Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
22/04/2024, 05:16
Static task
static1
Behavioral task
behavioral1
Sample
Icecream.Ebook.Reader.6.42.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Icecream.Ebook.Reader.6.42.exe
Resource
win10v2004-20240412-en
General
-
Target
Icecream.Ebook.Reader.6.42.exe
-
Size
29.9MB
-
MD5
f90a896fdd0d372765f89c555fd286c4
-
SHA1
fb4b58bed3b58bbbbfde076db19a3566ea219313
-
SHA256
3deac60bcee2553037d0f1f06ae2f54b0e8affbded1945103f52e767451b6987
-
SHA512
181ca289ff9d6250d70dbf9daf86877bf964a3d7593f8849715f85a2d11a44eff1c5f735617d8cfa16e901f78f2d6c7db116cf70498bf11ec370673b50306c36
-
SSDEEP
393216:tG+iYL1uLvfZHPD4dlgepR2UpoU1SyTzYIrDyI5SYpyuOl1mMCQiiIV+Oh2loKj5:t0vBvMdlgelAyHYWvwYsukrQiwhWo4n
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 4048 Icecream.Ebook.Reader.6.42.tmp 2276 icebookreader.exe -
Loads dropped DLL 51 IoCs
pid Process 4048 Icecream.Ebook.Reader.6.42.tmp 4048 Icecream.Ebook.Reader.6.42.tmp 4048 Icecream.Ebook.Reader.6.42.tmp 4048 Icecream.Ebook.Reader.6.42.tmp 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 icebookreader.exe -
Drops file in System32 directory 9 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF dxdiag.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-G2J0B.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-GU5QG.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\imageformats\is-4QAAU.tmp Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-utility-l1-1-0.dll Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\DebenuPDFLibraryDLL1016.dll Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-M4TR5.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-HT3HM.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-G8IN9.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-3FF8C.tmp Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-locale-l1-1-0.dll Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5TextToSpeech.dll Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-P1H05.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-J6PDA.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-4M74Q.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-PC39V.tmp Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-file-l2-1-0.dll Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\unrar.dll Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-0CVK2.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\iconengines\is-1V0BG.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\imageformats\is-DVE92.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-RH1VG.tmp Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\libxml2.dll Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5WebSockets.dll Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\vccorlib140.dll Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-UOQ8U.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-AOM52.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-CMI8P.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-ULE7B.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-M8SUR.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-EP4H5.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-OTJEP.tmp Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5PrintSupport.dll Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\libssl-1_1.dll Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Svg.dll Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-string-l1-1-0.dll Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\imageformats\qgif.dll Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-ON7S9.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-RA2AJ.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-DV1L5.tmp Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\platforms\qwindows.dll Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-ETMB0.