Malware Analysis Report

2025-08-10 20:05

Sample ID 250704-pd9lwasry4
Target 2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop
SHA256 4085f4b81411c793a9b8790fc3b56d80d4b8a695e4f7f590dc267ebb10e5c80a
Tags
discovery spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4085f4b81411c793a9b8790fc3b56d80d4b8a695e4f7f590dc267ebb10e5c80a

Threat Level: Shows suspicious behavior

The file 2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer

Drops startup file

Executes dropped EXE

Reads user/profile data of web browsers

Enumerates connected drives

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Runs net.exe

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-04 12:13

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-04 12:13

Reported

2025-07-04 12:16

Platform

win10v2004-20250619-en

Max time kernel

149s

Max time network

140s

Command Line

C:\Windows\Explorer.EXE

Signatures

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini C:\Windows\Logo1_.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A

Reads user/profile data of web browsers

spyware stealer

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\U: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\P: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\M: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\K: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\I: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\X: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\T: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\S: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Q: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\O: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\J: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\H: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\V: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\N: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\L: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\E: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Z: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\R: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\G: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Y: C:\Windows\Logo1_.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Office\root\Office16\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\eu-es\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sk-sk\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\nl-nl\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\tr-tr\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\as_IN\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\id\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\da-dk\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sk-sk\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\hu-hu\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\pl-pl\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\management\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sv-se\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\tr-tr\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\da-dk\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\identity_proxy\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\AdSelectionAttestationsPreloaded\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\BHO\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kab\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\it-it\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\pt-br\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Shared Gadgets\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\sk-sk\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_disable\Install\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\gd\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\en-US\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENES\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\zh-cn\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nl\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sl-sl\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Extensions\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\security\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\1033\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\zh-cn\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ko-kr\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\server\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\uk\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\sv-se\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\1033\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsPowerShell\Configuration\Schema\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Validator\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\uk-ua\_desktop.ini C:\Windows\Logo1_.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File opened for modification C:\Windows\rundl132.exe C:\Windows\Logo1_.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Dll.dll C:\Windows\Logo1_.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\rundl132.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2684 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 2684 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 2684 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 2684 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\Logo1_.exe
PID 2684 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\Logo1_.exe
PID 2684 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\Logo1_.exe
PID 3604 wrote to memory of 2276 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 3604 wrote to memory of 2276 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 3604 wrote to memory of 2276 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 2276 wrote to memory of 2124 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2276 wrote to memory of 2124 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2276 wrote to memory of 2124 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 3376 wrote to memory of 4988 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 3376 wrote to memory of 4988 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 3376 wrote to memory of 4988 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 4988 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4988 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4988 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 444 wrote to memory of 1032 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 444 wrote to memory of 1032 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 444 wrote to memory of 1032 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 1032 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 1032 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 1032 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 2680 wrote to memory of 1876 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 2680 wrote to memory of 1876 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 2680 wrote to memory of 1876 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 1876 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 1876 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 1876 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 2700 wrote to memory of 5048 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 2700 wrote to memory of 5048 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 2700 wrote to memory of 5048 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 5048 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 5048 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 5048 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4584 wrote to memory of 1476 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 4584 wrote to memory of 1476 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 4584 wrote to memory of 1476 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 1476 wrote to memory of 4196 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 1476 wrote to memory of 4196 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 1476 wrote to memory of 4196 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 3604 wrote to memory of 3416 N/A C:\Windows\Logo1_.exe C:\Windows\Explorer.EXE
PID 3604 wrote to memory of 3416 N/A C:\Windows\Logo1_.exe C:\Windows\Explorer.EXE
PID 4196 wrote to memory of 4592 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 4196 wrote to memory of 4592 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 4196 wrote to memory of 4592 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 4592 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4592 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4592 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 3984 wrote to memory of 3128 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 3984 wrote to memory of 3128 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 3984 wrote to memory of 3128 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 3128 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 3128 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 3128 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 2852 wrote to memory of 2144 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 2852 wrote to memory of 2144 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 2852 wrote to memory of 2144 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 2144 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 2144 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 2144 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 3640 wrote to memory of 1480 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 3640 wrote to memory of 1480 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a64A5.bat

