Malware Analysis Report

2024-09-22 15:14

Sample ID 240530-sq7vlacg41
Target 2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid
SHA256 9b6605e129266a2c4d0c8658dd5d1861a910f7610ba4c5aa33c78644b7875e61
Tags
gh0strat purplefox bootkit persistence rat rootkit trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9b6605e129266a2c4d0c8658dd5d1861a910f7610ba4c5aa33c78644b7875e61

Threat Level: Known bad

The file 2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid was found to be: Known bad.

Malicious Activity Summary

gh0strat purplefox bootkit persistence rat rootkit trojan upx

Detect PurpleFox Rootkit

Gh0strat

PurpleFox

Gh0st RAT payload

Sets service image path in registry

Drops file in Drivers directory

Sets DLL path for service in the registry

Loads dropped DLL

Executes dropped EXE

UPX packed file

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Modifies registry class

Checks SCSI registry key(s)

Suspicious use of SendNotifyMessage

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

Runs ping.exe

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-05-30 15:20

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 15:20

Reported

2024-05-30 15:23

Platform

win10v2004-20240508-en

Max time kernel

129s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

Signatures

Detect PurpleFox Rootkit

rootkit
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Gh0st RAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Gh0strat

rat gh0strat

PurpleFox

rootkit trojan purplefox

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\QAssist.sys C:\Windows\SysWOW64\TXPlatfor.exe N/A

Sets DLL path for service in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Remote Data\Parameters\ServiceDll = "C:\\Windows\\system32\\240641968.txt" C:\Users\Admin\AppData\Local\Temp\R.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\QAssist\ImagePath = "system32\\DRIVERS\\QAssist.sys" C:\Windows\SysWOW64\TXPlatfor.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Windows\SysWOW64\Remote Data.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\Remote Data.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\240641968.txt C:\Users\Admin\AppData\Local\Temp\R.exe N/A
File opened for modification C:\Windows\SysWOW64\ini.ini C:\Users\Admin\AppData\Local\Temp\R.exe N/A
File created C:\Windows\SysWOW64\Remote Data.exe C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Windows\SysWOW64\Remote Data.exe C:\Windows\SysWOW64\svchost.exe N/A
File created C:\Windows\SysWOW64\TXPlatfor.exe C:\Users\Admin\AppData\Local\Temp\N.exe N/A
File opened for modification C:\Windows\SysWOW64\TXPlatfor.exe C:\Users\Admin\AppData\Local\Temp\N.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A
N/A N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4840 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 4840 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 4840 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 4840 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 4840 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 4840 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 2324 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 2324 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 2324 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 1624 wrote to memory of 2868 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 1624 wrote to memory of 2868 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 1624 wrote to memory of 2868 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 4840 wrote to memory of 3840 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe
PID 4840 wrote to memory of 3840 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe
PID 4840 wrote to memory of 3840 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe
PID 2428 wrote to memory of 4744 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2428 wrote to memory of 4744 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2428 wrote to memory of 4744 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 324 wrote to memory of 588 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\Remote Data.exe
PID 324 wrote to memory of 588 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\Remote Data.exe
PID 324 wrote to memory of 588 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\Remote Data.exe
PID 5308 wrote to memory of 5396 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 5308 wrote to memory of 5396 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 5308 wrote to memory of 5396 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 5308 wrote to memory of 5440 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 5308 wrote to memory of 5440 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 5308 wrote to memory of 5440 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 5440 wrote to memory of 5524 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 5440 wrote to memory of 5524 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 5440 wrote to memory of 5524 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 5484 wrote to memory of 5532 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 5484 wrote to memory of 5532 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 5484 wrote to memory of 5532 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 5308 wrote to memory of 5552 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe
PID 5308 wrote to memory of 5552 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe
PID 5308 wrote to memory of 5552 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe
PID 5524 wrote to memory of 5616 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 5524 wrote to memory of 5616 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 5524 wrote to memory of 5616 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1392 wrote to memory of 2112 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 1392 wrote to memory of 2112 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 1392 wrote to memory of 2112 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 1392 wrote to memory of 4876 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 1392 wrote to memory of 4876 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 1392 wrote to memory of 4876 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 4876 wrote to memory of 5868 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 4876 wrote to memory of 5868 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 4876 wrote to memory of 5868 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 5828 wrote to memory of 5864 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 5828 wrote to memory of 5864 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 5828 wrote to memory of 5864 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 1392 wrote to memory of 1380 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe
PID 1392 wrote to memory of 1380 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe
PID 1392 wrote to memory of 1380 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe
PID 5868 wrote to memory of 2032 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 5868 wrote to memory of 2032 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 5868 wrote to memory of 2032 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2384 wrote to memory of 2936 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 2384 wrote to memory of 2936 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 2384 wrote to memory of 2936 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 2384 wrote to memory of 1388 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 2384 wrote to memory of 1388 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 2384 wrote to memory of 1388 N/A C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 1388 wrote to memory of 6004 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Windows\SysWOW64\svchost.exe

C:\Windows\SysWOW64\svchost.exe -k "Remote Data"

C:\Windows\SysWOW64\svchost.exe

C:\Windows\SysWOW64\svchost.exe -k "Remote Data"

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\SysWOW64\Remote Data.exe

"C:\Windows\system32\Remote Data.exe" "c:\windows\system32\240641968.txt",MainThread

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1404,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

