a21a9d5389728fdac6a7288953dddeea774ef2bee07f1caf7ea20bbed8f5a2c6

Analysis

max time kernel
143s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20-03-2023 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ADE_4.5_Installer.exe
Size

8.6MB
MD5

1efcd0c92784169fc1eec4e87788f6e8
SHA1

585e9eb828859ec005a5c280ff99408e65df1cb8
SHA256

a21a9d5389728fdac6a7288953dddeea774ef2bee07f1caf7ea20bbed8f5a2c6
SHA512

96353fa0dfba41c13f8742aac480dc14484107a285edf5c2d6e191c7f39fe3c78ccb68c226fbecd566fcd11561145c6dfdc187264d6d36959917eea3e0d1b5b9
SSDEEP

196608:/MUfuaC/K12qiyD6dmS/qY2fvYG2zZ8igA7Tt:EUWaK8iU6AsevY9ZUKt

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	ADE_4.5_Installer.exe

Executes dropped EXE 4 IoCs

pid	Process
3360	DigitalEditions.exe
4440	DigitalEditions.exe
2744	DigitalEditions.exe
2120	DigitalEditions.exe

Loads dropped DLL 9 IoCs

pid	Process
1944	ADE_4.5_Installer.exe
1944	ADE_4.5_Installer.exe
1944	ADE_4.5_Installer.exe
1944	ADE_4.5_Installer.exe
1944	ADE_4.5_Installer.exe
1944	ADE_4.5_Installer.exe
1944	ADE_4.5_Installer.exe
3360	DigitalEditions.exe
2120	DigitalEditions.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 44 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	DigitalEditions.exe
File opened (read-only)	\??\E:	DigitalEditions.exe
File opened (read-only)	\??\F:	DigitalEditions.exe
File opened (read-only)	\??\H:	DigitalEditions.exe
File opened (read-only)	\??\P:	DigitalEditions.exe
File opened (read-only)	\??\V:	DigitalEditions.exe
File opened (read-only)	\??\Q:	DigitalEditions.exe
File opened (read-only)	\??\N:	DigitalEditions.exe
File opened (read-only)	\??\S:	DigitalEditions.exe
File opened (read-only)	\??\X:	DigitalEditions.exe
File opened (read-only)	\??\M:	DigitalEditions.exe
File opened (read-only)	\??\N:	DigitalEditions.exe
File opened (read-only)	\??\T:	DigitalEditions.exe
File opened (read-only)	\??\U:	DigitalEditions.exe
File opened (read-only)	\??\J:	DigitalEditions.exe
File opened (read-only)	\??\O:	DigitalEditions.exe
File opened (read-only)	\??\Q:	DigitalEditions.exe
File opened (read-only)	\??\Y:	DigitalEditions.exe
File opened (read-only)	\??\P:	DigitalEditions.exe
File opened (read-only)	\??\V:	DigitalEditions.exe
File opened (read-only)	\??\W:	DigitalEditions.exe
File opened (read-only)	\??\L:	DigitalEditions.exe
File opened (read-only)	\??\R:	DigitalEditions.exe
File opened (read-only)	\??\W:	DigitalEditions.exe
File opened (read-only)	\??\X:	DigitalEditions.exe
File opened (read-only)	\??\I:	DigitalEditions.exe
File opened (read-only)	\??\G:	DigitalEditions.exe
File opened (read-only)	\??\Z:	DigitalEditions.exe
File opened (read-only)	\??\G:	DigitalEditions.exe
File opened (read-only)	\??\F:	DigitalEditions.exe
File opened (read-only)	\??\K:	DigitalEditions.exe
File opened (read-only)	\??\O:	DigitalEditions.exe
File opened (read-only)	\??\M:	DigitalEditions.exe
File opened (read-only)	\??\R:	DigitalEditions.exe
File opened (read-only)	\??\Y:	DigitalEditions.exe
File opened (read-only)	\??\E:	DigitalEditions.exe
File opened (read-only)	\??\K:	DigitalEditions.exe
File opened (read-only)	\??\L:	DigitalEditions.exe
File opened (read-only)	\??\T:	DigitalEditions.exe
File opened (read-only)	\??\I:	DigitalEditions.exe
File opened (read-only)	\??\J:	DigitalEditions.exe
File opened (read-only)	\??\S:	DigitalEditions.exe
File opened (read-only)	\??\Z:	DigitalEditions.exe
File opened (read-only)	\??\H:	DigitalEditions.exe

