a21a9d5389728fdac6a7288953dddeea774ef2bee07f1caf7ea20bbed8f5a2c6

Analysis

max time kernel
101s
max time network
113s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
20-03-2023 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ADE_4.5_Installer.exe
Size

8.6MB
MD5

1efcd0c92784169fc1eec4e87788f6e8
SHA1

585e9eb828859ec005a5c280ff99408e65df1cb8
SHA256

a21a9d5389728fdac6a7288953dddeea774ef2bee07f1caf7ea20bbed8f5a2c6
SHA512

96353fa0dfba41c13f8742aac480dc14484107a285edf5c2d6e191c7f39fe3c78ccb68c226fbecd566fcd11561145c6dfdc187264d6d36959917eea3e0d1b5b9
SSDEEP

196608:/MUfuaC/K12qiyD6dmS/qY2fvYG2zZ8igA7Tt:EUWaK8iU6AsevY9ZUKt

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
1364	DigitalEditions.exe
1504	DigitalEditions.exe
1932	DigitalEditions.exe

Loads dropped DLL 17 IoCs

pid	Process
1060	ADE_4.5_Installer.exe
1060	ADE_4.5_Installer.exe
1060	ADE_4.5_Installer.exe
1060	ADE_4.5_Installer.exe
1060	ADE_4.5_Installer.exe
1060	ADE_4.5_Installer.exe
1060	ADE_4.5_Installer.exe
1060	ADE_4.5_Installer.exe
1060	ADE_4.5_Installer.exe
1060	ADE_4.5_Installer.exe
1060	ADE_4.5_Installer.exe
1364	DigitalEditions.exe
940	WerFault.exe
940	WerFault.exe
940	WerFault.exe
940	WerFault.exe
940	WerFault.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	DigitalEditions.exe
File opened (read-only)	\??\J:	DigitalEditions.exe
File opened (read-only)	\??\S:	DigitalEditions.exe
File opened (read-only)	\??\W:	DigitalEditions.exe
File opened (read-only)	\??\Y:	DigitalEditions.exe
File opened (read-only)	\??\I:	DigitalEditions.exe
File opened (read-only)	\??\N:	DigitalEditions.exe
File opened (read-only)	\??\O:	DigitalEditions.exe
File opened (read-only)	\??\T:	DigitalEditions.exe
File opened (read-only)	\??\X:	DigitalEditions.exe
File opened (read-only)	\??\Z:	DigitalEditions.exe
File opened (read-only)	\??\F:	DigitalEditions.exe
File opened (read-only)	\??\G:	DigitalEditions.exe
File opened (read-only)	\??\L:	DigitalEditions.exe
File opened (read-only)	\??\M:	DigitalEditions.exe
File opened (read-only)	\??\U:	DigitalEditions.exe
File opened (read-only)	\??\V:	DigitalEditions.exe
File opened (read-only)	\??\E:	DigitalEditions.exe
File opened (read-only)	\??\K:	DigitalEditions.exe
File opened (read-only)	\??\P:	DigitalEditions.exe
File opened (read-only)	\??\Q:	DigitalEditions.exe
File opened (read-only)	\??\R:	DigitalEditions.exe