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-PE2BS.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-AV0IU.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-K2R5C.tmp Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-core-synch-l1-1-0.dll Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Network.dll Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-process-l1-1-0.dll Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-4717M.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-P73JG.tmp Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Quick.dll Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-SRBN7.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-E6CII.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-31REB.tmp Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\Qt5Positioning.dll Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-8F2IU.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-HOFFD.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-U4M91.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\is-UEGJC.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-AKVP1.tmp Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\translations\is-2EULP.tmp Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\unins000.dat Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\api-ms-win-crt-filesystem-l1-1-0.dll Icecream.Ebook.Reader.6.42.tmp File opened for modification C:\Program Files (x86)\Icecream Ebook Reader 6\texttospeech\qtexttospeech_sapi.dll Icecream.Ebook.Reader.6.42.tmp File created C:\Program Files (x86)\Icecream Ebook Reader 6\printsupport\is-23RMB.tmp Icecream.Ebook.Reader.6.42.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID dxdiag.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 dxdiag.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID dxdiag.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs dxdiag.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs dxdiag.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 dxdiag.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\EPUB\DefaultIcon Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2\DefaultIcon Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B} dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1 dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mobi\ = "IcecreamEbookReader\\MOBI" Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.fb2 Icecream.Ebook.Reader.6.42.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\EPUB\shell Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\MOBI Icecream.Ebook.Reader.6.42.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\MOBI\DefaultIcon\ = "C:\\Program Files (x86)\\Icecream Ebook Reader 6\\mobi.ico" Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\MOBI\shell\open\command Icecream.Ebook.Reader.6.42.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}" dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ = "DxDiagClassObject Class" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mobi Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2\DefaultIcon\ = "C:\\Program Files (x86)\\Icecream Ebook Reader 6\\fb2.ico" Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2\shell Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.cbr Icecream.Ebook.Reader.6.42.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\EPUB\shell\open\command\ = "\"C:\\Program Files (x86)\\Icecream Ebook Reader 6\\icebookreader.exe\" \"%1\"" Icecream.Ebook.Reader.6.42.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\SysWOW64\\dxdiagn.dll" dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.epub\OpenWithList\a = "\"C:\\Program Files (x86)\\Icecream Ebook Reader 6\\icebookreader.exe\" \"%1\"" Icecream.Ebook.Reader.6.42.