3deac60bcee2553037d0f1f06ae2f54b0e8affbded1945103f52e767451b6987

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
22/04/2024, 05:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Icecream.Ebook.Reader.6.42.exe
Size

29.9MB
MD5

f90a896fdd0d372765f89c555fd286c4
SHA1

fb4b58bed3b58bbbbfde076db19a3566ea219313
SHA256

3deac60bcee2553037d0f1f06ae2f54b0e8affbded1945103f52e767451b6987
SHA512

181ca289ff9d6250d70dbf9daf86877bf964a3d7593f8849715f85a2d11a44eff1c5f735617d8cfa16e901f78f2d6c7db116cf70498bf11ec370673b50306c36
SSDEEP

393216:tG+iYL1uLvfZHPD4dlgepR2UpoU1SyTzYIrDyI5SYpyuOl1mMCQiiIV+Oh2loKj5:t0vBvMdlgelAyHYWvwYsukrQiwhWo4n

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4048	Icecream.Ebook.Reader.6.42.tmp
2276	icebookreader.exe

Loads dropped DLL 51 IoCs

pid	Process
4048	Icecream.Ebook.Reader.6.42.tmp
4048	Icecream.Ebook.Reader.6.42.tmp
4048	Icecream.Ebook.Reader.6.42.tmp
4048	Icecream.Ebook.Reader.6.42.tmp
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	icebookreader.exe

Drops file in System32 directory 9 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF	dxdiag.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-G2J0B.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-GU5QG.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\imageformats\is-4QAAU.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-utility-l1-1-0.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\DebenuPDFLibraryDLL1016.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-M4TR5.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-HT3HM.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-G8IN9.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-3FF8C.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-locale-l1-1-0.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5TextToSpeech.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-P1H05.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-J6PDA.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-4M74Q.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-PC39V.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-file-l2-1-0.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\unrar.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-0CVK2.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\iconengines\is-1V0BG.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\imageformats\is-DVE92.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-RH1VG.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\libxml2.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5WebSockets.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\vccorlib140.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-UOQ8U.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-AOM52.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-CMI8P.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-ULE7B.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-M8SUR.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-EP4H5.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-OTJEP.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5PrintSupport.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\libssl-1_1.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Svg.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-string-l1-1-0.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\imageformats\qgif.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-ON7S9.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-RA2AJ.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-DV1L5.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\platforms\qwindows.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-ETMB0.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-PE2BS.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-AV0IU.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-K2R5C.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-synch-l1-1-0.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Network.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-process-l1-1-0.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-4717M.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-P73JG.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Quick.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-SRBN7.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-E6CII.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-31REB.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Positioning.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-8F2IU.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-HOFFD.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-U4M91.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\is-UEGJC.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-AKVP1.tmp	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-2EULP.tmp	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\unins000.dat	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-filesystem-l1-1-0.dll	Icecream.Ebook.Reader.6.42.tmp
File opened for modification	C:\Program Files (x86)\Icecream Ebook Reader 6\texttospeech\qtexttospeech_sapi.dll	Icecream.Ebook.Reader.6.42.tmp
File created	C:\Program Files (x86)\Icecream Ebook Reader 6\printsupport\is-23RMB.tmp	Icecream.Ebook.Reader.6.42.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dxdiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dxdiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dxdiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	dxdiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	dxdiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dxdiag.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\EPUB\DefaultIcon	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2\DefaultIcon	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mobi\ = "IcecreamEbookReader\\MOBI"	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.fb2	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\EPUB\shell	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\MOBI	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\MOBI\DefaultIcon\ = "C:\\Program Files (x86)\\Icecream Ebook Reader 6\\mobi.ico"	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\MOBI\shell\open\command	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ = "DxDiagClassObject Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mobi	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2\DefaultIcon\ = "C:\\Program Files (x86)\\Icecream Ebook Reader 6\\fb2.ico"	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2\shell	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cbr	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\EPUB\shell\open\command\ = "\"C:\\Program Files (x86)\\Icecream Ebook Reader 6\\icebookreader.exe\" \"%1\""	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\SysWOW64\\dxdiagn.dll"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.epub\OpenWithList\a = "\"C:\\Program Files (x86)\\Icecream Ebook Reader 6\\icebookreader.exe\" \"%1\""	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBR\shell\open\command\ = "\"C:\\Program Files (x86)\\Icecream Ebook Reader 6\\icebookreader.exe\" \"%1\""	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBR\DefaultIcon	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBR\shell\open	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer	dxdiag.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1132431369-515282257-1998160155-1000\{2965E9EE-CE18-4483-A121-7E6467072589}	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\MOBI\shell\open\command\ = "\"C:\\Program Files (x86)\\Icecream Ebook Reader 6\\icebookreader.exe\" \"%1\""	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2\shell\open	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBZ\shell\open\command	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove\ = "Programmable"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\EPUB\shell\open\command	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBZ\DefaultIcon\ = "C:\\Program Files (x86)\\Icecream Ebook Reader 6\\cbz.ico"	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2\shell\open\command\ = "\"C:\\Program Files (x86)\\Icecream Ebook Reader 6\\icebookreader.exe\" \"%1\""	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBR\shell	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBZ\DefaultIcon	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBZ	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.epub\OpenWithList	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2\shell\open\command	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBZ\shell	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.epub\ = "IcecreamEbookReader\\EPUB"	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.fb2\ = "IcecreamEbookReader\\FB2"	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Windows	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\EPUB\DefaultIcon\ = "C:\\Program Files (x86)\\Icecream Ebook Reader 6\\epub.ico"	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.epub\OpenWithList	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cbr\ = "IcecreamEbookReader\\CBR"	Icecream.Ebook.Reader.6.42.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cbz\ = "IcecreamEbookReader\\CBZ"	Icecream.Ebook.Reader.6.42.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.epub	Icecream.Ebook.Reader.6.42.tmp