Drops file in Program Files directory 62 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\CourierStd-Bold.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\CourierStd.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\hyphenDicts\hyph_it.dic	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\static\annotations.css	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\log4net.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MinionPro-It.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\SymbolStd.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ja\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ko\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\migration.exe	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\CourierStd-BoldOblique.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\zh-Hans\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ADEAutoUpdater_450.exe	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\README.md	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\load.html	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\pt\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MinionPro-Regular.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\hyphenDicts\hyph_de.dic	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\hyphenDicts\hyph_en.dic	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\ReadiumJS_InputFiles.txt	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\fr\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\nl\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MyriadPro-It.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\AdobeRDMHelper.js	ADE_4.5_Installer.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\migration.exe	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MinionPro-Bold.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\hyphenDicts\hyph_fr.dic	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\reader.html	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\contentframe\load.js	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\userStyle.css	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\host_app_feedback.js	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\it\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\it\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MyriadPro-Regular.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\es\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\pt\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\hyphenDicts\hyph_pt.dic	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\rmsdk_epubReadingSystem.js	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\lib\mathjax\MathJax.js	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ko\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\zh-Hans\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\ja\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\Readium.js	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\host_app_reference_files\sample_styles.css	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\hyphenDicts\hyph_es.dic	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\es\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\nl\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\CourierStd-Oblique.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MyriadPro-Bold.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\static\MOHighlight.css	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\de\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\uninstall.exe	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MyriadPro-BoldIt.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\de\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\zh-Hant\DigitalEditions.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\zh-Hant\migration.resources.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\rmsdk_wrapper.dll	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\ReaderClientCert.sig	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\fonts\MinionPro-BoldIt.otf	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\resources\readium-shared-js\static\sdk.css	ADE_4.5_Installer.exe
File created	C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\fr\DigitalEditions.resources.dll	ADE_4.5_Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1612	3360	WerFault.exe	96
1716	2120	WerFault.exe	111