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBR\shell\open\command\ = "\"C:\\Program Files (x86)\\Icecream Ebook Reader 6\\icebookreader.exe\" \"%1\"" Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBR\DefaultIcon Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBR\shell\open Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32 dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer dxdiag.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1132431369-515282257-1998160155-1000\{2965E9EE-CE18-4483-A121-7E6467072589} dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\MOBI\shell\open\command\ = "\"C:\\Program Files (x86)\\Icecream Ebook Reader 6\\icebookreader.exe\" \"%1\"" Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2\shell\open Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBZ\shell\open\command Icecream.Ebook.Reader.6.42.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class" dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer\ = "DxDiag.DxDiagClassObject.1" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove\ = "Programmable" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7} dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\EPUB\shell\open\command Icecream.Ebook.Reader.6.42.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBZ\DefaultIcon\ = "C:\\Program Files (x86)\\Icecream Ebook Reader 6\\cbz.ico" Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32 dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2\shell\open\command\ = "\"C:\\Program Files (x86)\\Icecream Ebook Reader 6\\icebookreader.exe\" \"%1\"" Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBR\shell Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBZ\DefaultIcon Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBZ Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.epub\OpenWithList Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2 Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\FB2\shell\open\command Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\CBZ\shell Icecream.Ebook.Reader.6.42.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}" dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1" dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.epub\ = "IcecreamEbookReader\\EPUB" Icecream.Ebook.Reader.6.42.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.fb2\ = "IcecreamEbookReader\\FB2" Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Windows Icecream.Ebook.Reader.6.42.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IcecreamEbookReader\EPUB\DefaultIcon\ = "C:\\Program Files (x86)\\Icecream Ebook Reader 6\\epub.ico" Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.epub\OpenWithList Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.cbr\ = "IcecreamEbookReader\\CBR" Icecream.Ebook.Reader.6.42.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.cbz\ = "IcecreamEbookReader\\CBZ" Icecream.Ebook.Reader.6.42.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.epub Icecream.Ebook.Reader.6.42.tmp -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2276 icebookreader.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 4048 Icecream.Ebook.Reader.6.42.tmp 4048 Icecream.Ebook.Reader.6.42.tmp 4048 Icecream.Ebook.Reader.6.42.tmp 4048 Icecream.Ebook.Reader.6.42.tmp 4048 Icecream.Ebook.Reader.6.42.tmp 4048 Icecream.Ebook.Reader.6.42.tmp 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2276 icebookreader.exe 2760 dxdiag.exe 2760 dxdiag.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2276 icebookreader.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4048 Icecream.Ebook.Reader.6.42.tmp -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2276 icebookreader.exe 2276 icebookreader.exe 2760 dxdiag.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 4464 wrote to memory of 4048 4464 Icecream.Ebook.Reader.6.42.exe 86 PID 4464 wrote to memory of 4048 4464 Icecream.Ebook.Reader.6.42.exe 86 PID 4464 wrote to memory of 4048 4464 Icecream.Ebook.Reader.6.42.exe 86 PID 4048 wrote to memory of 2276 4048 Icecream.Ebook.Reader.6.42.tmp 107 PID 4048 wrote to memory of 2276 4048 Icecream.Ebook.Reader.6.42.tmp 107 PID 4048 wrote to memory of 2276 4048 Icecream.Ebook.Reader.6.42.tmp 107 PID 2276 wrote to memory of 2760 2276 icebookreader.exe 108 PID 2276 wrote to memory of 2760 2276 icebookreader.exe 108 PID 2276 wrote to memory of 2760 2276 icebookreader.exe 108