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2276	icebookreader.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4048	Icecream.Ebook.Reader.6.42.tmp
4048	Icecream.Ebook.Reader.6.42.tmp
4048	Icecream.Ebook.Reader.6.42.tmp
4048	Icecream.Ebook.Reader.6.42.tmp
4048	Icecream.Ebook.Reader.6.42.tmp
4048	Icecream.Ebook.Reader.6.42.tmp
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2276	icebookreader.exe
2760	dxdiag.exe
2760	dxdiag.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2276	icebookreader.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4048	Icecream.Ebook.Reader.6.42.tmp

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2276	icebookreader.exe
2276	icebookreader.exe
2760	dxdiag.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4464 wrote to memory of 4048	4464	Icecream.Ebook.Reader.6.42.exe	86
PID 4464 wrote to memory of 4048	4464	Icecream.Ebook.Reader.6.42.exe	86
PID 4464 wrote to memory of 4048	4464	Icecream.Ebook.Reader.6.42.exe	86
PID 4048 wrote to memory of 2276	4048	Icecream.Ebook.Reader.6.42.tmp	107
PID 4048 wrote to memory of 2276	4048	Icecream.Ebook.Reader.6.42.tmp	107
PID 4048 wrote to memory of 2276	4048	Icecream.Ebook.Reader.6.42.tmp	107
PID 2276 wrote to memory of 2760	2276	icebookreader.exe	108
PID 2276 wrote to memory of 2760	2276	icebookreader.exe	108
PID 2276 wrote to memory of 2760	2276	icebookreader.exe	108

C:\Users\Admin\AppData\Local\Temp\Icecream.Ebook.Reader.6.42.exe
"C:\Users\Admin\AppData\Local\Temp\Icecream.Ebook.Reader.6.42.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4464
- C:\Users\Admin\AppData\Local\Temp\is-PEBJE.tmp\Icecream.Ebook.Reader.6.42.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-PEBJE.tmp\Icecream.Ebook.Reader.6.42.tmp" /SL5="$C0050,31006947,76288,C:\Users\Admin\AppData\Local\Temp\Icecream.Ebook.Reader.6.42.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4048
- - C:\Program Files (x86)\Icecream Ebook Reader 6\icebookreader.exe
    "C:\Program Files (x86)\Icecream Ebook Reader 6\icebookreader.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Writes to the Master Boot Record (MBR)
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2276
  - - C:\Windows\SysWOW64\dxdiag.exe
      dxdiag.exe /whql:off /t C:/Users/Admin/.Icecream Ebook Reader/log/dxdiag.txt
      4⤵
      Drops file in System32 directory
      Checks SCSI registry key(s)
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:2760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Icecream Ebook Reader 6\CrashRpt1403.dll

