Analysis Overview
SHA256
e657a432aa54bfe93259ebfbd34dc4a3712133e5c134bc722f587db3e5dfa90c
Threat Level: Shows suspicious behavior
The file 2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop was found to be: Shows suspicious behavior.
Malicious Activity Summary
Drops startup file
Executes dropped EXE
Reads user/profile data of web browsers
Enumerates connected drives
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-04 12:05
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-04 12:05
Reported
2025-07-04 12:08
Platform
win10v2004-20250619-en
Max time kernel
149s
Max time network
136s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
Executes dropped EXE
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\W: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\Logo1_.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Calculator\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\tr-tr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\si\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pt-br\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fi-fi\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\gmp-clearkey\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ar-ae\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\de-de\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\bn_IN\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\cs-cz\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\ru\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pt-br\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sl-si\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\rhp\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ca-es\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ar-ae\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\VisualElements\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hr-hr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\libs\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\he-il\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Updates\Download\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Reference Assemblies\Microsoft\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\hu-hu\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\da-dk\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\sl-sl\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\fr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sl-sl\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-cn\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ar-ae\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\it-it\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-il\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Sigma\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\skins\fonts\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ja-JP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-il\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\zh-Hans\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\de-DE\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fi-fi\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-gb\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\nl-nl\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\uk-ua\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\it-it\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ko-kr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fi-fi\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
Drops file in Windows directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7196.bat
C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a733C.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a74E2.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7724.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7918.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7ABE.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7C44.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7ED5.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a806B.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a81B3.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a833A.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a84EF.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8685.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a882B.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a89D1.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8B58.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8D0D.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8ED2.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a90E6.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a929B.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a949F.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9710.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a97EA.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9913.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a99DE.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9BA4.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9C6F.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9CFB.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9D98.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA066.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA131.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA20C.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA2E7.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA400.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA4DB.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA5B6.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA6DF.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA7AA.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA856.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA921.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA9EC.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAC3E.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aACAB.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAD18.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAD66.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aADD4.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAE32.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAE8F.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAF0C.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAF99.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB16E.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB277.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB2D5.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB333.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB391.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB41D.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB4B9.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB527.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB575.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB5D3.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB65F.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB69E.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB6FC.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB74A.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB7A7.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB815.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB873.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB8C1.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB91E.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB97C.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB9CA.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBA28.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBAF3.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBBAF.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBC5B.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBD06.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBDC2.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBE6E.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBF1A.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBFD5.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC0CF.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC1AA.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC2B4.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC4F6.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC5C1.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC6CA.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC7B5.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC880.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC92C.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC98A.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC9E7.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCA55.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCAC2.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCB3F.