Processes
-
C:\Users\Admin\AppData\Local\Temp\Icecream.Ebook.Reader.6.42.exe"C:\Users\Admin\AppData\Local\Temp\Icecream.Ebook.Reader.6.42.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4464 -
C:\Users\Admin\AppData\Local\Temp\is-PEBJE.tmp\Icecream.Ebook.Reader.6.42.tmp"C:\Users\Admin\AppData\Local\Temp\is-PEBJE.tmp\Icecream.Ebook.Reader.6.42.tmp" /SL5="$C0050,31006947,76288,C:\Users\Admin\AppData\Local\Temp\Icecream.Ebook.Reader.6.42.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4048 -
C:\Program Files (x86)\Icecream Ebook Reader 6\icebookreader.exe"C:\Program Files (x86)\Icecream Ebook Reader 6\icebookreader.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2276 -
C:\Windows\SysWOW64\dxdiag.exedxdiag.exe /whql:off /t C:/Users/Admin/.Icecream Ebook Reader/log/dxdiag.txt4⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2760
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
114KB
MD5f2ef7710d8e0e0ed8eef00c9c6b29d2b
SHA11e3a59ab59f2aa31d1388290473a9e04bb5bc0ab
SHA256b18ea19fa694e591a3d86f8c071b00326eb3c01067c2c989b9af07d9fa5e7e17
SHA512c47f779db495b09344cb8fd1c6068d99d8ce08bfeb2ac67aff0d3c5de638cff8d4a1904de2d3ead6861fd95277bc5af71853b85e29a02b6e676c75c2f0d67738
-
Filesize
5.1MB
MD5316fb94da47eac5933f3007a8cca4356
SHA14c17a1a8e21940066bcbb5a0f09f6da9c26039da
SHA2560ded0e1cdb33b58ccb8fa20837ebfa9d17a9737bceb078d0d16f3ef4ac349c5d
SHA512b791a9dc14cb852344d33a7f0dfa5c3c7ac54e50b888024e6795a9ff5372b8554e464c9af9280289652981b58723c9e4bc72c514d3c346cd020998f67ab84d95
-
Filesize
5.7MB
MD5253c8b17a1476dc182c31b75e98b6a0e
SHA149a511a017ee77ffac72af8b007c67c9f6637d53
SHA25655b26b1236a79a6985dc9b6114dd227f5dff06d6932223dda02d9ed95968b779
SHA512a5110fdb18da6d87641b0299ea947f149030b61779ebeea300f75a555f3f2ab61bfa79204593d3a84f2be41945a3e82472002f876a3bac845badab871897754c
-
Filesize
1.0MB
MD50fd8ad9b5fe25811e9fa9125e791e083
SHA1680fda9f8b4ebee870c5dea0e9dfee0a918e4e5e
SHA256c9a7571426bb7d0f0939dc4d39d22329373fbd0320708ec6b99c0f516ff77d78
SHA51260899b2fd00d7ac3b34639891664f2f280fd32af1b0adb2ded09db87336243bcdcd731f8d30cffa665a2bceac83771622e755edaa8ddf5889539b66abb842e8e
-
Filesize
258KB
MD56911493cef8fc007b52c7114c8d81a87
SHA1fcb2fb3da92f6a6d53a8c0be4020ed93bc0bfcab
SHA256bd6b389bc83057cc1bcaad133764beffa1a0f7807db30bc4e84954098f0266d8
SHA5127a18ced35256f702d8d747ec87fe7d5b6294e52c6b75c210da77c46ffbefb46b02f049809e91a93065f4d1384c521e3aa9f4e16ecd1a6f518e4aecf9da080db8
-
Filesize
260KB
MD520705d94dc737decf70a97e17708fd66
SHA151c1b926b78a6005f552991503ea48d3c109a6a5
SHA256b39d58dee6c977ea0313a02f3345059ff2374cb46e1d7697782811c2968c4318
SHA512b40996b07a5e3bb26fed129e8de0c90542639ad8916b174dcbaabbbcfb50a4bbcfee2dd3376bf38fe738db2b969e1f443c6c73d104c297c35995d37409ccf2a7
-
Filesize
3.0MB
MD587dc31a3eb405ec971cfa69f866b7825
SHA1982f9234f170c73ada14bffe76c853f0922d225a
SHA256f30c44664f0d68d5cebb6dcea5221bf221936c50702ed51ca5fd523dab69f21c
SHA51223e18bfd76361356dd6d23be93e971d1bd6d095c6a43b4cc8471f93f347c835b44511e2fcad4886b1f7e9ede25b12758105e34d593d06513d18ff915eead79ef
-
Filesize
3.4MB
MD53311bebf5a6860b6814e94f69be88c3a
SHA1b7c292b795dbb02dfed3bbff1ff93e5532e8614c
SHA256e867aa5bfa6a121add73cf0bfb363894e4824e19b2418fe95fcec8d09563cbb7
SHA512f1eecd413a1a9ccfa3210d5c8e9488fb2bfe1ddf9324e553f5251fdb50250c1f552671e5b1fc69e66fb04788dc53709b2201e6744051f0be4ab610783ea35609
-
Filesize
161KB
MD50073dcae08f79f847f7d60274db936fe
SHA1eebb65b67fd0fdcd00de44477de39af7bb5677fd