Drops file in Program Files directory 62 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ADEAutoUpdater_450.exe	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\CourierStd.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MyriadPro-Bold.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\de\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ja\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\nl\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\CourierStd-Oblique.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\SymbolStd.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\hyphenDicts\hyph_it.dic	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\userStyle.css	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MyriadPro-It.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\fr\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ko\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\zh-Hans\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\README.md	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\contentframe\load.js	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\CourierStd-Bold.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MinionPro-Regular.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\nl\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\hyphenDicts\hyph_pt.dic	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\de\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\rmsdk_wrapper.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\log4net.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\AdobeRDMHelper.js	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\uninstall.exe	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\hyphenDicts\hyph_es.dic	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\hyphenDicts\hyph_fr.dic	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\static\MOHighlight.css	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\static\sdk.css	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\fr\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\pt\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MyriadPro-BoldIt.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\ReadiumJS_InputFiles.txt	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\host_app_feedback.js	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\reader.html	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\CourierStd-BoldOblique.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MyriadPro-Regular.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\zh-Hant\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ko\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\migration.exe	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\ReaderClientCert.sig	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\load.html	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\rmsdk_epubReadingSystem.js	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\static\annotations.css	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\es\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\hyphenDicts\hyph_de.dic	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\Readium.js	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\lib\mathjax\MathJax.js	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\es\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\it\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ja\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MinionPro-It.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\hyphenDicts\hyph_en.dic	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\host_app_reference_files\sample_styles.css	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\it\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MinionPro-BoldIt.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\pt\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MinionPro-Bold.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\zh-Hans\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\zh-Hant\migration.resources.dll	ADE_4.5_Installer.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\migration.exe	ADE_4.5_Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
940	1364	WerFault.exe	30

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x0006000000016065-301.dat	nsis_installer_1
behavioral1/files/0x0006000000016065-301.dat	nsis_installer_2

Modifies registry class 43 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\.acsm	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.ACSMessage\DefaultIcon	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.epub\Content Type = "application/epub+zip"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.EPUB	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/epub+zip\ = "Adobe.EPUB"	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.acsm\Content Type = "application/vnd.adobe.adept+xml"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MIME\Database\Content Type\application/vnd.adobe.adept+xml	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions\shell\open	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB\shell\open\command	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\ = "Adobe Content Server Message"	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.adobe.adept+xml\ = "Adobe.ACSMessage"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.DigitalEditions\DefaultIcon	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions\shell	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB\DefaultIcon\ = "C:\\Program Files (x86)\\Adobe\\Adobe Digital Editions 4.5\\DigitalEditions.exe,-103"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MIME\Database\Content Type\application/epub+zip	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\DefaultIcon\ = "C:\\Program Files (x86)\\Adobe\\Adobe Digital Editions 4.5\\DigitalEditions.exe,-102"	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.adobe.adept+xml\Extension = ".acsm"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.epub	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions\shell\open\command	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.EPUB\DefaultIcon	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions\DefaultIcon	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB\ = "Adobe epub Document"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.EPUB\shell\open\command	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB\shell\open	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.acsm\ = "Adobe.ACSMessage"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\shell\open	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\shell\open\command	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB\shell\open\command\ = "\"C:\\Program Files (x86)\\Adobe\\Adobe Digital Editions 4.5\\DigitalEditions.exe\" \"%1\""	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\shell	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions\DefaultIcon\ = "C:\\Program Files (x86)\\Adobe\\Adobe Digital Editions 4.5\\DigitalEditions.exe,-103"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.DigitalEditions\shell\open\command	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB\shell	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/epub+zip\Extension = ".epub"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.ACSMessage	ADE_4.5_Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\EditFlags = 00010000	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.epub\ = "Adobe.DigitalEditions"	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions\shell\open\command\ = "\"C:\\Program Files (x86)\\Adobe\\Adobe Digital Editions 4.5\\DigitalEditions.exe\" \"%1\""	ADE_4.5_Installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\BrowserFlags = "8"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.ACSMessage\shell\open\command	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\shell\open\command\ = "\"C:\\Program Files (x86)\\Adobe\\Adobe Digital Editions 4.5\\DigitalEditions.exe\" \"%1\""	ADE_4.5_Installer.exe