Filesize
114KB

MD5
f2ef7710d8e0e0ed8eef00c9c6b29d2b

SHA1
1e3a59ab59f2aa31d1388290473a9e04bb5bc0ab

SHA256
b18ea19fa694e591a3d86f8c071b00326eb3c01067c2c989b9af07d9fa5e7e17

SHA512
c47f779db495b09344cb8fd1c6068d99d8ce08bfeb2ac67aff0d3c5de638cff8d4a1904de2d3ead6861fd95277bc5af71853b85e29a02b6e676c75c2f0d67738

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Core.dll

Filesize
5.1MB

MD5
316fb94da47eac5933f3007a8cca4356

SHA1
4c17a1a8e21940066bcbb5a0f09f6da9c26039da

SHA256
0ded0e1cdb33b58ccb8fa20837ebfa9d17a9737bceb078d0d16f3ef4ac349c5d

SHA512
b791a9dc14cb852344d33a7f0dfa5c3c7ac54e50b888024e6795a9ff5372b8554e464c9af9280289652981b58723c9e4bc72c514d3c346cd020998f67ab84d95

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Gui.dll

Filesize
5.7MB

MD5
253c8b17a1476dc182c31b75e98b6a0e

SHA1
49a511a017ee77ffac72af8b007c67c9f6637d53

SHA256
55b26b1236a79a6985dc9b6114dd227f5dff06d6932223dda02d9ed95968b779

SHA512
a5110fdb18da6d87641b0299ea947f149030b61779ebeea300f75a555f3f2ab61bfa79204593d3a84f2be41945a3e82472002f876a3bac845badab871897754c

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Network.dll

Filesize
1.0MB

MD5
0fd8ad9b5fe25811e9fa9125e791e083

SHA1
680fda9f8b4ebee870c5dea0e9dfee0a918e4e5e

SHA256
c9a7571426bb7d0f0939dc4d39d22329373fbd0320708ec6b99c0f516ff77d78

SHA512
60899b2fd00d7ac3b34639891664f2f280fd32af1b0adb2ded09db87336243bcdcd731f8d30cffa665a2bceac83771622e755edaa8ddf5889539b66abb842e8e

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Positioning.dll

Filesize
258KB

MD5
6911493cef8fc007b52c7114c8d81a87

SHA1
fcb2fb3da92f6a6d53a8c0be4020ed93bc0bfcab

SHA256
bd6b389bc83057cc1bcaad133764beffa1a0f7807db30bc4e84954098f0266d8

SHA512
7a18ced35256f702d8d747ec87fe7d5b6294e52c6b75c210da77c46ffbefb46b02f049809e91a93065f4d1384c521e3aa9f4e16ecd1a6f518e4aecf9da080db8

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5PrintSupport.dll

Filesize
260KB

MD5
20705d94dc737decf70a97e17708fd66

SHA1
51c1b926b78a6005f552991503ea48d3c109a6a5

SHA256
b39d58dee6c977ea0313a02f3345059ff2374cb46e1d7697782811c2968c4318

SHA512
b40996b07a5e3bb26fed129e8de0c90542639ad8916b174dcbaabbbcfb50a4bbcfee2dd3376bf38fe738db2b969e1f443c6c73d104c297c35995d37409ccf2a7

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Qml.dll

Filesize
3.0MB

MD5
87dc31a3eb405ec971cfa69f866b7825

SHA1
982f9234f170c73ada14bffe76c853f0922d225a

SHA256
f30c44664f0d68d5cebb6dcea5221bf221936c50702ed51ca5fd523dab69f21c

SHA512
23e18bfd76361356dd6d23be93e971d1bd6d095c6a43b4cc8471f93f347c835b44511e2fcad4886b1f7e9ede25b12758105e34d593d06513d18ff915eead79ef