SHA2569353c7da672de8b2cc44d9933f8c9f8b607e39a2e06ce9b447f705662c659b98
SHA512ef7b17cbdaae4af1c7a087d6b22dfdd2d8c742cc6c1b2c0790d8d19efcfed385f61766517664b413592adf1acbf67f4a7dbaa5f094ac129e4a9ca11e9cf456ac
-
Filesize
158KB
MD5bf1770cf9f2d29290f54ff0abc68323c
SHA1d29de6604928d910565ae373e3ca0730418a27ca
SHA2569b89fc8d38ad1db70b7345a926b86f2ba60f78de27e2ccfbb47d366f270935bc
SHA5127b42504a00c828d5f24f94c789f16e16314c85150ba711bf8c888f64437b30b0139a61ab8b56720684e09c7fa53b600a6b50bfe70d2801fbf3359140115a04c4
-
Filesize
258KB
MD52974485e58533b9bfc4061e11c0174c7
SHA19a8e9cdec284b865c76cca129e7bd44885babb55
SHA256cd1950f423381e5654eb92e5a77ee19aa6e0212fc3729d5710a9edf57746c2b0
SHA512ce0ef433d7e8d52ec513725327a7a8dcacae831704ccd4f2b9b243431a408de40abfa846d0bbdbbbdf70b6294439392bd8f4723d465e324a4bbf272727e5b43d
-
Filesize
40KB
MD55faba98038b2e8a537ce82b998bd0169
SHA17ea576957f168dc66a559ca0c9a01ef8d194e3e2
SHA256f5fc10d2e2dbd1fb732609a6ee9b99c153234553037b1cbb091c38f71f144a1f
SHA5123d1d7c9db17f74cd4d83a8d7389654ca50febb0713fbe131c69c31f8b09f73135fdc8f10874c440804993b3c40c81d4588f4bbb302b0ffb1527437f1b7e4896d
-
Filesize
107KB
MD55fb8fc6c2a14ac0e5b12a6fb5f9abd06
SHA1b95ac986902bf5e0409bd4b9900217d48ec34e08
SHA256ea1691ddc3565e753fe1b2a3577399d8db799905aa6b0b972e4f4cb3841e3b90
SHA512d196fdefbdfe2b7511ce039f91aa8eb99821118041ba5f3b01425696b88c17f9f7a1b2e94d991f956f98625a4f64306f15b1e24dc798aacbe91f67231a4e1a9d
-
Filesize
27.8MB
MD53520fc87f8db27e2297361ae81e9e2a9
SHA1312cfed9e2f0c0fe75c26d3f6d2ca529c5d20b47
SHA2563b4739a0436d40e0132a62b9401c188bce17411bb85fd976cad6746e63ba78c1
SHA5128cf34981c98a59b6e812e64c1ec1ca9a23aec7929d28a4b47f4c2b016f6a4e155c2388c10b41174f6f33658b1eb90765083137884fecf4cb0c7bba0f73daca60
-
Filesize
195KB
MD57d8cdd7c6ac810634e41ff8bdf606575
SHA147ada814be34fe077695c98c6a5bfd69f065a519
SHA25644275685aa3cb0775ebfcd461eea1a3e4c10a486d623c394a1ac9b041f67a2ee
SHA5128f7dca67db875f374d29f57e46feba02e30b672be1fcc47b039712034862cbc8158e34d71d59732e59965501eb89ad0fec568e3663aac63953566a8b3354f24e
-
Filesize
4.3MB
MD5fe4e5ed83642e0dd84bb41450d020af6
SHA1275601e50eecb6c7e19d9dd4ddbe6e23faa92650
SHA256baa679fbb6b375ea4f9a2c536e8cc750cdf25946379dced876d2a855ddaa838c
SHA512b29e60ff24684a969b61357aadc3d8a5614521cc77fe52016f886fd8b40f13f2b8f8b34cd9888d3c972642a06a6b94c29a193d7ab09a8285277f414df96f5d18
-
Filesize
423KB
MD5e368a66ad5114adf1f43790ab728ced2
SHA1c6e86f5b71d628b2556249cc96fdc2884b833143
SHA2565cca88f525e8b371eb579da114c26f1ec570157a95eb83a6cc38ea888ff400ea
SHA512d801024c78f986b00cd16e94903057b4d41b72e0c04497a50e70c7cc65f9da54c347b46d234c26894d9fc7de6574d5086d2b2e97e66df0ad1f958438a109bfaf
-
Filesize
169KB
MD51e5850c7b35b8ce5ead7ae46428c9786
SHA1f6c554161b66c30b2b28b1f3835d550f7d2b7d76
SHA256e2abf4aa16bcdc23aacd93c383a5ad27d1c83d54a5af9a89f2fb2f8ba4da6755
SHA512a9ccfc6cf49e4418775a5d4f5e8e8a73e1c950fb64dbb62a09077263d1b2f21f07411295070e1c6259a4e62df5883418c0e39b1d3aa23ce0497e47899c7de21c
-
Filesize
74KB
MD5afa8fb684eded0d4ca6aa03aebea446f
SHA198bbb8543d4b3fbecebb952037adb0f9869a63a5
SHA25644de8d0dc9994bff357344c44f12e8bfff8150442f7ca313298b98e6c23a588e
SHA5126669eec07269002c881467d4f4af82e5510928ea32ce79a7b1f51a71ba9567e8d99605c5bc86f940a7b70231d70638aeb2f6c2397ef197bd4c28f5e9fad40312
-
Filesize
3.2MB
MD550389adcd9954df3f6a3344a831b40bf
SHA1e47c9f5fc18f77a4946646dd49c04b01c6f3c14d
SHA2562485e88ddfd26c74791807d19e32dd14cf27e30ba00c739b973d7374b0a9e52c
SHA5126721e0821c757a2febfe18c08afe111d24eec6ed80652f9fe267d6f0d70f7c971f9573ce5bffec7ffcfde8aedb7d95eb785e4cebf7a91c9eca2194c433b2c74d
-
Filesize
2.0MB
MD5c4f481ea245c8a473326ce875525dedf
SHA15c3f4b12b911df8df19030b87caf87bcaffcddeb
SHA256a1453a8e217f21c79aaff7f3ff355adeb8c548bda3fbc1cf11a2cb27a5c7d736
SHA51268e98f878a5b5848f8f02218923bde1f94cf8b13e9741188a627600e11044c87cc72586b22edc7f810a6ba10208aa2749d6f8145acdd7a6298c7d0a125a5c5d5