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCBBC.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCC39.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCC97.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCCF5.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCD52.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCDC0.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCE1D.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCE6C.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCEE9.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCF46.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCFB4.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD011.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD07F.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD0DD.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD169.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD1D7.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD254.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD2B1.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD31F.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD3AB.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD419.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD486.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD503.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD561.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD5BF.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD64B.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD699.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD6F7.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD774.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD7C2.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD83F.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD87E.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD8EB.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD968.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD9C6.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDA33.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDA91.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDAEF.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDB7B.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDBD9.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDC56.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDCB4.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDD40.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDDBD.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDE3A.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDE98.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDF15.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDF92.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDFF0.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE06D.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
Files
memory/2396-0-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Windows\Logo1_.exe
| MD5 | 4f07b7c07db3deeaef154a2f2c9646b0 |
| SHA1 | 6ada698575fd2ce3b8041f85d04dad5bd846a03f |
| SHA256 | 5c6ca16525876afba9f88ae6809b550793501ed5c5a73b8a800d4029ff92c98c |
| SHA512 | 35d71140bddbe016fe55a1e9328b3d284b3c9d5ebe9225b062b994bff4c70555fdf81378a299ab70f1c4d37b60a18a5f8a411e63fe4562299863bb1378616a90 |
memory/2808-8-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2396-11-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a7196.bat
| MD5 | 72d91bf430c60e6a0cc5801503c97167 |
| SHA1 | 526d63953b1b0b25703b3d66601a08fdae7655a5 |
| SHA256 | 5718b4cb2b511dce10531393b08a1ee6676d0b8564690807aa18988248a6da47 |
| SHA512 | eb832dc4c01028eb2b5c953b6c3bdf949a5da8f69bbba2f6e0326fddd27790517695044d68bdf09180149346388f50933cfc31d65db008f9aa88a894fee541cd |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 14954aa4a182ab68fc5a7cf3b2b0a0c8 |
| SHA1 | 486a72e9a30c37cf13615e50733648d2861275ca |
| SHA256 | 89052f94feab5419b6c99f995f0ad766d77f0efd6cbf1d75c44d6cead712f28c |
| SHA512 | 2f8e2c6bf5645036ccc98b49d0053d9f5f51e18a939cba88eae1f745ae8480444241d31c78bb940fdb8ada6e6c7267f9a4e3017f1164221f46e4d2d92acd4558 |
memory/936-20-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a733C.bat
| MD5 | 279f7e573ff746e5cb095f7e2b217dfa |
| SHA1 | bdde367f23a0e9c6b3f62c57171d878f086ac85e |
| SHA256 | 8c32bd712ee8f16f1ff98114418cbfa7ebd002f6c1453f8ffbfecb523acf90c8 |
| SHA512 | 880e6070aa7d16a03a597958f0874e6d29a960511f1b6ec358552a206a002b658c235f658b9a5211cf23ae0637775f54d6c71d5906fb6f448702bec3bea85416 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 4e44002c76c4b355fc429fdd12201441 |
| SHA1 | 1786fac31f2677ea678bf769fac75936c60c7f86 |
| SHA256 | 87b6f408ad747c36db6b2afb0b4ce6104f06651f8163d28d4b1ba49a154570d5 |
| SHA512 | 886b8e458a3443d1f3d67eb2f61fe24c9442f293ee7c77ccc0f6b1d1b0bdf63f6e1bccf0a56f4259873ca5e4446dd4901c22eb66801f22416982bd7e7c04c926 |
memory/1364-27-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a74E2.bat
| MD5 | d95f1a62ab8599e8ee1fabf773805867 |
| SHA1 | 0c36954d3d3b2cf7878c8c404397c7cc31644019 |
| SHA256 | 182590c85acac8f15a3ff0416cfbbf973c0b685f53fa736f9a06dd14eec8c6c4 |
| SHA512 | 6866f4baf7787acdb9af82ebc6becceba6498e2dc8b903816bc4bfdf542c1f6089ae07373cbaac450eed155493dc9c51af28e321d40cb656005e7ed7aa864542 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 445e08267e84451c9e36799c5083a84b |
| SHA1 | 392e664453840a49f3ce286f145f928f3123d46b |
| SHA256 | af1a9b4dc1a0603cb8d82465cda62e9e8e5776fc12dccdef442adcc8af7af8fb |
| SHA512 | d202881771c106339fd150b5e3168aa47d200bf664a6d6d3a2d9b0cb39821c94e05f7f008b5fd082e08cfb2000eb5bb376e46e4f0a55bb705e8ead22dc202963 |
C:\Users\Admin\AppData\Local\Temp\$$a7724.bat
| MD5 | 77b15d6789eb13b4bd36957f6b05d9a7 |
| SHA1 | e29b24f2e69df67b72370c56c814907f12be7551 |
| SHA256 | ed14940bcf35dfe2fcfb5b546f382511257d4c8676374336a8d806c5c4d88b5d |
| SHA512 | 780e9511349d32c0507d2b33e6bacec47ba79b70fdaa47b7bda7985d3e5f51b05ad28bc0c6fb410bd299bb0278b6ab4228f017eaec85879fcfe64a7f3d97ca00 |
memory/4716-36-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 39b56f8480e715c1ed3941a140844b95 |
| SHA1 | 8f59b88c8e35f16d02bf5b87b0e8be8383f529fe |
| SHA256 | cefcefd4b76c6057c5e4adbfa53e2e77de8ba4fe00549ce7a5952f7eff005973 |
| SHA512 | 1139040e405cb070a7e4e6dff6429140499e196b6ab4e54f75ce7a299775b79aa67a2d356c5e4a70f2276b72fd0455ed2450b696caf24cd54c8058870e4f0481 |
memory/1384-44-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a7918.bat
| MD5 | c4088750e3c57c23c5cc3269af70bc67 |
| SHA1 | da9ebbe9f679a0ada50a7ace8a31967d97be3422 |
| SHA256 | 1895fc30f2736acfb89f51c99e8031ea38dfb5a48f31679f6d306067e50684a6 |
| SHA512 | 343d5894cfff64888b7de4f9c3f4bbd75e79c93963589776d176045159c3fe01880cacae566cd4be7f970a5aec06645119abdd25ad5719cf2ce7d8bd693f4c47 |
F:\$RECYCLE.BIN\S-1-5-21-3008489981-1977616533-741913813-1000\_desktop.ini
| MD5 | 6ef23bccadc81fb82d7eeecab7166eed |
| SHA1 | 379fb55375f791483209d02402c6c359fe6afc12 |
| SHA256 | da5498ac44fd5b5f97353e6f28c673c28985ae25330f183b90a1a20b4bf4e85a |
| SHA512 | 6e10f0bfc5983272d128dfe59f9868a59098e8ae388e55a0ab9f25d85b1c979728b295f39bef985bb7ef8ff1bc9b14c5f315ead269b8cefb4aaa2e82ca0cf5b1 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 0d65d79ac2053734465a8e58cdc4642a |
| SHA1 | 35b193cdae6a6da4d5f7108c50c09cbd0b87c777 |
| SHA256 | 03c0cf3ded5f31db8c4074f7a6ccb1362470c63ce6438977c7bb95f106190d0d |
| SHA512 | 9b652de15ad9eb58afc627c68e8b8011f1d033bbadf925ac3da271e29cf2afb14319a46a11e0eb100c948efd06a53e8a632d57dc811a1994518e70aed6eb0732 |
memory/4380-57-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a7ABE.bat
| MD5 | cde40f41f0d9c1909d487f6955d939b7 |
| SHA1 | 63df9565618b646748b669d12714b1a76d9f0dc9 |
| SHA256 | 4313e59c76b17c0b0ca839cbe44161f1097a258d5371b9f96c6d41d6ef445a01 |
| SHA512 | 37b65bf54eec0ca9f269386859a441aac0e0ee3303b604c1bf09df0817947b8f92b83490df59e5d3b7dc7ea5e7c79455b326d600fdd379d28951f37e2fabe8d1 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 904702ee30824b6ccbc12da83158e3c6 |
| SHA1 | 6f11f225a9cbe4e4b3fb89f3881337f63ffceb20 |
| SHA256 | 8d20121f552f45e4ccbcb8e82f17702d491281556116f4733e3cb041643fb6ae |
| SHA512 | 61ec003f261381dfea494be216145b131871d64fd6b7581bd13160b80d8d4c98531697b3dfc4fdd51a755a7339a33017f41d18848d0b0b22a459de6b65a9ac75 |
memory/3164-64-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a7C44.bat
| MD5 | d5b0f3087d83a8d37bfe47b8f7827ca8 |
| SHA1 | 9cf34b00f3c4214b33129539e40fb04608239549 |
| SHA256 | d7624992ecf01359bbab96650fcff4ba045412dac54b38d35781250469fa01b7 |
| SHA512 | dc08fdc75ea7f6b7ff2fdb332530e81c8c3d4edb96d150a3ec6a3c1e3f34ed2f2a66831edbc2b0c2ec106e16ba45ce05d1cc16bf7caa8ff49daf217817d29b39 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 250b3dda48df2d14e7bb536994822b42 |
| SHA1 | eac7926a645df867cde72f58487b361d88b15027 |
| SHA256 | 617670ea14a1bee928e35179461e621a748733ae54579f10e7fa9476746fe819 |