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 44 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\EditFlags = 00010000	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\shell\open\command	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.adobe.adept+xml\ = "Adobe.ACSMessage"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB\shell	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/epub+zip\Extension = ".epub"	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.acsm\Content Type = "application/vnd.adobe.adept+xml"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\shell\open	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions\DefaultIcon\ = "C:\\Program Files (x86)\\Adobe\\Adobe Digital Editions 4.5\\DigitalEditions.exe,-103"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.EPUB\shell\open\command	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB\shell\open	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/epub+zip\ = "Adobe.EPUB"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.ACSMessage	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\DefaultIcon\ = "C:\\Program Files (x86)\\Adobe\\Adobe Digital Editions 4.5\\DigitalEditions.exe,-102"	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB\ = "Adobe epub Document"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.acsm	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.ACSMessage\DefaultIcon	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.epub	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.epub\ = "Adobe.DigitalEditions"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.DigitalEditions\DefaultIcon	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.DigitalEditions\shell\open\command	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions\shell\open\command	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions\shell\open\command\ = "\"C:\\Program Files (x86)\\Adobe\\Adobe Digital Editions 4.5\\DigitalEditions.exe\" \"%1\""	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.acsm\ = "Adobe.ACSMessage"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.ACSMessage\shell\open\command	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\shell	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\shell\open\command\ = "\"C:\\Program Files (x86)\\Adobe\\Adobe Digital Editions 4.5\\DigitalEditions.exe\" \"%1\""	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\ = "Adobe Content Server Message"	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.adobe.adept+xml\Extension = ".acsm"	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.epub\Content Type = "application/epub+zip"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions\shell\open	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB\DefaultIcon\ = "C:\\Program Files (x86)\\Adobe\\Adobe Digital Editions 4.5\\DigitalEditions.exe,-103"	ADE_4.5_Installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.ACSMessage\BrowserFlags = "8"	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MIME\Database\Content Type\application/vnd.adobe.adept+xml	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions\DefaultIcon	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.DigitalEditions\shell	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.EPUB	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Adobe.EPUB\DefaultIcon	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB\shell\open\command	ADE_4.5_Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.EPUB\shell\open\command\ = "\"C:\\Program Files (x86)\\Adobe\\Adobe Digital Editions 4.5\\DigitalEditions.exe\" \"%1\""	ADE_4.5_Installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MIME\Database\Content Type\application/epub+zip	ADE_4.5_Installer.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	DigitalEditions.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	DigitalEditions.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	DigitalEditions.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	DigitalEditions.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	DigitalEditions.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	DigitalEditions.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	DigitalEditions.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	DigitalEditions.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2540	msedge.exe
2540	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 3360	1944	ADE_4.5_Installer.exe	96
PID 1944 wrote to memory of 3360	1944	ADE_4.5_Installer.exe	96
PID 1944 wrote to memory of 3360	1944	ADE_4.5_Installer.exe	96
PID 2888 wrote to memory of 2108	2888	msedge.exe	121
PID 2888 wrote to memory of 2108	2888	msedge.exe	121
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 4248	2888	msedge.exe	122
PID 2888 wrote to memory of 2540	2888	msedge.exe	123
PID 2888 wrote to memory of 2540	2888	msedge.exe	123
PID 2888 wrote to memory of 1528	2888	msedge.exe	124
PID 2888 wrote to memory of 1528	2888	msedge.exe	124
PID 2888 wrote to memory of 1528	2888	msedge.exe	124
PID 2888 wrote to memory of 1528	2888	msedge.exe	124
PID 2888 wrote to memory of 1528	2888	msedge.exe	124
PID 2888 wrote to memory of 1528	2888	msedge.exe	124
PID 2888 wrote to memory of 1528	2888	msedge.exe	124
PID 2888 wrote to memory of 1528	2888	msedge.exe	124
PID 2888 wrote to memory of 1528	2888	msedge.exe	124
PID 2888 wrote to memory of 1528	2888	msedge.exe	124
PID 2888 wrote to memory of 1528	2888	msedge.exe	124
PID 2888 wrote to memory of 1528	2888	msedge.exe	124
PID 2888 wrote to memory of 1528	2888	msedge.exe	124
PID 2888 wrote to memory of 1528	2888	msedge.exe	124
PID 2888 wrote to memory of 1528	2888	msedge.exe	124
PID 2888 wrote to memory of 1528	2888	msedge.exe	124
PID 2888 wrote to memory of 1528	2888	msedge.exe	124

C:\Users\Admin\AppData\Local\Temp\ADE_4.5_Installer.exe
"C:\Users\Admin\AppData\Local\Temp\ADE_4.5_Installer.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe
  "C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Modifies system certificate store
  PID:3360
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 2312
    3⤵
    - Program crash
    PID:1612

C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe
"C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe"
1⤵
- Executes dropped EXE
PID:4440

C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe
"C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe"
1⤵
- Executes dropped EXE
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3360 -ip 3360
1⤵
PID:3764

C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe
"C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
PID:2120
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 2356
  2⤵
  - Program crash
  PID:1716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 2120 -ip 2120
1⤵
PID:3832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.adobe.com/go/digital-editions-4.5
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc4daa46f8,0x7ffc4daa4708,0x7ffc4daa4718
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10038437018823341024,4579537631692989496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10038437018823341024,4579537631692989496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,10038437018823341024,4579537631692989496,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10038437018823341024,4579537631692989496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10038437018823341024,4579537631692989496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10038437018823341024,4579537631692989496,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:3768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2652

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4848

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe

Filesize
1.9MB

MD5
fd1575d9c11b11a7ddd1c9384f10de50

SHA1
493f7b702b208a6cd989af596ebd230e6ee73374

SHA256
42332fff8f5f8a32cc7edc89a98f9e580592b909d25c55e472cad30c090daa2e

SHA512
5887436cf297c609f5b07e6c499a178047fc1acb372551dc47259eac18a9f09cd7a68ade2fa6f71a5789f061254906e8511fa35bf9c3251118eef7fdbb9dcf7d

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\rmsdk_wrapper.dll

Filesize
10.0MB

MD5
24d805195f841260afb6d07e6c2a5109

SHA1
79c800cf11616e0e7d48380c0cad10af6ac63aa3

SHA256
1efd3c7eb30221e64f4864ae2824925fb8cd6f9f0d9bc4ecf2005827c7b4dc65

SHA512
2df3977fadc376d1e0c6617f36feada3428df022c77e65eba733ca65d51aae7c694891674a47e568b92073420c192bdc8c5daca1d1f3676dc46e9268e8de7ad7

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\rmsdk_wrapper.dll

Filesize
10.0MB

MD5
24d805195f841260afb6d07e6c2a5109

SHA1
79c800cf11616e0e7d48380c0cad10af6ac63aa3

SHA256
1efd3c7eb30221e64f4864ae2824925fb8cd6f9f0d9bc4ecf2005827c7b4dc65

SHA512
2df3977fadc376d1e0c6617f36feada3428df022c77e65eba733ca65d51aae7c694891674a47e568b92073420c192bdc8c5daca1d1f3676dc46e9268e8de7ad7

Download Submit
C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\rmsdk_wrapper.dll

Filesize
10.0MB

MD5
24d805195f841260afb6d07e6c2a5109

SHA1
79c800cf11616e0e7d48380c0cad10af6ac63aa3

SHA256
1efd3c7eb30221e64f4864ae2824925fb8cd6f9f0d9bc4ecf2005827c7b4dc65

SHA512
2df3977fadc376d1e0c6617f36feada3428df022c77e65eba733ca65d51aae7c694891674a47e568b92073420c192bdc8c5daca1d1f3676dc46e9268e8de7ad7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D

Filesize
471B

MD5
5eef470a8a3edbbbfaee26e5bcdef303

SHA1
caec6aa6d4609f5e051651007c6989780c07835f

SHA256
b74150c8dc604a21f1f2f1fac38ceab6b49daff6eb5016c1df05f8241e7419a4

SHA512
e961529f665bf5b6ba94db0ab261a7106c99fedb2689809f22e038a5b53660f0187af0b776aca61c2ed6df2006b60329a74668873ed5cf7c869cb33f92d892a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
e7e6dabffb19f6e34343eda21d6f93cc

SHA1
c0bb80134fb24fb4f1cdb66750506920d46380fe

SHA256
d00b2ef951af0ea8f1abc14bf26c61ad9c996b9e737e7e414e2da1cd45bb4c0e

SHA512
9d7e454b9dd54009894e1ce2429d7e47c5237701383e9770ea900fc39d30d12ad081b8c8c4f7dbd41914dcd57ef0bc61e7a6c7e57ef8e6f4a4b3c0eb0d15309b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DA3B6E45325D5FFF28CF6BAD6065C907_3F5AB047FCBD5D0F85FEA2BA80184086

Filesize
471B

MD5
55c6b76a5348a91efe34cc5a4b59153c

SHA1
4c831bd527df20e0fc1ab3094e32821d21228ceb

SHA256
26ad5a8c4cdac2b755fcbef8f8812b71af499d0170d7c2898d3a6d81da38bf6b

SHA512
03c1c6f5212b93916b506c2709fcf2bf2253a31aa06aa7dd29dc66e3581c10bd27fdf7c6384b1f1aa94f3a6e8256e007a0eb2d71add8fb23f814ce503f58f87e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D

Filesize
396B

MD5
32331a213938e832613bbace94a43449

SHA1
f2f18dca903cca121253c988a39898a88e522a51

SHA256
02a5642f008d6f84a4d38575bfbdbd22df412bb9c7371f74e929050cdd406622

SHA512
bac3e6c2ed0283d75b3f2ef916076c208e36c5b9745383f4f6ba3def1942c4c2a261c67248f07906c913e49f1bf1ea2bb1f42bd631732527da156535552b1d8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
4847ee7c9fe463be1b1b16099e6deb42

SHA1
a9d15aba15ddd878b6d2f655f3abc435a491ec57

SHA256
d883487818929f7d5627c586d190640b3d89a320534b027792f4a38785a60b37

SHA512
200e14ca6726b031a2575a437683d79a1e1cee9233cde39000d56123eab6af3c7291d9d7715cd56a350927a123596d2647d988b1f6bdf55f58ba597d6a551240

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_3F5AB047FCBD5D0F85FEA2BA80184086

Filesize
438B

MD5
c1e0432243cbfc15d1403b73544819c7

SHA1
3c1116c3cf02f9c98b3d7ab50f735f4ee07f4129

SHA256
ca8c04e982b3679d994c472bee0a1bd5d141db264245e82ba5cc1ccfc06f7877

SHA512
ef58966a24854d96695948990bd341597d846c50e476c9589a7973b65ae3f63680e738f3d7528f3683ae8aa187365ce55df12b4826ec103bc7750e23081c42d9

Download Submit
C:\Users\Admin\AppData\Local\Adobe_Systems_Incorporate\DigitalEditions.exe_Url_qyaa14c3q2yckzgdtukp5ltfvp1pdpdu\2.0.0.0\1pkbyu4u.newcfg

Filesize
1KB

MD5
015d269385fad7305690c0f24fa3489f

SHA1
a60770a847de3f8b059d137b6b10f2e1f12a4b26

SHA256
b36478d90af0b3e2ed99ed58271246c153f37dafca61c4e4f9e8c4a3edd36765

SHA512
e3cda57d74da75a6e875fae715fcc9d7ecc826101dfc7fcb11088f4f14bfd2f13b6636dddfd29dfc882105fe55200998df042d3371f62e9683a44369b906e308

Download Submit
C:\Users\Admin\AppData\Local\Adobe_Systems_Incorporate\DigitalEditions.exe_Url_qyaa14c3q2yckzgdtukp5ltfvp1pdpdu\2.0.0.0\user.config

Filesize
796B

MD5
08a537b5185e7f1172f90f39a3df8c10

SHA1
5cf67ccef7b2a8c3ed2d4b614dfd5b5fb7313e9f

SHA256
f65fcbbc0c898b182ba1156fc7e18172d2baaebd7bf3f4d4f8a0af614a6ddd35

SHA512
50b1d97bc0a9a83321645e4e0880341faba4821210c78b2a78c75d3bf9f2868db15dac37fa448038b395b8781fc6c2ed5a32f27c6eb2f59cf99d7f487065105d

Download Submit
C:\Users\Admin\AppData\Local\Adobe_Systems_Incorporate\DigitalEditions.exe_Url_qyaa14c3q2yckzgdtukp5ltfvp1pdpdu\2.0.0.0\user.config

Filesize
796B

MD5
08a537b5185e7f1172f90f39a3df8c10

SHA1
5cf67ccef7b2a8c3ed2d4b614dfd5b5fb7313e9f

SHA256
f65fcbbc0c898b182ba1156fc7e18172d2baaebd7bf3f4d4f8a0af614a6ddd35

SHA512
50b1d97bc0a9a83321645e4e0880341faba4821210c78b2a78c75d3bf9f2868db15dac37fa448038b395b8781fc6c2ed5a32f27c6eb2f59cf99d7f487065105d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DigitalEditions.exe.log

Filesize
1KB

MD5
44e269a1b21f1c56f870bd443ae2b47e

SHA1
b15eefb9fb8d5f55f1c10f7942fc4a54ad8ceddd

SHA256
018255ce66edb432315980a01bf545600a958620769d2aa4df9983b6feb14b58

SHA512
ea4a1dc71321560d3782439f1e0e4fce7cc43ece395f0ab35924c8fbebe95e0fb32f0042d8f60ec41d919f26a57a21102a57be37c0de1e066f6b5b891a6c710a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
e49fe7040b3b9a52529acca46d034268

SHA1
ca94747ebc089b5745962090378be95ab982ac09

SHA256
c4f67d06dd4bd85ccf1470811a97d902a5cf37442eb98984430686c478879a43

SHA512
868914a73e6443e426f2b2f00b7e4eb0bd897f543bdcedc53c3d1bf604e4866e1e488ddbc1368cfe818d314c17182504e6e4caacac306077dc332cdf2293a0be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5880e3.TMP

Filesize
48B

MD5
1c7204c90e16d3a487c513aeafd23c01

SHA1
c3815f8ead74cee63922e22bb0784b21d0e6f6f2

SHA256
9920cc1e8f52f83f7f0f47d391bf679d5e844ebffdb2f26c291480ea878093e9

SHA512
78869630d67fa106a6454ebc84d8733294c8913675cca87e95581601234a59d44c29849c896968478fd46fc65a9952a80884f5b4c04fd89ad3c12c50c3c9936c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
d7f7cc32ceac1300d7f934309d4443dd

SHA1
459a782fed31402d2f81aeef6b090fde11aa192c

SHA256
eef7d91c27021330c0947b964ec0b1a0de842bbb47b9b00e1dec6ef16c2d5774

SHA512
0b85407fbba20bddddd30cdd0028f4289f6405e1b7c6f60f9f7f3ef7e8c7a58a81b30b489ac208d589fc8ade933209523ed91d8f220d005dbf70543937b7bd54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
968B

MD5
42d542b50fe336e241b91c8364dc04c4

SHA1
dcf625bf31b749510e4e0f77904cb36518a58f71

SHA256
12c49c333af155d5ac1ba649954eab8ff8941596255df7b6370ef213b99f025e

SHA512
6276507d73ab942046ec5f1ad9d621c67caee929c5d2187dfdb8dc8e78055a1efbdcff472b537f6517b5f71309db378d8cec9b19af2a93a50e2722f52d9d507b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
cfe1959d09c26dc04e0b462cbbf0ee1b

SHA1
cde4eecdefa7720d3e2af082d8136881ea2bee0b

SHA256
25f937825f30e5f0a918e45f866826be1e509715b4427725f1a3f338b7d76736

SHA512
14feb7c534ef970a3c0924fd1781dc301db4486be28ad59df1ae309ee9fe94599de0d813ef6ccde02c526b46300153756238044c1328f180734198e5761780b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3e33a5ac9966b700151c6f0aa32c16f

SHA1
a64726e106f034bf5f27f8700022d28c1811c813

SHA256
382c7b5379366f09783a32da3bfc8c1ee01b25578c26ca36eded2a60d2e40bbd

SHA512
1d1944f88e773691ce14161ac4b1cf235c3d5fd4a13263c02b60f5fd5fe327d2361269b040793c994430aba0c6c9173c2b556ee7dbfe91328559ab58e50a24b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
1862e082e5149ad2e56cbbbc0a55be22

SHA1
4c0efa3d530b69c11b754ea852b3b5911da0e489

SHA256
87611e8f1e8aa1e284199d78b79c04c96f44d1b872d6cf0e52a05df4768f597d

SHA512
8110469dc8fa483aefc13c3e42894314ba9b762cd6b69a51b6b9a3ea6a38532cacb8994af560d9ee16a0a4a3ec637dcb2713399d1b032cda9ad15997a82d98ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\SCC.config

Filesize
2KB

MD5
cacadf4be29412521cfd8f0502182795

SHA1
3e59c0912012ad969a6ed6a75c8a2d990b947f52

SHA256
83a93e7f57ffc9457d314ac81091244f3980525d0b8d1fea7dc639a10c96c418

SHA512
a21b0021ab55787e04e038a4bccfc74084b4aab9ca1e82ce7bcc6e9595c7cca144445eb1fd2af1471a503c6cc8a6e8968158ed5d10da12c2cf8d776b90e9c97d

Download Submit
C:\Users\Admin\AppData\Local\Temp\SCC.dll

Filesize
175KB

MD5
5be02bb77d7202a2f21a5cac92596946

SHA1
034fb96c8052d2b5f2b3a995f4717d522eb0fb6b

SHA256
dc5a30727ff622fddfc40e7d0d416bea3a9c03db283e93b289b189f3fce92044

SHA512
4f1363f53162c62691f12ce5e0b97d217be532aa15ab2caefb46cbb29e47815d02fb2667e7045d2d12b78bcfca9369ccd962b6ea33f6780b90f156534a00cf8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\SCC.dll

Filesize
175KB

MD5
5be02bb77d7202a2f21a5cac92596946

SHA1
034fb96c8052d2b5f2b3a995f4717d522eb0fb6b

SHA256
dc5a30727ff622fddfc40e7d0d416bea3a9c03db283e93b289b189f3fce92044

SHA512
4f1363f53162c62691f12ce5e0b97d217be532aa15ab2caefb46cbb29e47815d02fb2667e7045d2d12b78bcfca9369ccd962b6ea33f6780b90f156534a00cf8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\SymCCIS.dll

Filesize
166KB

MD5
168729e94cf5e0a7ef69a0165e7f80e0

SHA1
f9aa7b94eec4ed2492e776c08fcc808ce11fef5c

SHA256
1b387097978d3f0fe7d2ff557e92b20556d58ea1225ea523b905cfcd2cfad0a2

SHA512
910e26eb8f8f79b7dffb5cfc54810d27af2d0c59dbe9c46dca3b288af5b48b5b7f1ae49b2cf410c25e215bf7c483e4a3a18afe7723409567ca6b89f41c99e296

Download Submit
C:\Users\Admin\AppData\Local\Temp\TPI.dll

Filesize
1.5MB

MD5
602e36677544df1a495f34db24846cc3

SHA1
40a35195c29c9eda52dfb389d77972813741696e

SHA256
5601c1fa5006314c17778096cea23d0ec925d85ff40da7d30950574227a67a7b

SHA512
69ba49b0b4002f90997d18afaebc7369f1f0ce7b76dbab348f02609292e1b47ddda31ec96c49f6e5822ab5c04c72db658502b5fdc1d23f642b3ae9d84b98794a

Download Submit
C:\Users\Admin\AppData\Local\Temp\TPI.dll

Filesize
1.5MB

MD5
602e36677544df1a495f34db24846cc3

SHA1
40a35195c29c9eda52dfb389d77972813741696e

SHA256
5601c1fa5006314c17778096cea23d0ec925d85ff40da7d30950574227a67a7b

SHA512
69ba49b0b4002f90997d18afaebc7369f1f0ce7b76dbab348f02609292e1b47ddda31ec96c49f6e5822ab5c04c72db658502b5fdc1d23f642b3ae9d84b98794a

Download Submit
C:\Users\Admin\AppData\Local\Temp\TPI.dll

Filesize
1.5MB

MD5
602e36677544df1a495f34db24846cc3

SHA1
40a35195c29c9eda52dfb389d77972813741696e

SHA256
5601c1fa5006314c17778096cea23d0ec925d85ff40da7d30950574227a67a7b

SHA512
69ba49b0b4002f90997d18afaebc7369f1f0ce7b76dbab348f02609292e1b47ddda31ec96c49f6e5822ab5c04c72db658502b5fdc1d23f642b3ae9d84b98794a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw721A.tmp\System.dll

Filesize
11KB

MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae

SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b

SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw721A.tmp\UAC.dll

Filesize
14KB

MD5
4814167aa1c7ec892e84907094646faa

SHA1
a57a5ecbdfa9a8777a3c587f1acb02b783afc5ee

SHA256
32dd7269abf5a0e5db888e307d9df313e87cef4f1b597965a9d8e00934658822

SHA512
fb1f35e393997ecd2301f371892b59574ee6b666095c3a435336160481f6ef7ed5635c90ce5d2cf88e5ef4a5affb46cb841b7d17e7981bd6e998531193f5d067

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw721A.tmp\UAC.dll

Filesize
14KB

MD5
4814167aa1c7ec892e84907094646faa

SHA1
a57a5ecbdfa9a8777a3c587f1acb02b783afc5ee

SHA256
32dd7269abf5a0e5db888e307d9df313e87cef4f1b597965a9d8e00934658822

SHA512
fb1f35e393997ecd2301f371892b59574ee6b666095c3a435336160481f6ef7ed5635c90ce5d2cf88e5ef4a5affb46cb841b7d17e7981bd6e998531193f5d067

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw721A.tmp\UAC.dll

Filesize
14KB

MD5
4814167aa1c7ec892e84907094646faa

SHA1
a57a5ecbdfa9a8777a3c587f1acb02b783afc5ee

SHA256
32dd7269abf5a0e5db888e307d9df313e87cef4f1b597965a9d8e00934658822

SHA512
fb1f35e393997ecd2301f371892b59574ee6b666095c3a435336160481f6ef7ed5635c90ce5d2cf88e5ef4a5affb46cb841b7d17e7981bd6e998531193f5d067

Download Submit
memory/1944-308-0x00000000060B0000-0x00000000060B2000-memory.dmp

Filesize
8KB

Download
memory/1944-309-0x0000000074220000-0x00000000742AB000-memory.dmp

Filesize
556KB

Download
memory/1944-274-0x0000000005480000-0x00000000055F7000-memory.dmp

Filesize
1.5MB

Download
memory/1944-284-0x0000000074220000-0x00000000742AB000-memory.dmp

Filesize
556KB

Download
memory/1944-285-0x0000000005610000-0x0000000005612000-memory.dmp

Filesize
8KB

Download
memory/1944-352-0x0000000073840000-0x00000000738B1000-memory.dmp

Filesize
452KB

Download
memory/1944-307-0x0000000073840000-0x00000000738D1000-memory.dmp

Filesize
580KB

Download
memory/2120-690-0x00000000051F0000-0x0000000005200000-memory.dmp

Filesize
64KB

Download
memory/2120-590-0x00000000051F0000-0x0000000005200000-memory.dmp

Filesize
64KB

Download
memory/2120-589-0x00000000051F0000-0x0000000005200000-memory.dmp

Filesize
64KB

Download
memory/2120-691-0x00000000051F0000-0x0000000005200000-memory.dmp

Filesize
64KB

Download
memory/3360-356-0x0000000005090000-0x00000000050A0000-memory.dmp

Filesize
64KB

Download
memory/3360-346-0x0000000000420000-0x000000000060E000-memory.dmp

Filesize
1.9MB

Download
memory/3360-355-0x0000000005090000-0x00000000050A0000-memory.dmp

Filesize
64KB

Download
memory/3360-527-0x0000000005090000-0x00000000050A0000-memory.dmp

Filesize
64KB

Download
memory/3360-528-0x0000000005090000-0x00000000050A0000-memory.dmp

Filesize
64KB

Download