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Quick.dll

Filesize
3.4MB

MD5
3311bebf5a6860b6814e94f69be88c3a

SHA1
b7c292b795dbb02dfed3bbff1ff93e5532e8614c

SHA256
e867aa5bfa6a121add73cf0bfb363894e4824e19b2418fe95fcec8d09563cbb7

SHA512
f1eecd413a1a9ccfa3210d5c8e9488fb2bfe1ddf9324e553f5251fdb50250c1f552671e5b1fc69e66fb04788dc53709b2201e6744051f0be4ab610783ea35609

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Sensors.dll

Filesize
161KB

MD5
0073dcae08f79f847f7d60274db936fe

SHA1
eebb65b67fd0fdcd00de44477de39af7bb5677fd

SHA256
9353c7da672de8b2cc44d9933f8c9f8b607e39a2e06ce9b447f705662c659b98

SHA512
ef7b17cbdaae4af1c7a087d6b22dfdd2d8c742cc6c1b2c0790d8d19efcfed385f61766517664b413592adf1acbf67f4a7dbaa5f094ac129e4a9ca11e9cf456ac

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Sql.dll

Filesize
158KB

MD5
bf1770cf9f2d29290f54ff0abc68323c

SHA1
d29de6604928d910565ae373e3ca0730418a27ca

SHA256
9b89fc8d38ad1db70b7345a926b86f2ba60f78de27e2ccfbb47d366f270935bc

SHA512
7b42504a00c828d5f24f94c789f16e16314c85150ba711bf8c888f64437b30b0139a61ab8b56720684e09c7fa53b600a6b50bfe70d2801fbf3359140115a04c4

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Svg.dll

Filesize
258KB

MD5
2974485e58533b9bfc4061e11c0174c7

SHA1
9a8e9cdec284b865c76cca129e7bd44885babb55

SHA256
cd1950f423381e5654eb92e5a77ee19aa6e0212fc3729d5710a9edf57746c2b0

SHA512
ce0ef433d7e8d52ec513725327a7a8dcacae831704ccd4f2b9b243431a408de40abfa846d0bbdbbbdf70b6294439392bd8f4723d465e324a4bbf272727e5b43d

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5TextToSpeech.dll

Filesize
40KB

MD5
5faba98038b2e8a537ce82b998bd0169

SHA1
7ea576957f168dc66a559ca0c9a01ef8d194e3e2

SHA256
f5fc10d2e2dbd1fb732609a6ee9b99c153234553037b1cbb091c38f71f144a1f

SHA512
3d1d7c9db17f74cd4d83a8d7389654ca50febb0713fbe131c69c31f8b09f73135fdc8f10874c440804993b3c40c81d4588f4bbb302b0ffb1527437f1b7e4896d

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5WebChannel.dll

Filesize
107KB

MD5
5fb8fc6c2a14ac0e5b12a6fb5f9abd06

SHA1
b95ac986902bf5e0409bd4b9900217d48ec34e08

SHA256
ea1691ddc3565e753fe1b2a3577399d8db799905aa6b0b972e4f4cb3841e3b90

SHA512
d196fdefbdfe2b7511ce039f91aa8eb99821118041ba5f3b01425696b88c17f9f7a1b2e94d991f956f98625a4f64306f15b1e24dc798aacbe91f67231a4e1a9d

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5WebKit.dll

Filesize
27.8MB

MD5
3520fc87f8db27e2297361ae81e9e2a9

SHA1
312cfed9e2f0c0fe75c26d3f6d2ca529c5d20b47

SHA256
3b4739a0436d40e0132a62b9401c188bce17411bb85fd976cad6746e63ba78c1

SHA512
8cf34981c98a59b6e812e64c1ec1ca9a23aec7929d28a4b47f4c2b016f6a4e155c2388c10b41174f6f33658b1eb90765083137884fecf4cb0c7bba0f73daca60