| SHA512 | b277bbe8447915a563e8a33e685f7942858b9e0cb43b84dfebf710f4c0c6144a04354735b110a5f7790b107ed8e0e2c991411d1192b39e375334b26634264d77 |
memory/1108-75-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a7ED5.bat
| MD5 | 222f103c584fb33ab66d07926d2c3c0c |
| SHA1 | e62c0cf90151e438aa6e15912ac39faf5a4f1ac5 |
| SHA256 | bae2a3b9bd175f35ad12e4e785b951bc82b10f6f5cba4323b55d1a20b537e12c |
| SHA512 | 13bc17337e905df73d23820d961c41fc05c1d6f392721d5e34e80a0a4e46366a21c99b44a06d69cfd95d0fb239458a5b91549f18230dae9cf5ca7ad6ebc4f06a |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 485484a2f1b04169655003deb401acd4 |
| SHA1 | 011d38bc72c6a7340d83422042598fd91efcf618 |
| SHA256 | 3f45a0a5154d3d23c64942ea6890a306f3308a95fcd806074a10aeef18570af2 |
| SHA512 | a547d7c25a26af0488dabef0ce345ab85e3ec0b0a9ee21d24aaa8f82367dd5cbcd8122f514a6f0f579e3aa1dda56a25dc8f20e32b4fb6a5acc9c1de1dad6feef |
memory/3344-82-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a806B.bat
| MD5 | 6322d3569f3f6a637263bfbb158c3231 |
| SHA1 | 2bdec98f3da1f314c1ed0a02f797705a13c82c09 |
| SHA256 | 41c24770dff48575a7df1462914bd3cd6daee522ca6d2836c240800f9b8f22ee |
| SHA512 | 6a3078d0bb438611e9161ed340aab070384dd6a921406c52562ccbe47227d99aa42cf5f0011cfa115df937a0a4d8d7768814ee0d7e6bca3ecd89b059ac669136 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 9de4a56d9e9e0439babb4c4e50e7e420 |
| SHA1 | 62a8cc77bbe32ae8ba9caca4c7247a74ad3c443b |
| SHA256 | 76ffa186c33c1a6887f0d53c4e9a5b1b2d7ad35ad8018492351025c9fbf23b75 |
| SHA512 | 80c6b59b031f9158ea3b3c2abc90b3c1c9f5c74a618bea3dc38741d0aea67e0036dee667ef2bbc11077d57a4cdbede35955b4829fb6aea48234fe6dc0adea062 |
memory/4752-89-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a81B3.bat
| MD5 | c12d73ec1419bea6fbb328a18368a55e |
| SHA1 | f3c600d1558c265ec4c3f119f132992749052957 |
| SHA256 | 9cabdd2ae7ec87743f9d9aea7456b0a8c76579fe2184cf20d8b64c59153bdb2e |
| SHA512 | 4fb0a45708074dba851a558f6ecf2ce3ec5979c8dcd443e4593b2e256f7d53c4b1e63bf8a90b483e9d664889c576e47e301bb16c49bd92a2fbd14185e80361d6 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 2790f79b2751ff31b42a5adbb1d735f7 |
| SHA1 | 42c89ccd61c74fabfccd7f139627f32776040a8c |
| SHA256 | b8f468666866e9d358805677b7171aa8a9c2264e9c462792f766a7a89b98bb0f |
| SHA512 | 1311f96e30fcf6dc58061459a59ab2533466cecae3d01bc6b4a01adda79e2dcfa25dd8d32ceae958e0f25318d313644d9ff5249b7c62ae42ff4552c485726588 |
memory/2808-95-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1480-99-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a833A.bat
| MD5 | ceeca696ad0290f9c75c79bae935bdd5 |
| SHA1 | bfbfb16c29bf601af9df92035d99d50f54fd5baf |
| SHA256 | e1f0dca0afcfd9ae07ffea64b3005435461750324882aea20c74c63cdee5afa5 |
| SHA512 | 1cf0ffb1e0673e7a5269901315720ead8d2738f7be5d0c9b3eb926ab31851c38febda4de1b069c6958001f6632d01e3d6fd180f78402b7f60265f07998a3e768 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 9d4488175ef3cd5dfa15483e658b8baf |
| SHA1 | e09bb89ecb5f3aabb46adfda347cc77ba0af1051 |
| SHA256 | e82dc11db5e368f864214a1c1632b8bec256a3e6e9251ade10bb2acb15f83a9c |
| SHA512 | 31fcba6ea4c062c03d0e20720ac06c24111533230f58002e0551ad4a779c6a6dd073a0d4bb4cf0e43cf11f7bf17497c731cd84cb76129f27e775f8e443f7d091 |
memory/2040-106-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a84EF.bat
| MD5 | 5a56ece02c729b9691911b27bd6c9618 |
| SHA1 | 05363dc0a7aa2fc503f72b5e1e1c06c07fc95194 |
| SHA256 | 42df7706601f5d2b059da7fa6b3f5211f0de9c3cf926d9ff30a162e2b7ec64f5 |
| SHA512 | e4706148887fc5f309c6db1d96c75587ff651128358fa16dfc10414f7eb7a413950d382491e1a0a9f791f68b26078a04129cae8d5e0ca3615252792543136968 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 5dbe38913e68b2bb0e4af11bccb686cc |
| SHA1 | 8705f93bc0b170e456c4e7eed1f27657ab6d6657 |
| SHA256 | eaa296f7df6b8458bdbcc57f8d3ff9156b2685276c9a39f57ac895f5654edb7f |
| SHA512 | 9f9d1de40a4eaf979931c3b52b6916fef689fc387d6eb7057afef79546cde41904b6b484f621fbbfe43eae62d270b840e8747e15740dc31ca337e25f9bda642e |
C:\Users\Admin\AppData\Local\Temp\$$a8685.bat
| MD5 | 8af18370f8de8fea3b7b20f3970cc4b7 |
| SHA1 | f74dfb18326c6e594a46da7918642a8fe6b7f951 |
| SHA256 | 1e1b7738297fcb43915be23b9313fba0194e79a6400879ad2ffb3f131ce8ffcf |
| SHA512 | cbc55ea5f961aa589fd1fab33b067c55b2ff8e66add15e5ee7f7c61e958c57a7796d3a6c391e085e8c605c74efad775197b0ec8edb847145279f0ab45783a942 |
memory/3920-115-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 17b5e016f76c1d3880246f6decf12190 |
| SHA1 | 3d136d09c4ed6cfb3293ffd4d0007ce1e50261ce |
| SHA256 | 17196f1d59a8887168f8432d86aaa12402279bb74f42616297dfd99a2fcfab27 |
| SHA512 | 83990405125b5c4f6d45acaf723b33441c1de92dbbc07c5a29bfee61f5a72e799d42554e929cb026115467b841c7b0b4e5b88491c5eb1223a55d26742a81f928 |
memory/1124-122-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a882B.bat
| MD5 | baae9aa6763a34b4c4bae711d14cd8a2 |
| SHA1 | bce91bcfabf644b3027c00855dee9b91b6498062 |
| SHA256 | 100de6b2342e2df963f23c3ba45db46184e0bc04a6ea5f1119442cd7f5a7ded7 |
| SHA512 | 15cc8811c5647820869371066e161608021d74fa2706662c4ab3bf7450475a1a8c4c2d5358cd9ac2100273b346607d6b06a4c6355734174d9aa8f519e2b59e4f |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 9337a4f8948cf68787a7294e6780f6e0 |
| SHA1 | 67417c67b6675c95a3113749cf97d67b71be950d |
| SHA256 | 497ba926c05ef9a7c2816b930ccec8a2a48f675fb727c8ce257673d378a55ebb |
| SHA512 | 2074398d23447a64c835f28cbd9cc2e2f770aa2d397c2e4533afc3d817c7be5c376a5266113e5d96188da0b6622e82d44fdd94b40239ae648088e98a1cc4c5bd |
memory/1916-131-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a89D1.bat
| MD5 | fadf3ae2f114e8ef4674e75fd6052382 |
| SHA1 | ee4341e52d13e378e33047c7dc501be5b2a49c3a |
| SHA256 | 2c14dfe6a763c551a736b23fa1c1b2a492b1d507dd28d7bd15ea2b7f0fe876b7 |
| SHA512 | 1d08690cbc2af045617ddb2f5375daebfd4674a7693ee4623e82eb1b376002e97c1d1c799730174337b5cdcd00608ba3ca060555c2fdfbd0bf58f93528300398 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 54cc5134acc90eea347e2157837fd533 |
| SHA1 | 37ee878656ac0e8761ecf9d2af14d9e38d2b465b |
| SHA256 | 82b31e925493980542d8500ebc4efa6f53c1c7121b98b59c68ef711b44f4e057 |
| SHA512 | c5228e11602df8cfb8882b9d2c6c34342cf415c1fc169245e24440a747da17e4207243b8a146a54f2d1916c14a6841490dc3e6a99348168b490138987557874c |
memory/1452-138-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a8B58.bat
| MD5 | d8f643aa2fc1293ac3dcc81bb16b04a5 |
| SHA1 | f6a2930dab0bf06ff5e5a1851fe670e9bf121c5c |
| SHA256 | 0a0bbaba84490bc602c103bb944186754c26fdf49b0f4f9fd1366714b8a62197 |
| SHA512 | c5c807a08c8b44387b9c938f22dd51e5e1b7bbc111812aa2d5140a4725ae2405f22a8fb7b167d588799518e4d21f458fcb14ea239d1e61ec882de3dbf9d5855e |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 699fa2ead16ee89ac41e3f8cb845d2e2 |
| SHA1 | 241ad0ccdd3c62b8688452e875d876425d6f9720 |
| SHA256 | bdb5725bc4666ed43ca0392f8f18c9991fd19f4bce5a4bb9097f0021db72ab7e |
| SHA512 | 90533eb9432342fa21ec8f50aa15c4c6cea82dbc0f549c5f05f3c44bd7d75cd92820b1509770dbded690a92c173cb40000abf9a3271329b7974d657ae162e4b8 |
memory/2440-145-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a8D0D.bat
| MD5 | 0cb04df36136273194b00e7cac9d82c0 |
| SHA1 | e028a98d1a2ea13784fb3caefc9ac9c3a9f35290 |
| SHA256 | 4720ccd2f9bef43b56d24b1b984eab329a27cbd1ee1aba2c3a3cad5459a65839 |
| SHA512 | a0a9860c8c5be55c431bc171ee51f739a1a3fac14e06744e2c356c0fa831a890fed9def39e909c95ecee8fb55f444a41430833838e780a9a315c5772f128d188 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 4e500c9a438449339818afc5ce74e354 |
| SHA1 | 741e08bd4fb02470639d41e43dde00c6917059a1 |
| SHA256 | 6635ae34d3354d39ca844b4962a284ff2f178f764f3fc8f8907c59692c996f00 |
| SHA512 | 1e977c5970dfe7bfb78ef8d027e50614d537afdb646b80ca90ff825130eda329ad5482b70ee6e35a703f6be8cc60de19b6a46a51ed7617f3637f7cbfb17c01ac |
memory/3576-264-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a8ED2.bat
| MD5 | c6522079ca5b0c1a6ef71e57862f3e0d |
| SHA1 | 6814a2baaf16cae7469d67b31fe25aae41497490 |
| SHA256 | bfe6aae10ee23acfbfec5e71842c6ec65184e2e843f3ffc31daf8c671f00f1de |
| SHA512 | d9e3ba230af0500b4a00dca228309894c4ba0af00175819441285c2cadd699631397d3c7fab40e7c4daee70632266be6a5fc9a056531137d2d7d32b91046c2aa |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 614eab10eb019be3f2a4e7cdc45b89e9 |
| SHA1 | 27b9620349f4461469998b1941925de630b94f0f |
| SHA256 | 548ba6fc2b1205acea73832c765df974befadadb2c07e3916ce362b3b1e30088 |
| SHA512 | 42b2fe83ea30b61de6b77c3e2a604ab80e127a0e8187810c6fcaafa3632b8c355237e6db53de4d66e3bbca505e75c48e2ce1a5181853204acb291eaa34e66e36 |
memory/1880-485-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a90E6.bat
| MD5 | 46f983097468e791a8be5c9c0a6f5f43 |
| SHA1 | 85e53a481c5b674a30a9f7b09738b4e2f2bd4a06 |
| SHA256 | 83f5274b583b2a566c5f574d5966eb37bfa121e2bf9fbf3769ce10e04c43b4a5 |
| SHA512 | 2d751ca17afbe94a1df80515fdc4b3aa138f52fd8042be3d3ed966875d13c7be6a4130b28162b95e768db0b70ff80638ba7d4b46aca9c2f3326d43cea14f0f16 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | a7a21fec3fd20640882c1795835dc921 |
| SHA1 | ec6cfea24e36b4cafdded1dd42c7c2f662c684b1 |
| SHA256 | 6fac6ed38c0b1315ed662043fdafd6e499fd5eb35598a38299dbdaac3022213a |