C:\Windows\Logo1_.exe

C:\Windows\Logo1_.exe

C:\Windows\SysWOW64\net.exe

net stop "Kingsoft AntiVirus Service"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a667A.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a67F1.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a69C6.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6AA1.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6BAA.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6CB4.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6DFC.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6F06.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6FA2.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a707D.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a71D4.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a734B.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a73C8.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7484.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a756E.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a76B6.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a77D0.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a78D9.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a79A4.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7AAE.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7B5A.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7BE7.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7C54.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7CF0.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7D6D.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7DCB.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7E48.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7EB5.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7F03.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7F61.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7FDE.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a801D.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a807A.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a80D8.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8136.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a81E2.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a829D.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8378.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8443.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a853D.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8618.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8712.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a87BE.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a882B.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8899.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a88F6.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8954.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a89A2.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8A00.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8A4E.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8ABB.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8B0A.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8B67.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8BC5.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8C81.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9088.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9143.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a920E.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a92BA.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp

Files

memory/2684-0-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3604-8-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2684-11-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Windows\Logo1_.exe

MD5 4f07b7c07db3deeaef154a2f2c9646b0
SHA1 6ada698575fd2ce3b8041f85d04dad5bd846a03f
SHA256 5c6ca16525876afba9f88ae6809b550793501ed5c5a73b8a800d4029ff92c98c
SHA512 35d71140bddbe016fe55a1e9328b3d284b3c9d5ebe9225b062b994bff4c70555fdf81378a299ab70f1c4d37b60a18a5f8a411e63fe4562299863bb1378616a90

C:\Users\Admin\AppData\Local\Temp\$$a64A5.bat

MD5 ec99b0a1b7673db5d1965a6a05906ed1
SHA1 04d01a09b0e19893f640bcbc8f3e1e3cbb76ba2a
SHA256 7c6b4a283186d5d19e4d7e0b81acbae01834471fa41f5e232628675c11a2c08d
SHA512 b3b0a3c72a460e54b36cb94216ec6a11a72a6c17fc63c7e95aa2f7c010f93c513cd520c492df45b257a45fcb432d876c750b1de43cef6b4816bf06b4d271fc6d

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 266b353a77eb4c93ec246992a813afea
SHA1 1e13c4eb9a3729c3edbfa57dff399a3d07983e9f
SHA256 945e8240bd45d28cc9a933012b84cc394bb77ed26b07ea6f38477f1a6c99052d
SHA512 7893bdf8a68c2bc872cff5a95c3aeb1ea337dcff60b02fa88f0dfe3cabf69a421124e2a710c152eeedf53405e5d18e730be30b7c80780ae65dbdf35b6a0e0978

memory/4988-20-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a667A.bat

MD5 4084ddcc20aab3b55cf62ae6fc3fecc9
SHA1 900549795d60b7abb4dc446fac190808bbf8646a
SHA256 19b3e69acf550bbb7118fc5aefe069fda02921cb8fa271a65f89b91a2f09c188
SHA512 77edd4214d841270052693b7578649f087d28a56c8b935038efc8cb186018337c07bd4c9d772d1cdee71ba024aab4a3cbf26c808d5c13e0ef0e5b0f3a782e483

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 c7f123848ba4c433ffed711d09d9a84c
SHA1 abcfadc14301554ec3e7be8dfc4513cc0994f590
SHA256 92cabd1a9db819e7d57d59a5f23f6437c61b982443de3c3781010961b79091ac
SHA512 7851dd4a461e24b8d47c7e116c2795a8f3915ee9a1a58d7a8c9c6b8bcacccf5dd24e09389b11df22f24d991d7011282fdd63a0167e3b0e6792f6012138eb708c

memory/1032-27-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a67F1.bat

MD5 0e2aa693639b8fc31684698d56744d92
SHA1 af8b5c17f33d546ff1dc42bc5d70ec53c617d7af
SHA256 d52924cf35eb0fb880e8938ae686db24734ff0b75caaf75a24bfeb3d7df8a27d
SHA512 2465d18fd61609a59152fd269632fb5f748996298e45f1c0e6c6ea6b50719ad2e0348ed364957bf09eb13b5f1a48ad7bbc8c27f84d2cc3a3b45f46a541677259

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 b429c2b368de54aef2015862f0cc18e2
SHA1 f1da548a03916b44311cb0e6d9c92fd05d45f5d9
SHA256 5589ac9fffb48edaa6de1b3381bff554075e83d5da8009b017f9261a5de8e33f
SHA512 9027ca9ed194c79500172c93f4ac3f9de2390aefe5b88aa5f02011dc49b166ff3760d01efccc742ea91a1bff97485255e7e92c377114468a49d3ea1b524b20ff

memory/1876-36-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a69C6.bat

MD5 a5e51307c3e9c1bb2b9b21de9e98c523
SHA1 8e6a0d50fc0101a4320cd6a6ab7285f86e815233
SHA256 1a80cc8a4955ff5008ba1cc8a36fce33c084567ea76549c87702d4e003fb504f
SHA512 f579a319493b0605e04ceac33e7721a0871d582d774ac690efe771f9668e7814788190697807ab5d7b8f297043b4a1fe7a282dbf2972c84c97f916c9c0c8b36f