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5WebKitWidgets.dll

Filesize
195KB

MD5
7d8cdd7c6ac810634e41ff8bdf606575

SHA1
47ada814be34fe077695c98c6a5bfd69f065a519

SHA256
44275685aa3cb0775ebfcd461eea1a3e4c10a486d623c394a1ac9b041f67a2ee

SHA512
8f7dca67db875f374d29f57e46feba02e30b672be1fcc47b039712034862cbc8158e34d71d59732e59965501eb89ad0fec568e3663aac63953566a8b3354f24e

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Widgets.dll

Filesize
4.3MB

MD5
fe4e5ed83642e0dd84bb41450d020af6

SHA1
275601e50eecb6c7e19d9dd4ddbe6e23faa92650

SHA256
baa679fbb6b375ea4f9a2c536e8cc750cdf25946379dced876d2a855ddaa838c

SHA512
b29e60ff24684a969b61357aadc3d8a5614521cc77fe52016f886fd8b40f13f2b8f8b34cd9888d3c972642a06a6b94c29a193d7ab09a8285277f414df96f5d18

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5WinExtras.dll

Filesize
423KB

MD5
e368a66ad5114adf1f43790ab728ced2

SHA1
c6e86f5b71d628b2556249cc96fdc2884b833143

SHA256
5cca88f525e8b371eb579da114c26f1ec570157a95eb83a6cc38ea888ff400ea

SHA512
d801024c78f986b00cd16e94903057b4d41b72e0c04497a50e70c7cc65f9da54c347b46d234c26894d9fc7de6574d5086d2b2e97e66df0ad1f958438a109bfaf

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Xml.dll

Filesize
169KB

MD5
1e5850c7b35b8ce5ead7ae46428c9786

SHA1
f6c554161b66c30b2b28b1f3835d550f7d2b7d76

SHA256
e2abf4aa16bcdc23aacd93c383a5ad27d1c83d54a5af9a89f2fb2f8ba4da6755

SHA512
a9ccfc6cf49e4418775a5d4f5e8e8a73e1c950fb64dbb62a09077263d1b2f21f07411295070e1c6259a4e62df5883418c0e39b1d3aa23ce0497e47899c7de21c

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\VCRUNTIME140.dll

Filesize
74KB

MD5
afa8fb684eded0d4ca6aa03aebea446f

SHA1
98bbb8543d4b3fbecebb952037adb0f9869a63a5

SHA256
44de8d0dc9994bff357344c44f12e8bfff8150442f7ca313298b98e6c23a588e

SHA512
6669eec07269002c881467d4f4af82e5510928ea32ce79a7b1f51a71ba9567e8d99605c5bc86f940a7b70231d70638aeb2f6c2397ef197bd4c28f5e9fad40312

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\icebookreader.exe

Filesize
3.2MB

MD5
50389adcd9954df3f6a3344a831b40bf

SHA1
e47c9f5fc18f77a4946646dd49c04b01c6f3c14d

SHA256
2485e88ddfd26c74791807d19e32dd14cf27e30ba00c739b973d7374b0a9e52c

SHA512
6721e0821c757a2febfe18c08afe111d24eec6ed80652f9fe267d6f0d70f7c971f9573ce5bffec7ffcfde8aedb7d95eb785e4cebf7a91c9eca2194c433b2c74d

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\icuin65.dll

Filesize
2.0MB

MD5
c4f481ea245c8a473326ce875525dedf

SHA1
5c3f4b12b911df8df19030b87caf87bcaffcddeb

SHA256
a1453a8e217f21c79aaff7f3ff355adeb8c548bda3fbc1cf11a2cb27a5c7d736

SHA512
68e98f878a5b5848f8f02218923bde1f94cf8b13e9741188a627600e11044c87cc72586b22edc7f810a6ba10208aa2749d6f8145acdd7a6298c7d0a125a5c5d5

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\icuuc65.dll

Filesize
1.3MB

MD5
192d416edc508178b9f6b5e716772d9f

SHA1
7c9451f1f9b672ffb913934392d36a00dbd5e68e

SHA256
2f80a6a7402504efcc758042226fc01f915914d6584c5210e5d3ff6f4a960782

SHA512
98c0426b82d0147605d61495f3cb4fb6b4eda3990e01afafddb89092ec965cd03bb689a875b303bf835096df5513b0eac6fa751758e3022bbfbefb25dbfee7a0