| SHA512 | ff316f67bdcd1a538ec9233ee218ac0163016161458aa4c46df5a14473228e090f9c832ce3737042b1043f78757ad51f27feba6c213b29cd145cde11e2e0f841 |
memory/1740-610-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a929B.bat
| MD5 | 51712fd1db3c7e34602ad83db59513ea |
| SHA1 | fe72a10e486d7dfae6b8076b593ffebe33a0fc59 |
| SHA256 | a96974d46c832bfe1e4e1f40218293e261c5c8caba670936f929b61968f56133 |
| SHA512 | afba4362a5738a4384649b2016bff0ed59037914d9f9f10ed3c5b5de9a83687529fa49c9ab7ef2170646cda911176845127442fa2ea772be42f09eca1af6a50b |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 9aa784538afa3768216a11552dec5f31 |
| SHA1 | c76583d7673dbb03ade2aee1ae0648055a925188 |
| SHA256 | 9e7d52450eb305fa1d3a94acc0add00d8e2b748c11decb4da26cab766747e20d |
| SHA512 | 9790694f78f22ebb068b22ef1048d591feb0f633476b7aacc3b21ebcd5e014f3b8c480bb3d46797ec51940191c7a1caa83323c08df3fe26f52b5c1b75232dd0b |
memory/4024-771-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a949F.bat
| MD5 | 86f1bb765e4674c1f07006315f21a458 |
| SHA1 | 31fc56ec4415f7121f7f09cb1ae1bd45326693fe |
| SHA256 | 7b5e1c21b3ec77876acc381f6f6a013465800e07421bdbd151be45bcf9270f53 |
| SHA512 | 77666347a030ae2ac40012259a57fd2f93f851090aa08e9308a74d18f440df8cfe00017d0c3f516bb648852e4660ec65cdc538f7c733e4d973a6b91c89b1b586 |
memory/4536-1132-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3616-1426-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2808-1712-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3052-1796-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4584-1931-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1204-1935-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3552-1936-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4036-1940-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3932-1944-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5024-2738-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2244-2920-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1628-3116-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3532-3292-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5112-3624-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3520-3803-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4500-3964-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4564-4336-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4916-4524-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2472-4680-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4964-4865-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4968-5222-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4564-5699-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2684-5703-0x0000000000400000-0x0000000000445000-memory.dmp
memory/964-5707-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4804-5711-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2212-5715-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2380-5719-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3616-5723-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1016-5727-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1788-5731-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2968-5968-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3700-6240-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5108-6244-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3616-6248-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4660-6252-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1788-6256-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3296-6260-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2924-6264-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4968-6268-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3512-6272-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2612-6276-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3676-6284-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1108-6288-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4564-6292-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1484-6297-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1372-6302-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1296-6307-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2212-6312-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3080-6317-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1832-6322-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1664-6327-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4536-6332-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3576-6549-0x0000000000400000-0x0000000000445000-memory.dmp
memory/904-6762-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3772-6910-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3844-7122-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1468-7359-0x0000000000400000-0x0000000000445000-memory.dmp
memory/720-7589-0x0000000000400000-0x0000000000445000-memory.dmp
memory/116-7728-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2968-7889-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2356-8242-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3324-8502-0x0000000000400000-0x0000000000445000-memory.dmp
memory/648-8850-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4032-9073-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4400-9302-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2588-9611-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3172-9877-0x0000000000400000-0x0000000000445000-memory.dmp
memory/764-10100-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2624-10197-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4764-10202-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4060-10207-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4348-10212-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1496-10217-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4140-10222-0x0000000000400000-0x0000000000445000-memory.dmp
memory/228-10227-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4216-10232-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2936-10237-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2720-10242-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3576-10247-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3448-10252-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4676-10257-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3288-10262-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1636-10267-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1792-10272-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4712-10277-0x0000000000400000-0x0000000000445000-memory.dmp
memory/216-10282-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1108-10287-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3940-10292-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4380-10297-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2436-10302-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2684-10307-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2032-10312-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1936-10317-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4444-10322-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4132-10327-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5108-10332-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4384-10337-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5104-10342-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4104-10347-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3232-10352-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4260-10357-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1664-10362-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3424-10367-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3284-10372-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2976-10377-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4584-10382-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2428-10387-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2148-10392-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2292-10397-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3708-10402-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3532-10407-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3280-10412-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3552-10414-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3956-10419-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2176-10424-0x0000000000400000-0x0000000000445000-memory.dmp
memory/748-10429-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3240-10434-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3328-10439-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3172-10444-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3076-10449-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4156-10454-0x0000000000400000-0x0000000000445000-memory.dmp