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 372e8975966a02985165b96f51290ab1
SHA1 f7d64e2fe396ef19a537c66b863d26725938d7ef
SHA256 ded7b0ec4ef932d17a88eda9cb924fc2c2bb48d95fa654b333b6c0044f21ddb1
SHA512 6e499b6a47909d2ebc111d8f317a4b865ebca530d37b2e512ab006a1fc034573fcbf168731b23a062595cb6c23bef05122082ecd2a7563799399c2ac01eda7af

memory/5048-43-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a6AA1.bat

MD5 33b4ef2ff969a9a51551bec427528a53
SHA1 0838ebd388e9c8fa76324aa8a9d4eeb8d60472d0
SHA256 0506c7f4fe95de573544d5e8b5553f3b3cf3b7f26b1c12d8108272642ad11c76
SHA512 b51680f6720566e1c2a0e0c8a0b6148d749d4a9af048fd241469cf8097eae8433c31ddf2bb39ae4ea3cf457222f1391218459f0cf861e1244b669f3ff8543083

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 19a110c6ec8e337a5328e0d18e50d0fc
SHA1 fc76008a6ba215d0b710b5868a56dd2cad556df8
SHA256 04b23c057d97ee46f3ac5ce1bd170761e1bfc28982036db7c6220930dd1cdc4e
SHA512 a7ec622c7c870fc96160c9fd8fcc9d429db18246af0b3394964d669a8d591338fee04922686ca59115a0b076e3da48fa4d88d7f489048607e2a8a5111d7dd307

memory/1476-51-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a6BAA.bat

MD5 3dc56768caa88fef606170c6598ce81d
SHA1 4a68bf5c06136300ec88c6b467daba9b28eb8578
SHA256 7226f09a51518a0a4df71048a7b516164b2c2d6191c7616708f0036f0cb9f468
SHA512 440b7ba6242033340d6e73fa8fbb3a49c0d0ea282508336f77555b8b1ed25a5c513688ed5a16add89c94038f0424dbaf6b510eaceb5cf078af1cbb32b5358f4a

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 2547e7bbe30bb3543dde3176bf8b19a1
SHA1 7608ecd9326b4373381646cf20d51334388e41da
SHA256 3f3e63c3f2b9137f4098e9e5cc311b43834e1223912bb65ff5495b56d140465d
SHA512 650282cfb55213c8c3f7b63174ee317c43f70166c6535fdd1ec06ac527d2f4ef9b9a7c88cc4f7a4fa913ebe39c329a86ebc01f92e960c18f06aa766798dbcebd

memory/4592-58-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a6CB4.bat

MD5 6875bf2ab37be6eecdc483c70abee0d3
SHA1 1560c0d4bc83aa175ed1fe2d690586e330588e0b
SHA256 ca37eee1d0582684aba4c0442c18c7ea33a730c9e448ec109328d451306b839d
SHA512 de0d47c4ef95568faeb2b63854036694984018b259e38afe408213aed51044c613dc73a30f46fa965fdc09c70a4043208076f2207d0bdf999ac421d0daead8a4

F:\$RECYCLE.BIN\S-1-5-21-4097847965-469305640-2969917343-1000\_desktop.ini

MD5 6ef23bccadc81fb82d7eeecab7166eed
SHA1 379fb55375f791483209d02402c6c359fe6afc12
SHA256 da5498ac44fd5b5f97353e6f28c673c28985ae25330f183b90a1a20b4bf4e85a
SHA512 6e10f0bfc5983272d128dfe59f9868a59098e8ae388e55a0ab9f25d85b1c979728b295f39bef985bb7ef8ff1bc9b14c5f315ead269b8cefb4aaa2e82ca0cf5b1