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\libcurl.dll

Filesize
442KB

MD5
8a7fc677209284bf28a8c15086521000

SHA1
a7b42c8a0731c73ec3da57bd3c5689bcda78a093

SHA256
4c6c93a1a599201d27371d1ecbb33fd6342be9e826febc71e8a92f1253fdc62b

SHA512
68bd451803fc932da741677351e63bbfa44abfb84091fbd4ee18c23d84175fb5427c5ee642019d1e31540d1271ac3ffca546007b4cf8d92a05241f3e5b738688

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\libxml2.dll

Filesize
987KB

MD5
ce390613f9ebb02f42111dc2185eaf46

SHA1
f47941e1b7b748af9561387c77122364c109e2ad

SHA256
4c9a0c1ac3cf3d5bad8e82b2f9445851c93a835c841d4a6949f1c7b9495a66ab

SHA512
86577445bdefe54cec03044ff87a161c82ad5cbbd16c37a65921a35698ffe7c9df9f8e2b5552386148dbcd843bd11e4c6286f0540a1b75b370e1ee0c839f9d24

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\libxslt.dll

Filesize
163KB

MD5
d11392645997cc9ce5896fb861f5d6ca

SHA1
0c5c5547d86f43a0c0a511cb6f5ef1de6a68cfaa

SHA256
43b827fe410f275ce0ebcb8e0f59fec438b14d726ff720d86c025ae0d0c6e0fc

SHA512
c718389c3737f0b6657dc472837724a04da43c2a90fe41e5c3235cac5f668168404953f2a637a335fbec5af00b342e6239f9eb16cc942e65c9ffb786d5e44b63

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\msvcp140.dll

Filesize
426KB

MD5
0a0042fe544c91cd57bc2f7ef40bb974

SHA1
8bf31f44ba3e47b8b186c3d8cc219a4d2f67da63

SHA256
4190f0a1306257ced4975448794e1d42be312e334ffccfb4910a4a39cde9df57

SHA512
c4c56c06cd40213ebdcead6a256510b44beefc3a18d7f84efebcd05bac7bb1b942f97b7f7798420ca8ff0c1592f32301d751554fb63125b4703feadfced2f6be

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\msvcp140_1.dll

Filesize
20KB

MD5
4b30f6c86cf6932f2297ffc5e64d2bfb

SHA1
e16f032af4d319002a0db8514d97c1ca23fef42f

SHA256
f92ec09eb6b666e42cd52ef912f298fb79c264ef3272735f69f99684b88585df

SHA512
9c1cca4ec49e40a955284be42bf38a3a9a1264aa04d69fc2bbfc6cb9ef2c32bf99b496740629b283eaa944d8b8166ce755443656640f5c65f98924940d295588

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\quazip.dll

Filesize
148KB

MD5
bb42a0b842a061bfff3a22123dad2d38

SHA1
a8a167e26cbdf6b221d77d3b35a85be3221383d3

SHA256
dc4c39a6a4fd6f113b6d7f5c5971d8d964c0b3fd1cb18764db79ca86a5ed39a8

SHA512
b45f4711551b825009fff1e5a7d45f41aff4f8c888f32b68e8f42c1a8fcc4bf18c7b968a1a8ce5635c197a884ac2331dfdcd53d757540fb2a5d3bb4c52504e87

Download Submit
C:\Program Files (x86)\Icecream Ebook Reader 6\unrar.dll

Filesize
214KB

MD5
570e94acbc5e43e7a3c217148291be4c

SHA1
684e6dc1669cc5772ea46493c17d8010554cb3d9

SHA256
cfc782faffc6fa3b602e97d2ea0d00e20873e10cc9b46160bff7ce1b5f738c0f

SHA512
fb271860d7978d2cc59d2f1ca618a27248278837317d87c032469f8561a221314b9388b61dd2942bc916c388ba74cecb4517040bf3da898be2f85cf7adc45afe

Download Submit
C:\Users\Admin\AppData\Local\Icecream\Icecream Ebook Reader\settings.ini.XYIpyz