memory/532-10459-0x0000000000400000-0x0000000000445000-memory.dmp
memory/376-10464-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3724-10465-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3724-10470-0x0000000000400000-0x0000000000445000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2025-07-04 12:05
Reported
2025-07-04 12:08
Platform
win11-20250619-en
Max time kernel
150s
Max time network
103s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
Executes dropped EXE
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\K: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\Logo1_.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\zh-tw\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ja-jp\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\da-dk\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\da-dk\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows NT\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\root\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-il\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-fr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ESEN\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ro-ro\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\da-dk\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\uk-ua\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Trust Protection Lists\Mu\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Windows Photo Viewer\it-IT\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\hu-hu\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\cs-cz\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\PdfPreview\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\eu-es\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-gb\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\css\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\dotnet\host\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\bn\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\stream_out\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-fr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fr-ma\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ru-ru\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\tr-tr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\es-es\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ru-ru\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ru-ru\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\zh-cn\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ro-ro\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Integration\Addons\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\Skins\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\133.0.6943.60\WidevineCdm\_platform_specific\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\uz\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fi-fi\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\WidevineCdm\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Windows Defender\uk-UA\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pl-pl\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
Drops file in Windows directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7E96.bat
C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7FFD.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8184.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a83A7.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a850E.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8685.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8879.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a89F0.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8BA6.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8D4C.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8F11.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a90B7.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a922E.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a93B4.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9579.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9700.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a98A6.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9A0D.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9B84.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9D69.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9F4D.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA0D4.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA1FD.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA3A2.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA47D.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA4EB.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA548.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA587.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA5F4.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA642.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA6A0.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA6EE.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA73C.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA79A.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA7D9.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA884.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA9BD.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAD86.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAE70.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAF5A.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB054.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB13F.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB248.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB323.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB3FE.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB4F8.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB602.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB6BD.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB71B.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB7A7.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB7F6.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB853.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB8D0.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB91E.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB98C.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB9EA.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBA47.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBAB5.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBCE7.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBD35.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBDA3.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBE20.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBE7D.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBF1A.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBF68.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBFE5.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC043.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC0B0.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC10E.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC15C.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC1BA.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC227.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC294.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC2F2.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC36F.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC3CD.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC479.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC4E6.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC5C1.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC68C.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC7D4.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC8BE.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC999.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCA93.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCBAC.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCCD5.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD002.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD0EC.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD205.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD32E.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD37C.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD3DA.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD448.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD4A5.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD4F3.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD551.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD5CE.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD62C.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD6D8.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD736.