Modifies system certificate store 2 TTPs 13 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	DigitalEditions.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	ADE_4.5_Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	ADE_4.5_Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	DigitalEditions.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	DigitalEditions.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	DigitalEditions.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	DigitalEditions.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	ADE_4.5_Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	ADE_4.5_Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	DigitalEditions.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	DigitalEditions.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1060 wrote to memory of 1364	1060	ADE_4.5_Installer.exe	30
PID 1060 wrote to memory of 1364	1060	ADE_4.5_Installer.exe	30
PID 1060 wrote to memory of 1364	1060	ADE_4.5_Installer.exe	30
PID 1060 wrote to memory of 1364	1060	ADE_4.5_Installer.exe	30
PID 1364 wrote to memory of 940	1364	DigitalEditions.exe	33
PID 1364 wrote to memory of 940	1364	DigitalEditions.exe	33
PID 1364 wrote to memory of 940	1364	DigitalEditions.exe	33
PID 1364 wrote to memory of 940	1364	DigitalEditions.exe	33

C:\Users\Admin\AppData\Local\Temp\ADE_4.5_Installer.exe
"C:\Users\Admin\AppData\Local\Temp\ADE_4.5_Installer.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1060
- C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe
  "C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Modifies system certificate store
  - Suspicious use of WriteProcessMemory
  PID:1364
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 1680
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:940

C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe
"C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe"
1⤵
- Executes dropped EXE
PID:1504

C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe
"C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe"
1⤵
- Executes dropped EXE
PID:1932

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\rmsdk_wrapper.dll

Filesize
10.0MB

MD5
24d805195f841260afb6d07e6c2a5109

SHA1
79c800cf11616e0e7d48380c0cad10af6ac63aa3

SHA256
1efd3c7eb30221e64f4864ae2824925fb8cd6f9f0d9bc4ecf2005827c7b4dc65

SHA512
2df3977fadc376d1e0c6617f36feada3428df022c77e65eba733ca65d51aae7c694891674a47e568b92073420c192bdc8c5daca1d1f3676dc46e9268e8de7ad7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae2390a1dafef5a569ed1cf1bc469cc5

SHA1
6bb1fb2f3536362b7c3bee86e8c8e8348e1e5ea8

SHA256
c8486ed630f94050f580cdbd466e5cd30457ffce8a317fc6ad7bafa58c888d67

SHA512
9d039bdd9f44778f6affd3e086dfaa516e6cd61c16b6c879a336eface3466b3bd497f69c0dc1ff7deea31e03d864691387aca356a57df19d0bfeb7dd88550e6d

Download Submit
C:\Users\Admin\AppData\Local\Adobe_Systems_Incorporate\DigitalEditions.exe_Url_qyaa14c3q2yckzgdtukp5ltfvp1pdpdu\2.0.0.0\uexhwdpv.newcfg

Filesize
1KB

MD5
015d269385fad7305690c0f24fa3489f

SHA1
a60770a847de3f8b059d137b6b10f2e1f12a4b26

SHA256
b36478d90af0b3e2ed99ed58271246c153f37dafca61c4e4f9e8c4a3edd36765

SHA512
e3cda57d74da75a6e875fae715fcc9d7ecc826101dfc7fcb11088f4f14bfd2f13b6636dddfd29dfc882105fe55200998df042d3371f62e9683a44369b906e308

Download Submit
C:\Users\Admin\AppData\Local\Adobe_Systems_Incorporate\DigitalEditions.exe_Url_qyaa14c3q2yckzgdtukp5ltfvp1pdpdu\2.0.0.0\user.config

Filesize
796B

MD5
08a537b5185e7f1172f90f39a3df8c10

SHA1
5cf67ccef7b2a8c3ed2d4b614dfd5b5fb7313e9f

SHA256
f65fcbbc0c898b182ba1156fc7e18172d2baaebd7bf3f4d4f8a0af614a6ddd35

SHA512
50b1d97bc0a9a83321645e4e0880341faba4821210c78b2a78c75d3bf9f2868db15dac37fa448038b395b8781fc6c2ed5a32f27c6eb2f59cf99d7f487065105d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4AFB.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\SCC.config