Filesize
426B

MD5
a9cfc09a2142005afea5acf1d6cf91b5

SHA1
98b85e4cc18c5067541e03957b4129d597413bb0

SHA256
c6773ac8a4570c7268ce4acda270d0cfe93b773dbae858f16e9bef55f0313943

SHA512
ba54f1c9d8b38728413bc20b63ba8720e0c5b1df34f960728294c7f0ececb5c83b3f74c00d493c7ea4d0efd8249726091b56b743e2bfa46654318b4cddb0b1e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-657UL.tmp\b2p.dll

Filesize
22KB

MD5
ab35386487b343e3e82dbd2671ff9dab

SHA1
03591d07aea3309b631a7d3a6e20a92653e199b8

SHA256
c3729545522fcff70db61046c0efd962df047d40e3b5ccd2272866540fc872b2

SHA512
b67d7384c769b2b1fdd3363fc3b47d300c2ea4d37334acfd774cf29169c0a504ba813dc3ecbda5b71a3f924110a77a363906b16a87b4b1432748557567d1cf09

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-657UL.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-657UL.tmp\iswin7logo.dll

Filesize
39KB

MD5
1ea948aad25ddd347d9b80bef6df9779

SHA1
0be971e67a6c3b1297e572d97c14f74b05dafed3

SHA256
30eb67bdd71d3a359819a72990029269672d52f597a2d1084d838caae91a6488

SHA512
f2cc5dce9754622f5a40c1ca20b4f00ac01197b8401fd4bd888bfdd296a43ca91a3ca261d0e9e01ee51591666d2852e34cee80badadcb77511b8a7ae72630545

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PEBJE.tmp\Icecream.Ebook.Reader.6.42.tmp

Filesize
922KB

MD5
110a077628746e4edc5d9d028b5458f2

SHA1
026f0f44dbd3df6e9853be568584c68f7e98d92b

SHA256
43be232a97a83c28b9fa7d311374d4f1163e7a1c2ea24a8cd32085ac5337d6d4

SHA512
d56177777f537a170317a49408d0772162484d85accf5a80688a6af77b6c7a94c5fd1d460ee76dabde61d48d726d3f932b523350c4ef4f0b0e7e0235dd7980a9

Download Submit
memory/2276-499-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/2276-498-0x0000000002B00000-0x0000000002B10000-memory.dmp

Filesize
64KB

Download
memory/2760-516-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/2760-523-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/2760-515-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/2760-522-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/2760-517-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/2760-521-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/2760-525-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/2760-527-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/2760-526-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/2760-524-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/4048-16-0x0000000074BE0000-0x0000000074BFB000-memory.dmp

Filesize
108KB

Download
memory/4048-36-0x00000000742E0000-0x00000000742F1000-memory.dmp

Filesize
68KB

Download
memory/4048-60-0x0000000074BE0000-0x0000000074BFB000-memory.dmp

Filesize
108KB

Download
memory/4048-9-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/4048-51-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/4048-478-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/4048-79-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/4048-48-0x0000000074BE0000-0x0000000074BFB000-memory.dmp

Filesize
108KB

Download
memory/4048-50-0x0000000009840000-0x000000000984F000-memory.dmp

Filesize
60KB

Download
memory/4048-402-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/4048-49-0x00000000742E0000-0x00000000742F1000-memory.dmp

Filesize
68KB

Download
memory/4048-41-0x0000000009840000-0x000000000984F000-memory.dmp

Filesize
60KB

Download
memory/4048-404-0x00000000742E0000-0x00000000742F1000-memory.dmp

Filesize
68KB

Download
memory/4048-17-0x00000000072B0000-0x00000000072B3000-memory.dmp

Filesize
12KB

Download
memory/4048-405-0x0000000009840000-0x000000000984F000-memory.dmp

Filesize
60KB

Download
memory/4048-47-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/4048-57-0x00000000072B0000-0x00000000072B3000-memory.dmp

Filesize
12KB

Download
memory/4048-37-0x0000000009830000-0x0000000009832000-memory.dmp

Filesize
8KB

Download
memory/4464-46-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4464-2-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4464-0-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4464-479-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download