e772b95db44900d873454df194

SHA1
33504cad913e08cd16b46c16397a114a49d83787

SHA256
c3ffcf0b0e48ee0963ca4b0ebddebf0e4848fc9358b20f596724a9924277b41a

SHA512
64e21d4d3d6d4b94b5a49ff5709c5a10211cc8014d13963f07eb3a3dd7836467ac8d8d2950e793e034228a8e00774cbf9cc019e6abdee54ad0b09b3f6f6295b5

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MinionPro-Regular.otf

Filesize
212KB

MD5
2ef06db0bc1e47897ebaf105dcfb1a96

SHA1
e0728d216f46309444466caabccf32e28cb5c072

SHA256
031e3fc2c2075cad15381c08ea3beb9ae1b370c2cdeeca67e25727d06da74d99

SHA512
35dbb3682dd9e175f636d7d1f9c63528b69ef2cb6182d3a23a85f52abe683d7fd5bb43e0498eeb4b37631e1da2076dc7ab4b433250ce3fb60970d439b45ab8a2

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\SymbolStd.otf

Filesize
30KB

MD5
5fb8698620b0e7ba586bdd94adb5ed07

SHA1
ea5082e8ca1ad2a163e6f991acdcd92ef772520f

SHA256
228d0980af2896a11d32f46f530a8fb3c30b99991d604079c2e9a70897801da6

SHA512
b9f6d1dec2cf709f0be3cfa2a7101dc4024bfb879e8ef4283cb477b638784af83816db0769d6fa02e0dc40e767e589376b99bc51cc4b25c447b9b25bcd46aa01

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\userStyle.css

Filesize
17B

MD5
37fba8d8dfe04c8e360e0375fc2feb47

SHA1
e031c759daaf5d6ae66ea21b66010be2e32036b2

SHA256
d01df0bbd8ac3888dc8de422bf3ceaf55945367468ebc7cf314bffd3d7f80339

SHA512
babfd00c24830fb9cec2422504e553055cecc00228ece8a4f857a94f4583e59080c3104c1486db65473da58e54e3d736887b09eb4d561b0f7b9e29fd8203d3a2

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\rmsdk_wrapper.dll

Filesize
10.0MB

MD5
24d805195f841260afb6d07e6c2a5109

SHA1
79c800cf11616e0e7d48380c0cad10af6ac63aa3

SHA256
1efd3c7eb30221e64f4864ae2824925fb8cd6f9f0d9bc4ecf2005827c7b4dc65

SHA512
2df3977fadc376d1e0c6617f36feada3428df022c77e65eba733ca65d51aae7c694891674a47e568b92073420c192bdc8c5daca1d1f3676dc46e9268e8de7ad7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
53ff7c25d0bdddbc23667b1c7d18039b

SHA1
ff9163d718a4efe595395e90b6a089591c7c782c

SHA256
8c5b987f8c4be76a85ad2bb027a0b821e29b4814813bb97b43490d661355470f

SHA512
206282931c0326e74bcbdd0a3a6c55eabdb064dc57cf7a0e600e71463dd6265046ea6bd9d1742ac7f8b2a254ab7c5845fb7c23b84caa500aaf4e09112089f9fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df6029f21892c94a906c0deb9c56d324

SHA1
2d31702451118f9278f32d4c130102b2a0119eb9

SHA256
665f367a5892b32ef97718356272f9884c0d57651e13705ca3c041d188c79ab4

SHA512
1ea8f8d72521bf2cd24724b0d33996a0c30e223c30bce1a640fb383ad13a536163ab9991c9526d65941be8d13cd978674f479e1b7a9fcf1a26031d6107b19052

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7c4f5ba9950ca936b69c90545b062fe

SHA1
3cb9e0fe2f16059bff405e95e5b4dfdfd8ee62db

SHA256
079b6bf844b0fcc119b65d500e97b850a013839aabfc3b572f4a240ab1e27950

SHA512
b5a281963bdb5ed5b3d7b26966c8254cf9b707bda68bc1b0a319790eb55917f0614406a5344660d022ce00f2cbec205c51ce8c197a1246156405ee210bf03880

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
cd45bb079d8dac3ca82888ba4348c1c6

SHA1
773976c3946fc0f5d3101220de8cc052cbea8972

SHA256
b05f2e58ab1a3ab38c4628d321dcdfdcfdf37046431f49984c8efdfcc2e5bca2

SHA512
c6c6080a4594a9c0a4ccca33851de6bb05ec13fd53207d0952f94e1b5b0f2bbc4c08a17a2e1298fe1174ea059acb40b4ec55d0e83ae3d87987b98ee05bdbf880

Download Submit
C:\Users\Admin\Documents\My Digital Editions\Manifest\welcome.epub.xml

Filesize
915B

MD5
584cbaa0fe1f6337fb36aada789b1825

SHA1
124bc465a84fa0f1210aa808902f1b7bc1510b0e

SHA256
621061f1f347c28f81f8589c3d6ebd822159e934191e699e1df817258c3d842a

SHA512
ff0b2695715ce2798b09adb76c39359db0c9ac2b40399eb11ef974f61a78131a8ea258c8fde508922f171a607a3e6ff15c1e89c56db7e711172691502ed4fad6

Download Submit
C:\Users\Admin\Documents\My Digital Editions\welcome.epub

Filesize
49KB

MD5
e453290017e3cf4014a4cd96950365fe

SHA1
7c04d465eb69429c682e748aeab5754b78fe09f7

SHA256
a3f8f736cc3e7799fcb151bc7c1ba097c94d12ed689623b6e2cc3229abda30d5

SHA512
e951df9c0604eeb8356f84be7dc28f4e47e6b5de989cf05d28e733e3dcc2094477e57b45e3bd4f998f99516487ee3cb6e44d4d3e5318ee3fc2816d3005bc15d4