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD7C2.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD83F.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD8AD.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD92A.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD997.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD9F5.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDA72.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDAC0.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDB0E.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDB7B.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDBF8.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDC66.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDCE3.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDD50.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDDBD.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDE0C.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDE89.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDEF6.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDF63.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDFC1.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE02E.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE08C.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE0FA.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE196.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE203.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE261.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE2AF.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE30D.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE37A.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE3C8.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE484.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE4E2.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE54F.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE5BC.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE62A.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE6C6.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE714.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE781.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE7D0.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE81E.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE87B.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE8D9.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE937.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE9A4.bat
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe"
Network
Files
memory/3352-0-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Windows\Logo1_.exe
| MD5 | 4f07b7c07db3deeaef154a2f2c9646b0 |
| SHA1 | 6ada698575fd2ce3b8041f85d04dad5bd846a03f |
| SHA256 | 5c6ca16525876afba9f88ae6809b550793501ed5c5a73b8a800d4029ff92c98c |
| SHA512 | 35d71140bddbe016fe55a1e9328b3d284b3c9d5ebe9225b062b994bff4c70555fdf81378a299ab70f1c4d37b60a18a5f8a411e63fe4562299863bb1378616a90 |
memory/3352-8-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1532-9-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a7E96.bat
| MD5 | 6f7679ef32a92fc8dcd4a98ec521637c |
| SHA1 | 27d0472064bb2fe25c889a525423a3421f81e9ec |
| SHA256 | 6506b2dfcd7f707cc4e7c4ecc85e23395566fd2b0917a3c010cceecb6ed4bdca |
| SHA512 | 076f706f1807bebb18d667f408ff0da64e4c075eb6b9b1763b3f98bebfa0e86788f85d1e9b1deb06f66ffc91ae866d9402e172648d8a0641f49ad098b7b04122 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 14954aa4a182ab68fc5a7cf3b2b0a0c8 |
| SHA1 | 486a72e9a30c37cf13615e50733648d2861275ca |
| SHA256 | 89052f94feab5419b6c99f995f0ad766d77f0efd6cbf1d75c44d6cead712f28c |
| SHA512 | 2f8e2c6bf5645036ccc98b49d0053d9f5f51e18a939cba88eae1f745ae8480444241d31c78bb940fdb8ada6e6c7267f9a4e3017f1164221f46e4d2d92acd4558 |
memory/3324-19-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a7FFD.bat
| MD5 | 928349d6c3dc2033806e4c935ab7b683 |
| SHA1 | c9ae53502e6fe7ebbdeb9956ecfb1c47cd4d57e2 |
| SHA256 | 2ee9f3a29ee464463d7186f748e13d45cf9a82f05d06d5211d879892be6bf543 |
| SHA512 | 7b0d5ff2af2a71bd06347cdf811b1ececc23678f24786fa02fbf0bb942ddac19409ec19f2c5b59ec646ed954dcaf370a62297c5c2745ab8650c2def1f4aaa03d |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 4e44002c76c4b355fc429fdd12201441 |
| SHA1 | 1786fac31f2677ea678bf769fac75936c60c7f86 |
| SHA256 | 87b6f408ad747c36db6b2afb0b4ce6104f06651f8163d28d4b1ba49a154570d5 |
| SHA512 | 886b8e458a3443d1f3d67eb2f61fe24c9442f293ee7c77ccc0f6b1d1b0bdf63f6e1bccf0a56f4259873ca5e4446dd4901c22eb66801f22416982bd7e7c04c926 |
C:\Users\Admin\AppData\Local\Temp\$$a8184.bat
| MD5 | 16ff679cb4486a283e8a58f213414c3d |
| SHA1 | 8969a0d5d7d2e9d96b27bd0fb0e60309829077a0 |
| SHA256 | af433379699499cca6ad15c7d25bcb34732607b5af72b0f452cd154f0e4abe78 |
| SHA512 | daa896f692199be519b8fd3e70d5f4f0d6a351942ff667a2f29b3d0d0354c531904978770dd3c60b07147768581ed539d1f8a2a73b299c33455a69f29e8f1ec9 |
memory/3552-26-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 445e08267e84451c9e36799c5083a84b |
| SHA1 | 392e664453840a49f3ce286f145f928f3123d46b |
| SHA256 | af1a9b4dc1a0603cb8d82465cda62e9e8e5776fc12dccdef442adcc8af7af8fb |
| SHA512 | d202881771c106339fd150b5e3168aa47d200bf664a6d6d3a2d9b0cb39821c94e05f7f008b5fd082e08cfb2000eb5bb376e46e4f0a55bb705e8ead22dc202963 |
memory/2016-35-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a83A7.bat
| MD5 | 1a44869389d966df6aa822913e92375c |
| SHA1 | 0d1947c91741913143d11de1314bca45c168c157 |
| SHA256 | 3aaaf5ce7f750ca8a0e3a621d6831d372c4203b3b9ecf5b4f22d00dca334afaa |
| SHA512 | af8690feb11f56d2e431df4b0224d6e841a5fc5f0f1b133005ee3f9790a0c98fe62f8a72b69bf6b3c6489274633bb468aa9ffe602899f9b28887173ac6c8f9c9 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 39b56f8480e715c1ed3941a140844b95 |
| SHA1 | 8f59b88c8e35f16d02bf5b87b0e8be8383f529fe |
| SHA256 | cefcefd4b76c6057c5e4adbfa53e2e77de8ba4fe00549ce7a5952f7eff005973 |
| SHA512 | 1139040e405cb070a7e4e6dff6429140499e196b6ab4e54f75ce7a299775b79aa67a2d356c5e4a70f2276b72fd0455ed2450b696caf24cd54c8058870e4f0481 |
C:\Users\Admin\AppData\Local\Temp\$$a850E.bat
| MD5 | 20dbf58ece2048a3802f7b84abdddc4f |
| SHA1 | 332feae4d535a3a6df1f9c45e77ad4110988d6bc |
| SHA256 | f2a7bb5535e78cdc9c37ba1a0a20e3dc19deda0c5db688a834d5cf1cd269f541 |
| SHA512 | cfc4dd2a673f2a00b52f6d6f8a6af4966d875a12011c6af85ba2bef1bb42f56c0cd46063b408cc2e4d0e22049909cc0f9167d30c955857366c91f680a41d0503 |
memory/1816-42-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 0d65d79ac2053734465a8e58cdc4642a |
| SHA1 | 35b193cdae6a6da4d5f7108c50c09cbd0b87c777 |
| SHA256 | 03c0cf3ded5f31db8c4074f7a6ccb1362470c63ce6438977c7bb95f106190d0d |
| SHA512 | 9b652de15ad9eb58afc627c68e8b8011f1d033bbadf925ac3da271e29cf2afb14319a46a11e0eb100c948efd06a53e8a632d57dc811a1994518e70aed6eb0732 |
memory/5080-50-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a8685.bat
| MD5 | 8af18370f8de8fea3b7b20f3970cc4b7 |
| SHA1 | f74dfb18326c6e594a46da7918642a8fe6b7f951 |
| SHA256 | 1e1b7738297fcb43915be23b9313fba0194e79a6400879ad2ffb3f131ce8ffcf |
| SHA512 | cbc55ea5f961aa589fd1fab33b067c55b2ff8e66add15e5ee7f7c61e958c57a7796d3a6c391e085e8c605c74efad775197b0ec8edb847145279f0ab45783a942 |
F:\$RECYCLE.BIN\S-1-5-21-3625340254-1625357543-1797847221-1000\_desktop.ini
| MD5 | 6ef23bccadc81fb82d7eeecab7166eed |
| SHA1 | 379fb55375f791483209d02402c6c359fe6afc12 |
| SHA256 | da5498ac44fd5b5f97353e6f28c673c28985ae25330f183b90a1a20b4bf4e85a |
| SHA512 | 6e10f0bfc5983272d128dfe59f9868a59098e8ae388e55a0ab9f25d85b1c979728b295f39bef985bb7ef8ff1bc9b14c5f315ead269b8cefb4aaa2e82ca0cf5b1 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 904702ee30824b6ccbc12da83158e3c6 |
| SHA1 | 6f11f225a9cbe4e4b3fb89f3881337f63ffceb20 |
| SHA256 | 8d20121f552f45e4ccbcb8e82f17702d491281556116f4733e3cb041643fb6ae |
| SHA512 | 61ec003f261381dfea494be216145b131871d64fd6b7581bd13160b80d8d4c98531697b3dfc4fdd51a755a7339a33017f41d18848d0b0b22a459de6b65a9ac75 |
memory/1432-63-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a8879.bat
| MD5 | 3eac74469208f61b48741aa0f9ea9922 |
| SHA1 | 46909d52f9c033a79f922fc853d05931dfc054ae |
| SHA256 | 804d41dfec828176aba1367c55598644cb270ba6a8deca3aae7786c4c93175bc |
| SHA512 | cb448566a8de983ac4eafa6f991b378ba3820a41a02d1ecc6ae2037a6cad63123237c87029beec6e86ee4c441f6fd3c8f0c566269cb932a9affc7699b8ad5bd4 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 250b3dda48df2d14e7bb536994822b42 |
| SHA1 | eac7926a645df867cde72f58487b361d88b15027 |
| SHA256 | 617670ea14a1bee928e35179461e621a748733ae54579f10e7fa9476746fe819 |
| SHA512 | b277bbe8447915a563e8a33e685f7942858b9e0cb43b84dfebf710f4c0c6144a04354735b110a5f7790b107ed8e0e2c991411d1192b39e375334b26634264d77 |
memory/4320-70-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a89F0.bat
| MD5 | 546fe3fe60805758143c2b7f929ab5f9 |
| SHA1 | aee6b915ac0ac38413dca53bfb61bf126703da3a |
| SHA256 | dc4588f39f2a191806419a11a079f5b5c51d79842db59becfd653cea8322bce7 |