"C:\Users\Admin\Desktop\2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Users\Admin\Desktop\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20240508121838_002_dotnet_host_8.0.2_win_x64.msi.log

Network

Country Destination Domain Proto
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
BE 2.17.196.83:443 www.bing.com tcp
US 8.8.8.8:53 83.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 74.239.69.13.in-addr.arpa udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp

Files

C:\Users\Admin\AppData\Local\Temp\R.exe

MD5 8dc3adf1c490211971c1e2325f1424d2
SHA1 4eec4a4e7cb97c5efa6c72e0731cd090c0c4adc5
SHA256 bc29f2022ab3b812e50c8681ff196f090c038b5ab51e37daffac4469a8c2eb2c
SHA512 ae92ea20b359849dcdba4808119b154e3af5ef3687ee09de1797610fe8c4d3eb9065b068074d35adddb4b225d17c619baff3944cb137ad196bcef7a6507f920d

C:\Windows\SysWOW64\240641968.txt

MD5 f354a98b0752d44a76708d89bae7be7d
SHA1 2b7e01884a812e40c91a25451817de809f01e6a2
SHA256 3fd17d0f596e4f07d48423106591dff6494d89b7660548f1212b2c77df0a136e
SHA512 b9ee402b468264ab6eff60d7224b712a68f070dd983bc314357951ad70ec60ac2008246db290d6cbc9fdc7acf2d9b4e8938876aa6a2d78041b12578c9e7cd5b0

C:\Users\Admin\AppData\Local\Temp\N.exe

MD5 4a36a48e58829c22381572b2040b6fe0
SHA1 f09d30e44ff7e3f20a5de307720f3ad148c6143b
SHA256 3de6c02f52a661b8f934f59541d0cf297bb489eb2155e346b63c7338e09aeaf8
SHA512 5d0ea398792f6b9eb3f188813c50b7f43929183b5733d2b595b2fd1c78722764fd15f62db1086b5c7edfb157661a6dcd544ddd80907ee7699dddbca1ef4022d0

memory/2324-17-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2324-20-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2324-19-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2324-21-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/1624-26-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/1624-28-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/1624-29-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2868-35-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2868-37-0x0000000010000000-0x00000000101B6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_69599f6b37fb75a88be6121cbdf8cfe8_icedid.exe

MD5 a2140682b6a8c862642093955a87b3ec
SHA1 f03679bd04bad2c8d58508ad05ebb2caf2fadf76
SHA256 3e6d6b2c94191c42a44cc41e7cd05d00600496265c1215925d0e28e0d0ecd6d1
SHA512 a85f0ca63c111328d6eb8166924b9583f5b7b09f018e96bdefaf5b725e0437a99ab4d0d70092e958a1f2a1c64920d232264160e52195ec3f4970c49515664a0a

memory/2868-38-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2868-39-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2868-42-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2868-46-0x0000000010000000-0x00000000101B6000-memory.dmp

C:\Windows\SysWOW64\Remote Data.exe

MD5 889b99c52a60dd49227c5e485a016679
SHA1 8fa889e456aa646a4d0a4349977430ce5fa5e2d7
SHA256 6cbe0e1f046b13b29bfa26f8b368281d2dda7eb9b718651d5856f22cc3e02910
SHA512 08933106eaf338dd119c45cbf1f83e723aff77cc0f8d3fc84e36253b1eb31557a54211d1d5d1cb58958188e32064d451f6c66a24b3963cccd3de07299ab90641

memory/2476-53-0x000002693C040000-0x000002693C041000-memory.dmp

memory/2476-52-0x000002693C040000-0x000002693C041000-memory.dmp

memory/2476-51-0x000002693C040000-0x000002693C041000-memory.dmp

memory/2476-60-0x000002693C040000-0x000002693C041000-memory.dmp

memory/2476-63-0x000002693C040000-0x000002693C041000-memory.dmp

memory/2476-61-0x000002693C040000-0x000002693C041000-memory.dmp

memory/2476-62-0x000002693C040000-0x000002693C041000-memory.dmp

memory/2476-59-0x000002693C040000-0x000002693C041000-memory.dmp

memory/2476-57-0x000002693C040000-0x000002693C041000-memory.dmp

memory/2476-58-0x000002693C040000-0x000002693C041000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\HD_X.dat

MD5 274fe01eb0f4cd402c3cfdeda4b30715
SHA1 72db93e86caaadf2f28e5265ebfbc2ea6ba9e705
SHA256 843743adaef60d2f490d2702487f7687ffa36524d11ad89feed31bbddfd21d40
SHA512 6d71d57566f436c6e1242421070bca8c62ba95a7ccfc73ae5efef54f93482b3e3b742bda361b7c713a5e5158f11310401341bd1ddd4f011ba33f77c5e9543798

C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat

MD5 dfcde250a5fad8f9a7a87a975f053291
SHA1 3e5fe4a19a95fffe1764d4b22f6ab52bf181efd2
SHA256 72ec8639bacaf659e0f390de0794ce9e383f71689b9d25d8c1c5b024b644b0ea
SHA512 e5466b3a722c8b9309f390536364202d26708017d86ad23f8676c069a63f624c5d9fe6f8f4b04bd5438e6e02d64178691cfe24da520c7f5cfb783fe40d6bf8d0

memory/4840-97-0x0000000000400000-0x00000000006BD000-memory.dmp

memory/4840-137-0x0000000000400000-0x00000000006BD000-memory.dmp