Filesize
2KB

MD5
cacadf4be29412521cfd8f0502182795

SHA1
3e59c0912012ad969a6ed6a75c8a2d990b947f52

SHA256
83a93e7f57ffc9457d314ac81091244f3980525d0b8d1fea7dc639a10c96c418

SHA512
a21b0021ab55787e04e038a4bccfc74084b4aab9ca1e82ce7bcc6e9595c7cca144445eb1fd2af1471a503c6cc8a6e8968158ed5d10da12c2cf8d776b90e9c97d

Download Submit
C:\Users\Admin\AppData\Local\Temp\SCC.dll

Filesize
175KB

MD5
5be02bb77d7202a2f21a5cac92596946

SHA1
034fb96c8052d2b5f2b3a995f4717d522eb0fb6b

SHA256
dc5a30727ff622fddfc40e7d0d416bea3a9c03db283e93b289b189f3fce92044

SHA512
4f1363f53162c62691f12ce5e0b97d217be532aa15ab2caefb46cbb29e47815d02fb2667e7045d2d12b78bcfca9369ccd962b6ea33f6780b90f156534a00cf8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TPI.dll

Filesize
1.5MB

MD5
602e36677544df1a495f34db24846cc3

SHA1
40a35195c29c9eda52dfb389d77972813741696e

SHA256
5601c1fa5006314c17778096cea23d0ec925d85ff40da7d30950574227a67a7b

SHA512
69ba49b0b4002f90997d18afaebc7369f1f0ce7b76dbab348f02609292e1b47ddda31ec96c49f6e5822ab5c04c72db658502b5fdc1d23f642b3ae9d84b98794a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4E7B.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstE27.tmp\System.dll

Filesize
11KB

MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae

SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b

SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstE27.tmp\UAC.dll

Filesize
14KB

MD5
4814167aa1c7ec892e84907094646faa

SHA1
a57a5ecbdfa9a8777a3c587f1acb02b783afc5ee

SHA256
32dd7269abf5a0e5db888e307d9df313e87cef4f1b597965a9d8e00934658822

SHA512
fb1f35e393997ecd2301f371892b59574ee6b666095c3a435336160481f6ef7ed5635c90ce5d2cf88e5ef4a5affb46cb841b7d17e7981bd6e998531193f5d067

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\rmsdk_wrapper.dll

Filesize
10.0MB

MD5
24d805195f841260afb6d07e6c2a5109

SHA1
79c800cf11616e0e7d48380c0cad10af6ac63aa3

SHA256
1efd3c7eb30221e64f4864ae2824925fb8cd6f9f0d9bc4ecf2005827c7b4dc65

SHA512
2df3977fadc376d1e0c6617f36feada3428df022c77e65eba733ca65d51aae7c694891674a47e568b92073420c192bdc8c5daca1d1f3676dc46e9268e8de7ad7

Download Submit
\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\uninstall.exe

Filesize
123KB

MD5
170247ad7f4e04da0486f827f0fe8434

SHA1
43f7753604f51d8be1ae7c4058ce6e9319c0421c

SHA256
46db03011f5f0e120af742c31eb4fee53bf8df47b614fae2d1ee829cf0d321f4

SHA512
333ed48cd4c9d4bb8c399d8c8659b55e33f79ff48e2c3a95b2388a568183900e26fdd4aafb10cf2d6080c7b0d587f49b02b6be36a664d85a680ad026ff5e6966

Download Submit
\Users\Admin\AppData\Local\Temp\SCC.dll

Filesize
175KB

MD5
5be02bb77d7202a2f21a5cac92596946

SHA1
034fb96c8052d2b5f2b3a995f4717d522eb0fb6b

SHA256
dc5a30727ff622fddfc40e7d0d416bea3a9c03db283e93b289b189f3fce92044

SHA512
4f1363f53162c62691f12ce5e0b97d217be532aa15ab2caefb46cbb29e47815d02fb2667e7045d2d12b78bcfca9369ccd962b6ea33f6780b90f156534a00cf8d