| SHA512 | dd3001cd7719c099e7e99b4e92bcdb660d66a6c96c9f837782ee40c6ed1227d5363bf1d7cb5fbc00ade61b0e3ce7b8259a2b2ed281c10f1a2548abe442e70c45 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 485484a2f1b04169655003deb401acd4 |
| SHA1 | 011d38bc72c6a7340d83422042598fd91efcf618 |
| SHA256 | 3f45a0a5154d3d23c64942ea6890a306f3308a95fcd806074a10aeef18570af2 |
| SHA512 | a547d7c25a26af0488dabef0ce345ab85e3ec0b0a9ee21d24aaa8f82367dd5cbcd8122f514a6f0f579e3aa1dda56a25dc8f20e32b4fb6a5acc9c1de1dad6feef |
memory/988-77-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a8BA6.bat
| MD5 | f18eaf2697f98103f7775586f89dcf80 |
| SHA1 | 54e62438d698afb452bb053c39122c2bf9d812b0 |
| SHA256 | 13fe1e3fe20b3338090854478159cc62b09da39913162802bc2b900668e4f13c |
| SHA512 | f932d413eb5af08c406dc0455a04709f9dfdcb4938ac25d13e103e2d719ea147934ff01222ad110e21700173adacd2f8b0d77760b28c29b81b748b8dfb252deb |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 9de4a56d9e9e0439babb4c4e50e7e420 |
| SHA1 | 62a8cc77bbe32ae8ba9caca4c7247a74ad3c443b |
| SHA256 | 76ffa186c33c1a6887f0d53c4e9a5b1b2d7ad35ad8018492351025c9fbf23b75 |
| SHA512 | 80c6b59b031f9158ea3b3c2abc90b3c1c9f5c74a618bea3dc38741d0aea67e0036dee667ef2bbc11077d57a4cdbede35955b4829fb6aea48234fe6dc0adea062 |
memory/5572-88-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a8D4C.bat
| MD5 | 4b1026b0356e64b0d2082cc799ee8a10 |
| SHA1 | 724763fcce4bd1c36b08e0aeacd84b9ee89c9a9a |
| SHA256 | af312cb1a698e0fbe3ac44895ffe9ba8856089d32273f96aa7200641bf8cd4d7 |
| SHA512 | 4b255e0230036e1c86d1c89086252ceee4cb90adf4d367fc3662be38901bda0e8dc8328ac4ff39dcea7f1d61e8e5480f5b9f5a215e308ded7efadaf373bb1173 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 2790f79b2751ff31b42a5adbb1d735f7 |
| SHA1 | 42c89ccd61c74fabfccd7f139627f32776040a8c |
| SHA256 | b8f468666866e9d358805677b7171aa8a9c2264e9c462792f766a7a89b98bb0f |
| SHA512 | 1311f96e30fcf6dc58061459a59ab2533466cecae3d01bc6b4a01adda79e2dcfa25dd8d32ceae958e0f25318d313644d9ff5249b7c62ae42ff4552c485726588 |
memory/1532-92-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5760-96-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a8F11.bat
| MD5 | a53563855bd113666d6eae34d2f9a744 |
| SHA1 | 9936fd7713bfdd053f58bc03d3aca1b20327b8a0 |
| SHA256 | 4fb6f2dd9d2390311d1189176468bacc95bf6208d39eb4e9fd324473ff99a9e5 |
| SHA512 | 19c31abc78a82eb1f6eb0d466743aa6910cd06e7f8f51548b7b1f8e30d5b061961e63b38ad58195228a3b3a41e5d4a42fe06a0d72cfed89a59c77906ef32edb5 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 9d4488175ef3cd5dfa15483e658b8baf |
| SHA1 | e09bb89ecb5f3aabb46adfda347cc77ba0af1051 |
| SHA256 | e82dc11db5e368f864214a1c1632b8bec256a3e6e9251ade10bb2acb15f83a9c |
| SHA512 | 31fcba6ea4c062c03d0e20720ac06c24111533230f58002e0551ad4a779c6a6dd073a0d4bb4cf0e43cf11f7bf17497c731cd84cb76129f27e775f8e443f7d091 |
memory/4616-105-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a90B7.bat
| MD5 | 4c39116e7f23513b670cc14489c73320 |
| SHA1 | 5d717248f58abfee82c0e76b709ea97df942e775 |
| SHA256 | 4d9c611535e8e493fd439b89b1f1004409f3171851d8f8207f2b3e5c4597a5cb |
| SHA512 | dcb1f9635c88001dad4e290ee4884ec5ed602bfe08613398ac491c0738513166127e18a1255e609a05604de491d64fb5b2f2ba7c5239ebc1c3c6ad71983c97e2 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 5dbe38913e68b2bb0e4af11bccb686cc |
| SHA1 | 8705f93bc0b170e456c4e7eed1f27657ab6d6657 |
| SHA256 | eaa296f7df6b8458bdbcc57f8d3ff9156b2685276c9a39f57ac895f5654edb7f |
| SHA512 | 9f9d1de40a4eaf979931c3b52b6916fef689fc387d6eb7057afef79546cde41904b6b484f621fbbfe43eae62d270b840e8747e15740dc31ca337e25f9bda642e |
memory/2320-112-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a922E.bat
| MD5 | b11e696e43df535c5a6d9ad7d7e4445b |
| SHA1 | 1d78192408f67db705346cbd86d4720b8aba9e4d |
| SHA256 | 4b919ab79108e82f66765963ef3410bdac920d67229100f68a6601bbebbc264a |
| SHA512 | a1c447b854e570a9f1ef803b8bd717c872684eff7a131764f494c08c259b56fc7ad6007faab475224d0026ed4da5599cd9bdcea473e3801644cb14995714a069 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 17b5e016f76c1d3880246f6decf12190 |
| SHA1 | 3d136d09c4ed6cfb3293ffd4d0007ce1e50261ce |
| SHA256 | 17196f1d59a8887168f8432d86aaa12402279bb74f42616297dfd99a2fcfab27 |
| SHA512 | 83990405125b5c4f6d45acaf723b33441c1de92dbbc07c5a29bfee61f5a72e799d42554e929cb026115467b841c7b0b4e5b88491c5eb1223a55d26742a81f928 |
memory/5340-119-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a93B4.bat
| MD5 | c87ad8b829f00ccfd7c8a23ac55a58ec |
| SHA1 | 3b803601c784b1d12de869c03cd27520ac26cc5c |
| SHA256 | fbb7169ad15f24ca8ab67591f57530e1cd056dfd0945b193642d4d65988ecd13 |
| SHA512 | 2f871bdbba52c138cf6e4dc4975ce6ffd180c659e478836afb68dd5a9a4aca3280f4373b3ce7ab123c97801081c08fea81afa9c54f1e421d2c4fb4b24ad91c97 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 9337a4f8948cf68787a7294e6780f6e0 |
| SHA1 | 67417c67b6675c95a3113749cf97d67b71be950d |
| SHA256 | 497ba926c05ef9a7c2816b930ccec8a2a48f675fb727c8ce257673d378a55ebb |
| SHA512 | 2074398d23447a64c835f28cbd9cc2e2f770aa2d397c2e4533afc3d817c7be5c376a5266113e5d96188da0b6622e82d44fdd94b40239ae648088e98a1cc4c5bd |
C:\Users\Admin\AppData\Local\Temp\$$a9579.bat
| MD5 | 595868423b90c7239203a1b94d85d545 |
| SHA1 | 3c7bd89e23eded7c5bad8e2d459604a93b792647 |
| SHA256 | 10c03c8ac6b79b1ce53501043c1690379fce46ca7fda02adc0441af857a1ce9d |
| SHA512 | c0f109eb7fda550af21c1c7a40701395049561e1d8bc77659656b1575037f69f93b30eba3fe811c56da39b75532e5377158c66ce0cf5a46e03c82b187ea12c7b |
memory/4808-128-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 54cc5134acc90eea347e2157837fd533 |
| SHA1 | 37ee878656ac0e8761ecf9d2af14d9e38d2b465b |
| SHA256 | 82b31e925493980542d8500ebc4efa6f53c1c7121b98b59c68ef711b44f4e057 |
| SHA512 | c5228e11602df8cfb8882b9d2c6c34342cf415c1fc169245e24440a747da17e4207243b8a146a54f2d1916c14a6841490dc3e6a99348168b490138987557874c |
memory/4780-135-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a9700.bat
| MD5 | 572e63f22439e3f0b9528143889efe3c |
| SHA1 | ee49f2b0776d53b7472bf88b19a72d757b8340e8 |
| SHA256 | 991866f6911deef0b83c30061c9e130f9aa1723f8726128974d864ed26d5aec3 |
| SHA512 | 47ee7009d534bbad1f04bd4bd48d0a815f9b001ad6bf66d90abfe547382389bdfe6a5001efb70044f97ef3b2247a7c0b4c298bdbd9817439b6b482b1a10c0b20 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 699fa2ead16ee89ac41e3f8cb845d2e2 |
| SHA1 | 241ad0ccdd3c62b8688452e875d876425d6f9720 |
| SHA256 | bdb5725bc4666ed43ca0392f8f18c9991fd19f4bce5a4bb9097f0021db72ab7e |
| SHA512 | 90533eb9432342fa21ec8f50aa15c4c6cea82dbc0f549c5f05f3c44bd7d75cd92820b1509770dbded690a92c173cb40000abf9a3271329b7974d657ae162e4b8 |
memory/2052-144-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a98A6.bat
| MD5 | ea4021bd99364b814db7ffb4c02c9b8f |
| SHA1 | b41076c6cf85b0c599f087b8d0a2dcb8a709797b |
| SHA256 | b0055413730af88b2ae2599de46b7fe02970ea708e504692d478a853e0eaf1c4 |
| SHA512 | b0ac694a9d67b6f438054f0a4b357485f8522e610b3ca04339dbfb6a8d2a3f2454875cc6b12edcbf5ba5e30211b67e3ccb03a92de5a5ed8356c3dfdee13ad949 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 4e500c9a438449339818afc5ce74e354 |
| SHA1 | 741e08bd4fb02470639d41e43dde00c6917059a1 |
| SHA256 | 6635ae34d3354d39ca844b4962a284ff2f178f764f3fc8f8907c59692c996f00 |
| SHA512 | 1e977c5970dfe7bfb78ef8d027e50614d537afdb646b80ca90ff825130eda329ad5482b70ee6e35a703f6be8cc60de19b6a46a51ed7617f3637f7cbfb17c01ac |
memory/2584-151-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a9A0D.bat
| MD5 | 9ca9f015d4d51bc11cad2fd12ab68e85 |
| SHA1 | 0d887541c74290f338eaa5e503f9b5f7199e22ce |
| SHA256 | 88cd8edb4d33499146063b4f1c6f2b02da972fb928dc10634855ba5e4ffcc776 |
| SHA512 | 18003299fbda885fa609e293bc2ea4e6bdf9f9bbba914fdaa65dd174c6cb605c792cd2996a8efc1bf7d3121c1a97c8a2dd16d60cfc0ce7e81a81d4b1fcab8ed8 |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 614eab10eb019be3f2a4e7cdc45b89e9 |
| SHA1 | 27b9620349f4461469998b1941925de630b94f0f |
| SHA256 | 548ba6fc2b1205acea73832c765df974befadadb2c07e3916ce362b3b1e30088 |
| SHA512 | 42b2fe83ea30b61de6b77c3e2a604ab80e127a0e8187810c6fcaafa3632b8c355237e6db53de4d66e3bbca505e75c48e2ce1a5181853204acb291eaa34e66e36 |
memory/3844-158-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a9B84.bat
| MD5 | d249af64d81fea8a9ee1dc336146e16a |
| SHA1 | 36c1edd68e42e4cc8793ac25f46b3c7b77a4999d |
| SHA256 | 66adc92d7a23ce1537a823e96bc1182d6111f7d1772b4c10580154905795244f |
| SHA512 | efea4294d1893fc52013e6e646ae1641a759f9b72865bf089cbf5775635c0bdf099ba5bf0f4f6098d199ff54b4e5bdfaee782d1a8ba7725c25b103e9c6a4101e |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | a7a21fec3fd20640882c1795835dc921 |
| SHA1 | ec6cfea24e36b4cafdded1dd42c7c2f662c684b1 |
| SHA256 | 6fac6ed38c0b1315ed662043fdafd6e499fd5eb35598a38299dbdaac3022213a |
| SHA512 | ff316f67bdcd1a538ec9233ee218ac0163016161458aa4c46df5a14473228e090f9c832ce3737042b1043f78757ad51f27feba6c213b29cd145cde11e2e0f841 |
memory/4976-473-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a9D69.bat
| MD5 | 6df61fc986f5484da479bcfa48729a2e |
| SHA1 | f8cc9a5de2c44d9b662519e343e61fc4e689b9cb |