-
Filesize
1.3MB
MD5192d416edc508178b9f6b5e716772d9f
SHA17c9451f1f9b672ffb913934392d36a00dbd5e68e
SHA2562f80a6a7402504efcc758042226fc01f915914d6584c5210e5d3ff6f4a960782
SHA51298c0426b82d0147605d61495f3cb4fb6b4eda3990e01afafddb89092ec965cd03bb689a875b303bf835096df5513b0eac6fa751758e3022bbfbefb25dbfee7a0
-
Filesize
442KB
MD58a7fc677209284bf28a8c15086521000
SHA1a7b42c8a0731c73ec3da57bd3c5689bcda78a093
SHA2564c6c93a1a599201d27371d1ecbb33fd6342be9e826febc71e8a92f1253fdc62b
SHA51268bd451803fc932da741677351e63bbfa44abfb84091fbd4ee18c23d84175fb5427c5ee642019d1e31540d1271ac3ffca546007b4cf8d92a05241f3e5b738688
-
Filesize
987KB
MD5ce390613f9ebb02f42111dc2185eaf46
SHA1f47941e1b7b748af9561387c77122364c109e2ad
SHA2564c9a0c1ac3cf3d5bad8e82b2f9445851c93a835c841d4a6949f1c7b9495a66ab
SHA51286577445bdefe54cec03044ff87a161c82ad5cbbd16c37a65921a35698ffe7c9df9f8e2b5552386148dbcd843bd11e4c6286f0540a1b75b370e1ee0c839f9d24
-
Filesize
163KB
MD5d11392645997cc9ce5896fb861f5d6ca
SHA10c5c5547d86f43a0c0a511cb6f5ef1de6a68cfaa
SHA25643b827fe410f275ce0ebcb8e0f59fec438b14d726ff720d86c025ae0d0c6e0fc
SHA512c718389c3737f0b6657dc472837724a04da43c2a90fe41e5c3235cac5f668168404953f2a637a335fbec5af00b342e6239f9eb16cc942e65c9ffb786d5e44b63
-
Filesize
426KB
MD50a0042fe544c91cd57bc2f7ef40bb974
SHA18bf31f44ba3e47b8b186c3d8cc219a4d2f67da63
SHA2564190f0a1306257ced4975448794e1d42be312e334ffccfb4910a4a39cde9df57
SHA512c4c56c06cd40213ebdcead6a256510b44beefc3a18d7f84efebcd05bac7bb1b942f97b7f7798420ca8ff0c1592f32301d751554fb63125b4703feadfced2f6be
-
Filesize
20KB
MD54b30f6c86cf6932f2297ffc5e64d2bfb
SHA1e16f032af4d319002a0db8514d97c1ca23fef42f
SHA256f92ec09eb6b666e42cd52ef912f298fb79c264ef3272735f69f99684b88585df
SHA5129c1cca4ec49e40a955284be42bf38a3a9a1264aa04d69fc2bbfc6cb9ef2c32bf99b496740629b283eaa944d8b8166ce755443656640f5c65f98924940d295588
-
Filesize
148KB
MD5bb42a0b842a061bfff3a22123dad2d38
SHA1a8a167e26cbdf6b221d77d3b35a85be3221383d3
SHA256dc4c39a6a4fd6f113b6d7f5c5971d8d964c0b3fd1cb18764db79ca86a5ed39a8
SHA512b45f4711551b825009fff1e5a7d45f41aff4f8c888f32b68e8f42c1a8fcc4bf18c7b968a1a8ce5635c197a884ac2331dfdcd53d757540fb2a5d3bb4c52504e87
-
Filesize
214KB
MD5570e94acbc5e43e7a3c217148291be4c
SHA1684e6dc1669cc5772ea46493c17d8010554cb3d9
SHA256cfc782faffc6fa3b602e97d2ea0d00e20873e10cc9b46160bff7ce1b5f738c0f
SHA512fb271860d7978d2cc59d2f1ca618a27248278837317d87c032469f8561a221314b9388b61dd2942bc916c388ba74cecb4517040bf3da898be2f85cf7adc45afe
-
Filesize
426B
MD5a9cfc09a2142005afea5acf1d6cf91b5
SHA198b85e4cc18c5067541e03957b4129d597413bb0
SHA256c6773ac8a4570c7268ce4acda270d0cfe93b773dbae858f16e9bef55f0313943
SHA512ba54f1c9d8b38728413bc20b63ba8720e0c5b1df34f960728294c7f0ececb5c83b3f74c00d493c7ea4d0efd8249726091b56b743e2bfa46654318b4cddb0b1e6
-
Filesize
22KB
MD5ab35386487b343e3e82dbd2671ff9dab
SHA103591d07aea3309b631a7d3a6e20a92653e199b8
SHA256c3729545522fcff70db61046c0efd962df047d40e3b5ccd2272866540fc872b2
SHA512b67d7384c769b2b1fdd3363fc3b47d300c2ea4d37334acfd774cf29169c0a504ba813dc3ecbda5b71a3f924110a77a363906b16a87b4b1432748557567d1cf09
-
Filesize
37KB
MD567965a5957a61867d661f05ae1f4773e
SHA1f14c0a4f154dc685bb7c65b2d804a02a0fb2360d
SHA256450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105
SHA512c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b
-
Filesize
39KB
MD51ea948aad25ddd347d9b80bef6df9779
SHA10be971e67a6c3b1297e572d97c14f74b05dafed3
SHA25630eb67bdd71d3a359819a72990029269672d52f597a2d1084d838caae91a6488
SHA512f2cc5dce9754622f5a40c1ca20b4f00ac01197b8401fd4bd888bfdd296a43ca91a3ca261d0e9e01ee51591666d2852e34cee80badadcb77511b8a7ae72630545
-
Filesize
922KB
MD5110a077628746e4edc5d9d028b5458f2
SHA1026f0f44dbd3df6e9853be568584c68f7e98d92b
SHA25643be232a97a83c28b9fa7d311374d4f1163e7a1c2ea24a8cd32085ac5337d6d4
SHA512d56177777f537a170317a49408d0772162484d85accf5a80688a6af77b6c7a94c5fd1d460ee76dabde61d48d726d3f932b523350c4ef4f0b0e7e0235dd7980a9