Download Submit
\Users\Admin\AppData\Local\Temp\SymCCIS.dll

Filesize
166KB

MD5
168729e94cf5e0a7ef69a0165e7f80e0

SHA1
f9aa7b94eec4ed2492e776c08fcc808ce11fef5c

SHA256
1b387097978d3f0fe7d2ff557e92b20556d58ea1225ea523b905cfcd2cfad0a2

SHA512
910e26eb8f8f79b7dffb5cfc54810d27af2d0c59dbe9c46dca3b288af5b48b5b7f1ae49b2cf410c25e215bf7c483e4a3a18afe7723409567ca6b89f41c99e296

Download Submit
\Users\Admin\AppData\Local\Temp\TPI.dll

Filesize
1.5MB

MD5
602e36677544df1a495f34db24846cc3

SHA1
40a35195c29c9eda52dfb389d77972813741696e

SHA256
5601c1fa5006314c17778096cea23d0ec925d85ff40da7d30950574227a67a7b

SHA512
69ba49b0b4002f90997d18afaebc7369f1f0ce7b76dbab348f02609292e1b47ddda31ec96c49f6e5822ab5c04c72db658502b5fdc1d23f642b3ae9d84b98794a

Download Submit
\Users\Admin\AppData\Local\Temp\nstE27.tmp\System.dll

Filesize
11KB

MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae

SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b

SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

Download Submit
\Users\Admin\AppData\Local\Temp\nstE27.tmp\UAC.dll

Filesize
14KB

MD5
4814167aa1c7ec892e84907094646faa

SHA1
a57a5ecbdfa9a8777a3c587f1acb02b783afc5ee

SHA256
32dd7269abf5a0e5db888e307d9df313e87cef4f1b597965a9d8e00934658822

SHA512
fb1f35e393997ecd2301f371892b59574ee6b666095c3a435336160481f6ef7ed5635c90ce5d2cf88e5ef4a5affb46cb841b7d17e7981bd6e998531193f5d067

Download Submit
memory/1060-203-0x0000000003CB0000-0x0000000003CB2000-memory.dmp

Filesize
8KB

Download
memory/1060-330-0x0000000074390000-0x00000000743A9000-memory.dmp

Filesize
100KB

Download
memory/1060-281-0x0000000073E50000-0x0000000073EE1000-memory.dmp

Filesize
580KB

Download
memory/1060-194-0x0000000003B20000-0x0000000003C97000-memory.dmp

Filesize
1.5MB

Download
memory/1060-285-0x0000000004750000-0x0000000004752000-memory.dmp

Filesize
8KB

Download
memory/1060-286-0x0000000074390000-0x000000007441B000-memory.dmp

Filesize
556KB

Download
memory/1060-202-0x0000000074390000-0x000000007441B000-memory.dmp

Filesize
556KB

Download
memory/1060-201-0x0000000074390000-0x000000007441B000-memory.dmp

Filesize
556KB

Download
memory/1364-332-0x0000000001050000-0x0000000001090000-memory.dmp

Filesize
256KB

Download
memory/1364-331-0x0000000001260000-0x000000000144E000-memory.dmp

Filesize
1.9MB

Download
memory/1364-447-0x0000000000310000-0x000000000031A000-memory.dmp

Filesize
40KB

Download
memory/1364-446-0x0000000001050000-0x0000000001090000-memory.dmp

Filesize
256KB

Download
memory/1364-445-0x0000000001050000-0x0000000001090000-memory.dmp

Filesize
256KB

Download
memory/1364-335-0x0000000000310000-0x000000000031A000-memory.dmp

Filesize
40KB

Download
memory/1364-333-0x0000000001050000-0x0000000001090000-memory.dmp

Filesize
256KB

Download
memory/1364-334-0x0000000000310000-0x000000000031A000-memory.dmp

Filesize
40KB

Download
memory/1364-625-0x0000000000310000-0x000000000031A000-memory.dmp

Filesize
40KB

Download