| SHA256 | 984df7938aa48d80cb5df14194fca70c87648509e45535b9ca624e387b31364a |
| SHA512 | 0076738b00103d0f9acd0a5bbc3a19a6d0a25260d00ff848ba2e52cb9aad6e9032fd9ea97fb4378781000f2d226308708eaedf643162e5a648318fcb1f95fcef |
C:\Users\Admin\AppData\Local\Temp\2025-07-04_da05404cb8d5af4f7ecc3366ed7f8b9d_amadey_elex_smoke-loader_stop.exe.exe
| MD5 | 9aa784538afa3768216a11552dec5f31 |
| SHA1 | c76583d7673dbb03ade2aee1ae0648055a925188 |
| SHA256 | 9e7d52450eb305fa1d3a94acc0add00d8e2b748c11decb4da26cab766747e20d |
| SHA512 | 9790694f78f22ebb068b22ef1048d591feb0f633476b7aacc3b21ebcd5e014f3b8c480bb3d46797ec51940191c7a1caa83323c08df3fe26f52b5c1b75232dd0b |
memory/5464-625-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a9F4D.bat
| MD5 | f6c9ce8523af11a511e3c2cf30308209 |
| SHA1 | 5fa7c4ba3a1a59880b49e136e3852884d8037b7e |
| SHA256 | 6aa479bfea1ce2b044ca766d3abe190d586dd2f45cd9da67c94242fd121440f7 |
| SHA512 | afcc83033a33c95287b45f59c5f5302b5311784e7ed61138cac624a5636ffe705e3925acb7a99e3a12961d687dd9b347dda4affa97adedf51159d793f331855c |
memory/800-834-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4360-1212-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2308-1750-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4292-1908-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4392-1912-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4080-1916-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1172-1920-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1532-1921-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5004-1925-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3644-1929-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5404-1933-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2976-1937-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2888-1941-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4848-1945-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5048-1949-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1040-2083-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5688-2596-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5328-2893-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4736-3197-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3380-3463-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6004-3805-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5264-4047-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5248-4408-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1304-4633-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1392-4953-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3092-5221-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5452-5478-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3548-5692-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5024-5696-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2204-5700-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1468-5704-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4284-5708-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3728-5712-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2332-5716-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2660-5720-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1816-5724-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4408-5728-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5296-5810-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5144-6225-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5088-6229-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2828-6233-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2340-6237-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1568-6241-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6092-6245-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3376-6250-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2332-6255-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4292-6260-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2020-6265-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5936-6274-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4784-6279-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1180-6284-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4872-6289-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5532-6294-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4816-6299-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3372-6304-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2656-6309-0x0000000000400000-0x0000000000445000-memory.dmp
memory/968-6314-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5336-6411-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3812-6676-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2616-6935-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2828-7496-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1536-7781-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4696-8002-0x0000000000400000-0x0000000000445000-memory.dmp
memory/344-8324-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6064-8679-0x0000000000400000-0x0000000000445000-memory.dmp
memory/244-9096-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3844-9574-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1604-9864-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3188-10318-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4364-10666-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5716-10671-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5944-10676-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5376-10681-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5888-10686-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1112-10691-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4424-10696-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2340-10701-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1120-10706-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3868-10711-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3376-10716-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4404-10721-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6068-10726-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4648-10731-0x0000000000400000-0x0000000000445000-memory.dmp
memory/980-10736-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5408-10741-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1296-10746-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2240-10751-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2860-10756-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1708-10761-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3744-10766-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1780-10771-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5780-10776-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5660-10781-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1180-10786-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3012-10791-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1200-10796-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4824-10801-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5384-10806-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3500-10811-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3000-10816-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5612-10821-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5448-10826-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1408-10831-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3352-10836-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6100-10841-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3484-10846-0x0000000000400000-0x0000000000445000-memory.dmp
memory/768-10851-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3764-10856-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5704-10861-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5888-10866-0x0000000000400000-0x0000000000445000-memory.dmp
memory/228-10871-0x0000000000400000-0x0000000000445000-memory.dmp
memory/568-10876-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5964-10881-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3444-10886-0x0000000000400000-0x0000000000445000-memory.dmp
memory/8-10891-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4396-10896-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5088-10901-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2424-10906-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2064-10911-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5016-10916-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5296-10921-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3096-10926-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5404-10931-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3208-10932-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3208-10937-0x0000000000400000-0x0000000000445000-memory.dmp