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ADEAutoUpdater_450.exe

Filesize
269KB

MD5
092ec1a7666ebcaf151cdf4f70fe1661

SHA1
eb16f03ed74d027c5c8137e3c39e4af9da46f009

SHA256
92ad71d67349611e9774928221456d01f79b635caa3047334f26b684b89a43eb

SHA512
aebedd8d08d7ed4b7f82caf0a09e463fbefa0f51e77406889a8a58f2e8cc47637897fb751831be8a1ee1fd710881c386d9152752db5992f8715d1f3e0afccbc6

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\rmsdk_wrapper.dll

Filesize
10.0MB

MD5
24d805195f841260afb6d07e6c2a5109

SHA1
79c800cf11616e0e7d48380c0cad10af6ac63aa3

SHA256
1efd3c7eb30221e64f4864ae2824925fb8cd6f9f0d9bc4ecf2005827c7b4dc65

SHA512
2df3977fadc376d1e0c6617f36feada3428df022c77e65eba733ca65d51aae7c694891674a47e568b92073420c192bdc8c5daca1d1f3676dc46e9268e8de7ad7

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\uninstall.exe

Filesize
123KB

MD5
170247ad7f4e04da0486f827f0fe8434

SHA1
43f7753604f51d8be1ae7c4058ce6e9319c0421c

SHA256
46db03011f5f0e120af742c31eb4fee53bf8df47b614fae2d1ee829cf0d321f4

SHA512
333ed48cd4c9d4bb8c399d8c8659b55e33f79ff48e2c3a95b2388a568183900e26fdd4aafb10cf2d6080c7b0d587f49b02b6be36a664d85a680ad026ff5e6966

Download Submit
\Users\Admin\AppData\Local\Temp\SCC.dll

Filesize
175KB

MD5
5be02bb77d7202a2f21a5cac92596946

SHA1
034fb96c8052d2b5f2b3a995f4717d522eb0fb6b

SHA256
dc5a30727ff622fddfc40e7d0d416bea3a9c03db283e93b289b189f3fce92044

SHA512
4f1363f53162c62691f12ce5e0b97d217be532aa15ab2caefb46cbb29e47815d02fb2667e7045d2d12b78bcfca9369ccd962b6ea33f6780b90f156534a00cf8d

Download Submit
\Users\Admin\AppData\Local\Temp\SymCCIS.dll

Filesize
166KB

MD5
168729e94cf5e0a7ef69a0165e7f80e0

SHA1
f9aa7b94eec4ed2492e776c08fcc808ce11fef5c

SHA256
1b387097978d3f0fe7d2ff557e92b20556d58ea1225ea523b905cfcd2cfad0a2

SHA512
910e26eb8f8f79b7dffb5cfc54810d27af2d0c59dbe9c46dca3b288af5b48b5b7f1ae49b2cf410c25e215bf7c483e4a3a18afe7723409567ca6b89f41c99e296

Download Submit
\Users\Admin\AppData\Local\Temp\TPI.dll

Filesize
1.5MB

MD5
602e36677544df1a495f34db24846cc3

SHA1
40a35195c29c9eda52dfb389d77972813741696e

SHA256
5601c1fa5006314c17778096cea23d0ec925d85ff40da7d30950574227a67a7b

SHA512
69ba49b0b4002f90997d18afaebc7369f1f0ce7b76dbab348f02609292e1b47ddda31ec96c49f6e5822ab5c04c72db658502b5fdc1d23f642b3ae9d84b98794a

Download Submit
\Users\Admin\AppData\Local\Temp\nso1F18.tmp\System.dll

Filesize
11KB

MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae

SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b

SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

Download Submit
\Users\Admin\AppData\Local\Temp\nso1F18.tmp\UAC.dll

Filesize
14KB

MD5
4814167aa1c7ec892e84907094646faa

SHA1
a57a5ecbdfa9a8777a3c587f1acb02b783afc5ee

SHA256
32dd7269abf5a0e5db888e307d9df313e87cef4f1b597965a9d8e00934658822

SHA512
fb1f35e393997ecd2301f371892b59574ee6b666095c3a435336160481f6ef7ed5635c90ce5d2cf88e5ef4a5affb46cb841b7d17e7981bd6e998531193f5d067

Download Submit
memory/1916-79-0x0000000000520000-0x000000000052A000-memory.dmp

Filesize
40KB

Download
memory/1916-78-0x0000000000995000-0x00000000009A6000-memory.dmp

Filesize
68KB

Download
memory/1916-80-0x0000000000520000-0x000000000052A000-memory.dmp

Filesize
40KB

Download
memory/1916-74-0x0000000001020000-0x000000000120E000-memory.dmp

Filesize
1.9MB

Download
memory/1916-100-0x0000000000995000-0x00000000009A6000-memory.dmp

Filesize
68KB

Download
memory/1916-101-0x0000000000520000-0x000000000052A000-memory.dmp

Filesize
40KB

Download
memory/2032-54-0x0000000075991000-0x0000000075993000-memory.dmp

Filesize
8KB

Download
memory/2032-63-0x0000000073DA0000-0x0000000073E31000-memory.dmp

Filesize
580KB

Download
memory/2032-61-0x00000000742F0000-0x000000007437B000-memory.dmp

Filesize
556KB

Download
memory/2032-73-0x00000000742F0000-0x0000000074309000-memory.dmp

Filesize
100KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads