3deac60bcee2553037d0f1f06ae2f54b0e8affbded1945103f52e767451b6987

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/04/2024, 05:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Icecream.Ebook.Reader.6.42.exe
Size

29.9MB
MD5

f90a896fdd0d372765f89c555fd286c4
SHA1

fb4b58bed3b58bbbbfde076db19a3566ea219313
SHA256

3deac60bcee2553037d0f1f06ae2f54b0e8affbded1945103f52e767451b6987
SHA512

181ca289ff9d6250d70dbf9daf86877bf964a3d7593f8849715f85a2d11a44eff1c5f735617d8cfa16e901f78f2d6c7db116cf70498bf11ec370673b50306c36
SSDEEP

393216:tG+iYL1uLvfZHPD4dlgepR2UpoU1SyTzYIrDyI5SYpyuOl1mMCQiiIV+Oh2loKj5:t0vBvMdlgelAyHYWvwYsukrQiwhWo4n

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2968	Icecream.Ebook.Reader.6.42.tmp
2688	icebookreader.exe

Loads dropped DLL 64 IoCs

pid	Process
2524	Icecream.Ebook.Reader.6.42.exe
2968	Icecream.Ebook.Reader.6.42.tmp
2968	Icecream.Ebook.Reader.6.42.tmp
2968	Icecream.Ebook.Reader.6.42.tmp
2968	Icecream.Ebook.Reader.6.42.tmp
2968	Icecream.Ebook.Reader.6.42.tmp
2968	Icecream.Ebook.Reader.6.42.tmp
2968	Icecream.Ebook.Reader.6.42.tmp
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	icebookreader.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-conio-l1-1-0.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-libraryloader-l1-1-0.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-console-l1-1-0.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-BNB87.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-UEM7E.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-EDPI9.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\unins000.dat	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\libxslt.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-JMK54.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-V114P.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-ARF67.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\libssl-1_1.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-NEQK1.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-9FU72.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-1BHAK.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\icebooksvc.exe	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-sysinfo-l1-1-0.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-debug-l1-1-0.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-NPP8F.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-9GEBA.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-errorhandling-l1-1-0.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5WinExtras.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-QFQD7.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-C84NB.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-localization-l1-2-0.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-EAH6U.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\sqldrivers\is-2911F.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-MB5NB.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-KUS0H.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\sqldrivers\qsqlite.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\vcruntime140.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-8NTC0.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\imageformats\qico.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-handle-l1-1-0.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-N6NRQ.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-P30LJ.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-DBI36.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-ENL5B.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-8TNGV.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-7RPH4.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-TGVTB.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-rtlsupport-l1-1-0.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-console-l1-2-0.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-4MDMN.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\imageformats\is-ALPC7.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-RVAS3.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-FCK8E.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-GSNAE.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-NQIG7.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-DHNKN.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\platforms\qwindows.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-R5R4B.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-4PIR5.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-namedpipe-l1-1-0.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\imageformats\qtiff.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-IPLH6.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-E09KC.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-79TJ4.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Xml.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-KH1A2.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-MS3UV.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-T5AFI.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-3MLE4.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-OPPDU.tmp	Icecream.Ebook.Reader.6.42.tmp

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.app.log	dxdiag.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\ = "DxDiagProvider Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cbr	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cbr\ = "IcecreamEbookReader\\CBR"	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.epub	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\MOBI\shell\open\command	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2\DefaultIcon\ = "C:\\Program Files (x86)\\Icecream Ebook Reader 6\\fb2.ico"	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBZ\DefaultIcon	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cbz	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\EPUB\shell\open	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBR\shell\open	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBR\shell\open\command\ = "\"C:\\Program Files (x86)\\Icecream Ebook Reader 6\\icebookreader.exe\" \"%1\""	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.epub	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\EPUB\DefaultIcon	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\MOBI\shell\open	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2\shell\open\command\ = "\"C:\\Program Files (x86)\\Icecream Ebook Reader 6\\icebookreader.exe\" \"%1\""	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2\shell\open	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBZ\shell\open\command	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.fb2\ = "IcecreamEbookReader\\FB2"	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.epub\OpenWithList\a = "\"C:\\Program Files (x86)\\Icecream Ebook Reader 6\\icebookreader.exe\" \"%1\""	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\MOBI\DefaultIcon	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBZ\shell	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ = "DxDiagClassObject Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.epub\ = "IcecreamEbookReader\\EPUB"	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\EPUB	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBZ\shell\open\command\ = "\"C:\\Program Files (x86)\\Icecream Ebook Reader 6\\icebookreader.exe\" \"%1\""	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Windows\CurrentVersion	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\EPUB\shell	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\EPUB\shell\open\command\ = "\"C:\\Program Files (x86)\\Icecream Ebook Reader 6\\icebookreader.exe\" \"%1\""	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBR\DefaultIcon\ = "C:\\Program Files (x86)\\Icecream Ebook Reader 6\\cbr.ico"	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBZ\DefaultIcon\ = "C:\\Program Files (x86)\\Icecream Ebook Reader 6\\cbz.ico"	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\MOBI\shell\open\command\ = "\"C:\\Program Files (x86)\\Icecream Ebook Reader 6\\icebookreader.exe\" \"%1\""	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBR\DefaultIcon	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cbz\ = "IcecreamEbookReader\\CBZ"	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2\shell	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBZ	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\SysWOW64\\dxdiagn.dll"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mobi\ = "IcecreamEbookReader\\MOBI"	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.fb2	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CLSID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\EPUB\shell\open\command	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2\DefaultIcon	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBR\shell	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBZ\shell\open	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove\ = "Programmable"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}	dxdiag.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2688	icebookreader.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2968	Icecream.Ebook.Reader.6.42.tmp
2968	Icecream.Ebook.Reader.6.42.tmp
2968	Icecream.Ebook.Reader.6.42.tmp
2968	Icecream.Ebook.Reader.6.42.tmp
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
2688	icebookreader.exe
1204	dxdiag.exe
1204	dxdiag.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2688	icebookreader.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeRestorePrivilege	1204	dxdiag.exe
Token: SeRestorePrivilege	1204	dxdiag.exe
Token: SeRestorePrivilege	1204	dxdiag.exe
Token: SeRestorePrivilege	1204	dxdiag.exe
Token: SeRestorePrivilege	1204	dxdiag.exe
Token: SeRestorePrivilege	1204	dxdiag.exe
Token: SeRestorePrivilege	1204	dxdiag.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2968	Icecream.Ebook.Reader.6.42.tmp

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2688	icebookreader.exe
2688	icebookreader.exe
1204	dxdiag.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2968	2524	Icecream.Ebook.Reader.6.42.exe	28
PID 2524 wrote to memory of 2968	2524	Icecream.Ebook.Reader.6.42.exe	28
PID 2524 wrote to memory of 2968	2524	Icecream.Ebook.Reader.6.42.exe	28
PID 2524 wrote to memory of 2968	2524	Icecream.Ebook.Reader.6.42.exe	28
PID 2524 wrote to memory of 2968	2524	Icecream.Ebook.Reader.6.42.exe	28
PID 2524 wrote to memory of 2968	2524	Icecream.Ebook.Reader.6.42.exe	28
PID 2524 wrote to memory of 2968	2524	Icecream.Ebook.Reader.6.42.exe	28
PID 2968 wrote to memory of 2688	2968	Icecream.Ebook.Reader.6.42.tmp	30
PID 2968 wrote to memory of 2688	2968	Icecream.Ebook.Reader.6.42.tmp	30
PID 2968 wrote to memory of 2688	2968	Icecream.Ebook.Reader.6.42.tmp	30
PID 2968 wrote to memory of 2688	2968	Icecream.Ebook.Reader.6.42.tmp	30
PID 2688 wrote to memory of 1204	2688	icebookreader.exe	31
PID 2688 wrote to memory of 1204	2688	icebookreader.exe	31
PID 2688 wrote to memory of 1204	2688	icebookreader.exe	31
PID 2688 wrote to memory of 1204	2688	icebookreader.exe	31

C:\Users\Admin\AppData\Local\Temp\Icecream.Ebook.Reader.6.42.exe
"C:\Users\Admin\AppData\Local\Temp\Icecream.Ebook.Reader.6.42.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Users\Admin\AppData\Local\Temp\is-KR8I4.tmp\Icecream.Ebook.Reader.6.42.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-KR8I4.tmp\Icecream.Ebook.Reader.6.42.tmp" /SL5="$4010A,31006947,76288,C:\Users\Admin\AppData\Local\Temp\Icecream.Ebook.Reader.6.42.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2968
- - C:\Program Files (x86)\Icecream Ebook Reader 6\icebookreader.exe
    "C:\Program Files (x86)\Icecream Ebook Reader 6\icebookreader.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Writes to the Master Boot Record (MBR)
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Windows\SysWOW64\dxdiag.exe
      dxdiag.exe /whql:off /t C:/Users/Admin/.Icecream Ebook Reader/log/dxdiag.txt
      4⤵
      Drops file in Windows directory
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:1204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Core.dll

Filesize
5.1MB

MD5
316fb94da47eac5933f3007a8cca4356

SHA1
4c17a1a8e21940066bcbb5a0f09f6da9c26039da

SHA256
0ded0e1cdb33b58ccb8fa20837ebfa9d17a9737bceb078d0d16f3ef4ac349c5d

SHA512
b791a9dc14cb852344d33a7f0dfa5c3c7ac54e50b888024e6795a9ff5372b8554e464c9af9280289652981b58723c9e4bc72c514d3c346cd020998f67ab84d95

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Network.dll

Filesize
1.0MB

MD5
0fd8ad9b5fe25811e9fa9125e791e083

SHA1
680fda9f8b4ebee870c5dea0e9dfee0a918e4e5e

SHA256
c9a7571426bb7d0f0939dc4d39d22329373fbd0320708ec6b99c0f516ff77d78

SHA512
60899b2fd00d7ac3b34639891664f2f280fd32af1b0adb2ded09db87336243bcdcd731f8d30cffa665a2bceac83771622e755edaa8ddf5889539b66abb842e8e

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Qml.dll

Filesize
3.0MB

MD5
87dc31a3eb405ec971cfa69f866b7825

SHA1
982f9234f170c73ada14bffe76c853f0922d225a

SHA256
f30c44664f0d68d5cebb6dcea5221bf221936c50702ed51ca5fd523dab69f21c

SHA512
23e18bfd76361356dd6d23be93e971d1bd6d095c6a43b4cc8471f93f347c835b44511e2fcad4886b1f7e9ede25b12758105e34d593d06513d18ff915eead79ef

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Quick.dll

Filesize
3.4MB

MD5
3311bebf5a6860b6814e94f69be88c3a

SHA1
b7c292b795dbb02dfed3bbff1ff93e5532e8614c

SHA256
e867aa5bfa6a121add73cf0bfb363894e4824e19b2418fe95fcec8d09563cbb7

SHA512
f1eecd413a1a9ccfa3210d5c8e9488fb2bfe1ddf9324e553f5251fdb50250c1f552671e5b1fc69e66fb04788dc53709b2201e6744051f0be4ab610783ea35609

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5WebKit.dll

Filesize
27.8MB

MD5
3520fc87f8db27e2297361ae81e9e2a9

SHA1
312cfed9e2f0c0fe75c26d3f6d2ca529c5d20b47

SHA256
3b4739a0436d40e0132a62b9401c188bce17411bb85fd976cad6746e63ba78c1

SHA512
8cf34981c98a59b6e812e64c1ec1ca9a23aec7929d28a4b47f4c2b016f6a4e155c2388c10b41174f6f33658b1eb90765083137884fecf4cb0c7bba0f73daca60

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\VCRUNTIME140.dll

Filesize
74KB

MD5
afa8fb684eded0d4ca6aa03aebea446f

SHA1
98bbb8543d4b3fbecebb952037adb0f9869a63a5

SHA256
44de8d0dc9994bff357344c44f12e8bfff8150442f7ca313298b98e6c23a588e

SHA512
6669eec07269002c881467d4f4af82e5510928ea32ce79a7b1f51a71ba9567e8d99605c5bc86f940a7b70231d70638aeb2f6c2397ef197bd4c28f5e9fad40312

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
7481e20041cf8e366d737962d23ec9de

SHA1
a13c9a2d6cf6c92050eaae5ecb090a401359d992

SHA256
4615ec9effc0c27fc0cfd23ad9d87534cbe745998b7d318ae84ece5ea1338551

SHA512
f7a8e381d1ac2704d61258728a9175834cf414f7f2ff79bd8853e8359d6468839585cb643f0871334b943b0f7b0d868e077f6bd3f61668e54785ee8b94bf7903

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\libcurl.dll

Filesize
442KB

MD5
8a7fc677209284bf28a8c15086521000

SHA1
a7b42c8a0731c73ec3da57bd3c5689bcda78a093

SHA256
4c6c93a1a599201d27371d1ecbb33fd6342be9e826febc71e8a92f1253fdc62b

SHA512
68bd451803fc932da741677351e63bbfa44abfb84091fbd4ee18c23d84175fb5427c5ee642019d1e31540d1271ac3ffca546007b4cf8d92a05241f3e5b738688

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\ucrtbase.DLL

Filesize
1.1MB

MD5
126fb99e7037b6a56a14d701fd27178b

SHA1
0969f27c4a0d8270c34edb342510de4f388752cd

SHA256
10f8f24aa678db8e38e6917748c52bbcd219161b9a07286d6f8093ab1d0318fa

SHA512
d787a9530bce036d405988770621b6f15162347a892506ce637839ac83ac6c23001dc5b2292afd652e0804bd327a7536d5f1b92412697c3be335a03133d5fe17

Download Submit
C:\Users\Admin\AppData\Local\Icecream\Icecream Ebook Reader\settings.ini

Filesize
403B

MD5
265ab7d440815e0d384b7563fcfd9938

SHA1
c9b54cb88f9c806699e626f8a094d4f44bf0c5a9

SHA256
30cc44dc943058b9ffe146e32121ad9ba6c8804af029349d4ccf28a7de4b0c09

SHA512
75443a0981b82d71d17e8f30e9a997b3c182268d8b2892940d29348a45904793f049afaa0b9280695d7e671be8a561bdb96314d6fae9f002139df28ecdb082f9

Download Submit
C:\Users\Admin\AppData\Local\Icecream\Icecream Ebook Reader\settings.ini.lock

Filesize
66B

MD5
2282e7431cd63d56e75f386d62c502de

SHA1
c8ab09128d59ec453426184cfaf94cda7e4603d6

SHA256
650db8b782094cafc8f095582f3db71c69a51f9582af0c9b0a53f71fa64b9ac5

SHA512
432132596717c31c5a529c9a1a8500f924cb52e5874a2eb8c5c9a615e4e70018c8d64522c39e009122d1b5dbde4d04108694756cb58e06342f0fe1e44a181495

Download Submit
\Program Files (x86)\Icecream Ebook Reader 6\Qt5QmlModels.dll

Filesize
346KB

MD5
79e69e554959ab37cb0e8fc4705ce433

SHA1
6c4dea87c4db36256eb8301676e0e7fe9704ca4f

SHA256
d342fcb7fce02c2d2d1030392d1bba4f20b5c53c8aebd779b4ae14440b90ee07

SHA512
d67d896e3bd19f5e8d29502a1422beff9a7b401f46aa00878f3aec56fddba0bc427dc650af926075d352e1b8b662b4dfe4177999c6d33abe61b85ccbad65e19c

Download Submit
\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-file-l1-2-0.dll

Filesize
10KB

MD5
7d64aefb7e8b31292da55c6e12808cdb

SHA1
568c2a19a33bb18a3c6e19c670945630b9687d50

SHA256
62a4810420d997c7fdd9e86a42917a44b78fb367a9d3c0a204e44b3ff05de6d4

SHA512
68479da21f3a2246d60db8afd2ae3383a430c61458089179c35df3e25ca1a15eba86a2a473e661c1364613baa93dcb38652443eb5c5d484b571ab30728598f9b

Download Submit
\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-file-l2-1-0.dll

Filesize
10KB

MD5
dcd09014f2b8041e89270fecd2c078b2

SHA1
b9f08affdd9ff5622c16561e6a6e6120a786e315

SHA256
6572965fd3909af60310db1e00c8820b2deef4864612e757d3babab896f59ed7

SHA512
ef2ac73100184e6d80e03ce5aa089dbddb9e2a52adf878c34b7683274f879dcf2b066491cfc666f26453acbd44543d9741f36369015bd5d07e36b49d435751f6

Download Submit
\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
3979437d6817cdf82da474c8a1eefb0d

SHA1
5e96fe40993acbc7c2e9a104d51a728950ad872e

SHA256
3dd2e16b6f135cdd45bce4065f6493540ebbaf2f7f1553085a2442ea2cf80a10

SHA512
4f64c6d232fdae3e7e583cb1aa39878abbfbbc9466108b97a5dce089c35eb30af502b5b212b043c27c1b12b23c165bd2b559060c43d9e2efcdda777b34f0066b

Download Submit
\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
4da67feefeb86b58a20b3482b93285b3

SHA1
6cd7f344d7ca70cf983caddb88ff6baa40385ef1

SHA256
3a5d176b1f2c97bca7d4e7a52590b84b726796191ae892d38ad757fd595f414d

SHA512
b9f420d30143cf3f5c919fa454616765602f27c678787d34f502943567e3e5dfb068fec8190fea6fa8db70153ed620eb4fe5dc3092f9b35b7d46b00cc238e3ba

Download Submit
\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
c250b2e4ff04d22306bf8ce286afd158

SHA1
e5c60b7892ff64cbff02d551f9dbf25218c8195b

SHA256
42367b6b7285bddc185c0badefe49e883646f574b1d7d832c226f2d1ce489c5b

SHA512
a78c4ddf98330698c9da8d1d2c7c3176f22dfabf0900008cff1f294f56a2a14b52becd09ba37a065d544f58617911b3f5850614b5aabd0ec7daf236f29c9b10b

Download Submit
\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
3339350008a663975ba4953018c38673

SHA1
78614a1aad7fc83d6999dcc0f467b43693be3d47

SHA256
4f77abb5c5014769f907a194fd2e43b3c977df1fb87f8c98dd15a7b950d1e092

SHA512
a303fd57dd59f478a8d6c66785768886509625a2baf8bf2b357bb249fc93f193ac8c5c2c9193e53738805700e49b941bf741d6c4850a43f29a82424ccdda191b

Download Submit
\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-convert-l1-1-0.dll

Filesize
14KB

MD5
392b572dc6275d079270ad8e751a2433

SHA1
8347bba17ed3e7d5c2491f2177af3f35881e4420

SHA256
347ceeb26c97124fb49add1e773e24883e84bf9e23204291066855cd0baea173

SHA512
dbdbd159b428d177c5f5b57620da18a509350707881fb5040ac10faf2228c2ccfd6126ea062c5dd4d13998624a4f5745ed947118e8a1220190fdb93b6a3c20b7

Download Submit
\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
12KB

MD5
1747189e90f6d3677c27dc77382699d8

SHA1
17e07200fc40914e9aa5cbfc9987117b4dc8db02

SHA256
6cc23b34f63ba8861742c207f0020f7b89530d6cdd8469c567246a5879d62b82

SHA512
d2cc7223819b9109b7ce2475dfb2a58da78d0d3d606b05b6f24895d2f05fb1b83ee4c1d7a863f3c3488f5d1b014cd5b429070577bd53d00bb1e0a0a9b958f0b1

Download Submit
\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-heap-l1-1-0.dll

Filesize
11KB

MD5
1bcb55590ab80c2c78f8ce71eadeb3dc

SHA1
8625e6ed37c1a5678c3b4713801599f792dc1367

SHA256
a3f13fa93131a17e05ad0c4253c34b4db30d15eae2b43c9d7ec56fdc6709d371

SHA512
d80374ec9b17692b157031f771c6c86dc52247c3298594a936067473528bbb511be4e033203144bbf2ec2acfd7e3e935f898c945eb864dcf8b43ae48e3754439

Download Submit
\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-math-l1-1-0.dll

Filesize
21KB

MD5
f4e9937296ec528938a3c28a48687f5c

SHA1
961390a2c5e08336857c8a39b254b2bfe3d8bdc6

SHA256
190a2cc8c8e47fcd4d07b4e260e247fb3b5fb4661aa50f7b05158cd062d80762

SHA512
00ccf9326e593236f57c39ffcd3ab1a77c54755c5f938207ad548d64d60a7468ea21f6e340d385e6576bb049bca1dd318da572c5808c353dda1c4629fd99bc42

Download Submit
\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
047c779f39ebb4f57020cd5b6fb2d083

SHA1
440077fc83d1c756fe24f9fb5eae67c5e4abd709

SHA256
078d2551f53ca55715f5c6a045de1260ce331b97fd6d047f8455e06d97ef88dc

SHA512
95a57d79c47d11f43796aea8fd1183d3db9448dee60530144b64a2dd3cd863f5b413356076c26101d96dd007ebf8aff9e23cf721ba4e03d932c333b8e5536b73

Download Submit
\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
16KB

MD5
10e9dfc88bf784847e7b9aab82e28d0c

SHA1
cb750cf87d561ca32f5860854da374dae6c9f2ad

SHA256
e6bab87156c9e7ae14ce36a754eb6891891a22ddfff584b706538152017fbb0f

SHA512
29c2edb44cada75ee8ccae1b55a405c8282c937450913196d54b6da1a1e121451c6e14a92a200574984961fa8c649d8a40caf58ea50a33d42a7dfae4439091c2

Download Submit
\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
1f1d50aa4553e77f6b90ae13bd56a95c

SHA1
cf421a298f485c2a000791e1840ededeea19bad0

SHA256
d343529d2a49cbb89d644deafce573b873ab45e0bf57e2d906b2f2a964d7bd9a

SHA512
a08bdcc2883066a8bdb9336eec5c7f8593202c367ce75a7d7390ed4c6e0e1dbe80b7afadeee78f12ac0386d70ac360af12bf0ff3285acda0425789038951f180

Download Submit
\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-time-l1-1-0.dll

Filesize
13KB

MD5
fa5327c2a3d284385d8dc3d65935604b

SHA1
a878b7cdf4ad027422e0e2182dad694ed436e949

SHA256
704ad27cab084be488b5757395ad5129e28f57a7c6680976af0f096b3d536e66

SHA512
473ff715f73839b766b5f28555a861d03b009c6b26c225bc104f4aab4e4ea766803f38000b444d4d433ff9ea68a3f940e66792bae1826781342f475860973816

Download Submit
\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-utility-l1-1-0.dll

Filesize
11KB

MD5
cefab9071ec289d88bb312816e62ca82

SHA1
bd95bd97332ea21506171924acde4f4248a2ee6a

SHA256
340ced80fbcfca804925ff680da1929f68b95959fd7e4d0c9f67322bb5fe2155

SHA512
03c4b2b155392dc02370994d28b78d18c38ccbb0c594866ae31db54111f0f18e264e1378acde0f2638e19871d7e3df7ca3365ad63c0de689c331f6e5b14e3582

Download Submit
\Program Files (x86)\Icecream Ebook Reader 6\icebookreader.exe

Filesize
3.2MB

MD5
50389adcd9954df3f6a3344a831b40bf

SHA1
e47c9f5fc18f77a4946646dd49c04b01c6f3c14d

SHA256
2485e88ddfd26c74791807d19e32dd14cf27e30ba00c739b973d7374b0a9e52c

SHA512
6721e0821c757a2febfe18c08afe111d24eec6ed80652f9fe267d6f0d70f7c971f9573ce5bffec7ffcfde8aedb7d95eb785e4cebf7a91c9eca2194c433b2c74d

Download Submit
\Program Files (x86)\Icecream Ebook Reader 6\msvcp140.dll

Filesize
426KB

MD5
0a0042fe544c91cd57bc2f7ef40bb974

SHA1
8bf31f44ba3e47b8b186c3d8cc219a4d2f67da63

SHA256
4190f0a1306257ced4975448794e1d42be312e334ffccfb4910a4a39cde9df57

SHA512
c4c56c06cd40213ebdcead6a256510b44beefc3a18d7f84efebcd05bac7bb1b942f97b7f7798420ca8ff0c1592f32301d751554fb63125b4703feadfced2f6be

Download Submit
\Program Files (x86)\Icecream Ebook Reader 6\unrar.dll

Filesize
214KB

MD5
570e94acbc5e43e7a3c217148291be4c

SHA1
684e6dc1669cc5772ea46493c17d8010554cb3d9

SHA256
cfc782faffc6fa3b602e97d2ea0d00e20873e10cc9b46160bff7ce1b5f738c0f

SHA512
fb271860d7978d2cc59d2f1ca618a27248278837317d87c032469f8561a221314b9388b61dd2942bc916c388ba74cecb4517040bf3da898be2f85cf7adc45afe

Download Submit
\Users\Admin\AppData\Local\Temp\is-HG0PA.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-HG0PA.tmp\b2p.dll

Filesize
22KB

MD5
ab35386487b343e3e82dbd2671ff9dab

SHA1
03591d07aea3309b631a7d3a6e20a92653e199b8

SHA256
c3729545522fcff70db61046c0efd962df047d40e3b5ccd2272866540fc872b2

SHA512
b67d7384c769b2b1fdd3363fc3b47d300c2ea4d37334acfd774cf29169c0a504ba813dc3ecbda5b71a3f924110a77a363906b16a87b4b1432748557567d1cf09

Download Submit
\Users\Admin\AppData\Local\Temp\is-HG0PA.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
\Users\Admin\AppData\Local\Temp\is-HG0PA.tmp\iswin7logo.dll

Filesize
39KB

MD5
1ea948aad25ddd347d9b80bef6df9779

SHA1
0be971e67a6c3b1297e572d97c14f74b05dafed3

SHA256
30eb67bdd71d3a359819a72990029269672d52f597a2d1084d838caae91a6488

SHA512
f2cc5dce9754622f5a40c1ca20b4f00ac01197b8401fd4bd888bfdd296a43ca91a3ca261d0e9e01ee51591666d2852e34cee80badadcb77511b8a7ae72630545

Download Submit
\Users\Admin\AppData\Local\Temp\is-KR8I4.tmp\Icecream.Ebook.Reader.6.42.tmp

Filesize
922KB

MD5
110a077628746e4edc5d9d028b5458f2

SHA1
026f0f44dbd3df6e9853be568584c68f7e98d92b

SHA256
43be232a97a83c28b9fa7d311374d4f1163e7a1c2ea24a8cd32085ac5337d6d4

SHA512
d56177777f537a170317a49408d0772162484d85accf5a80688a6af77b6c7a94c5fd1d460ee76dabde61d48d726d3f932b523350c4ef4f0b0e7e0235dd7980a9

Download Submit
memory/1204-483-0x0000000000490000-0x000000000049A000-memory.dmp

Filesize
40KB

Download
memory/1204-488-0x00000000007C0000-0x000000000081C000-memory.dmp

Filesize
368KB

Download
memory/1204-486-0x00000000007C0000-0x000000000081C000-memory.dmp

Filesize
368KB

Download
memory/1204-487-0x00000000007C0000-0x000000000081C000-memory.dmp

Filesize
368KB

Download
memory/1204-482-0x0000000000490000-0x000000000049A000-memory.dmp

Filesize
40KB

Download
memory/1204-491-0x0000000001F60000-0x0000000001F8A000-memory.dmp

Filesize
168KB

Download
memory/1204-492-0x0000000001F60000-0x0000000001F8A000-memory.dmp

Filesize
168KB

Download
memory/1204-485-0x0000000000490000-0x000000000049A000-memory.dmp

Filesize
40KB

Download
memory/1204-484-0x0000000000490000-0x000000000049A000-memory.dmp

Filesize
40KB

Download
memory/2524-48-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2524-1-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2524-397-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2688-445-0x00000000005E0000-0x00000000005F0000-memory.dmp

Filesize
64KB

Download
memory/2688-489-0x00000000005E0000-0x00000000005F0000-memory.dmp

Filesize
64KB

Download
memory/2688-447-0x0000000000670000-0x000000000067A000-memory.dmp

Filesize
40KB

Download
memory/2688-446-0x0000000000670000-0x000000000067A000-memory.dmp

Filesize
40KB

Download
memory/2688-466-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/2688-494-0x0000000000670000-0x000000000067A000-memory.dmp

Filesize
40KB

Download
memory/2688-493-0x0000000000670000-0x000000000067A000-memory.dmp

Filesize
40KB

Download
memory/2968-182-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2968-51-0x00000000747A0000-0x00000000747B1000-memory.dmp

Filesize
68KB

Download
memory/2968-49-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2968-44-0x00000000006D0000-0x00000000006D2000-memory.dmp

Filesize
8KB

Download
memory/2968-43-0x00000000747A0000-0x00000000747B1000-memory.dmp

Filesize
68KB

Download
memory/2968-41-0x00000000008F0000-0x00000000008FF000-memory.dmp

Filesize
60KB

Download
memory/2968-52-0x00000000008F0000-0x00000000008FF000-memory.dmp

Filesize
60KB

Download
memory/2968-21-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2968-20-0x00000000749B0000-0x00000000749CB000-memory.dmp

Filesize
108KB

Download
memory/2968-50-0x00000000749B0000-0x00000000749CB000-memory.dmp

Filesize
108KB

Download
memory/2968-396-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2968-11-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download