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 ca1eef78df829a9a6a6b676652bee86a
SHA1 260e798ab5f5365c70d601cba16cf43485433d15
SHA256 33ed29a94afa1d569b04e29d326a7e3979b9a27bd7a8356bf863a661bdbeb3c4
SHA512 f75e92c41b06f207d609516b4741804885f4df79757ec4fa21e0cee9510c7ab9fbed48291765655190155893598294f461105ea30b151d0f6e663a1fe16df7f9

memory/3128-71-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a6DFC.bat

MD5 623cbb7f15697272c7df20a1ffb54b3b
SHA1 6879557a322dd854ec28e0b8eb0eeae34359ea2d
SHA256 6b3bd8bd33bebedf417f8ea937358e6d0e9ca41809ffac4588a98287f98d480f
SHA512 682149c37dd359d287eab5f5f13f911bc766cd1b31ffcc705de10322493735e9886115a43ce25f43626eafcc764f7c4635fc8214490797be8d86b9ffa4a9a654

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 7938572cb00a29f5d274feeac93b4587
SHA1 fbe6449dbcde47c32c087bf554747cf2bd1901e3
SHA256 33a99f439b01b893b57cebc91385e0fe3dd817904cd691b21f4b901b91385d59
SHA512 2e5f9ac2bfdf1d6f3f74ae5513ff8180c637641119a5075cac31840301c4c5675f9ec6763d9cadf722676bf2f91e34ce75d728bd71fa1aa340ecd42cc61c5489

memory/2144-78-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a6F06.bat

MD5 3d3d9a64fd1ee6fc45817959e3017d35
SHA1 a474ba28f9b3c1f6feb63ec2b2979110a144e4ac
SHA256 a77f48752d56ebb1e6cb9d44d21126e6488a823fc1aef83b53c276c41458fa70
SHA512 690e8ab2ac162f7308e2138cae4e6ccb221f9c963823b1f265df8d62c5d46cba43acb3191948e9bbbf78baddc4062f54ee0bdcb695467f612849882e80781253

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 b370bf7b5f408728135027702741575f
SHA1 7d9d0988351850e9254dbb0e413540a602a29f73
SHA256 5f4ad444f640b440f8dbd93d7b7bdcde6f49eb0d934713639ae1960882b35b10
SHA512 6f9c83b8b31b4747d934daa6920acf2ff261b045bef62cdc92fcc2bbe4a60e6ca47d85e96a36a35fbaea63ab7dfcfdeb85af81b1988e306563ec5989f349a5cd

memory/1480-85-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a6FA2.bat

MD5 e575d6d4deafd3900aaa45c546a59b6c
SHA1 6d780e6264c49f7bc21da5be05bb9f33b2169e81
SHA256 80ec038069274a970a5a2cd1788dbf425e40db817827f44266879a825fff5028
SHA512 69dc1fc775234f714585f16367e232f32bbfea7f6cdb23d723aa67553e1ca71f44a52c80b37f5db0f4fba8e3934bb96db48a919390ad6ec4068345591d377f0d

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 303a355f22509e59a213419f95e6be89
SHA1 8c4afa4b8b0b2540ccfc7a05cf90c8acd9403902
SHA256 df0440dc62f4f9ffb87b29a773b34faa7cca111b64000485347fc5461249bcc8
SHA512 122f1d387c551c405bb8d6b416be8c3ae15239c4180abbfa9edf012bb0061b90fd3bac8a2fd09f1c9ee05a2694cacb5a616bc9a44d9b007a348d3c2999f7e1e6

memory/3604-89-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2580-93-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a707D.bat

MD5 ef3904e0aa09d7249a550ff70b134e09
SHA1 fa1502663140474d4fc24c23b0ee8d355ca32249
SHA256 66d06d60be923d074202ceeb5ddda7b2103e59d086cc0054d41625182a4e4abc
SHA512 57dc6ad98815007a7583b146e44209582ce9b3ba93ddaaca68fdc7de6131d47eaecd4f7a405d10c533d4fbcc9b8b8cb0e15a55188b096d73f772f27297721170

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 a0fde2f1eef57cfd1fb57a8dd0dbc2aa
SHA1 7ad54bea32cbaf5c9161b3c98001a4cf6cf6b2dd
SHA256 07175b86daccf8d25d71eed1ed175db22244f0a65721ffc972bff96bdd6753b2
SHA512 87599ad66df95f7f212607b8a95cb580acd8633d70aa3495b584dce1efc12bcfc693886734a71412e47285e14aff491b751371be87ef78371e3ae6a9fbcad8a2

C:\Users\Admin\AppData\Local\Temp\$$a71D4.bat

MD5 5cfc8f20170c7ae42d87240b6deb8122
SHA1 ea311d1b8ff67ceb9e01f740a536d6c40c7130fe
SHA256 b6dcfd9c1f18c886a61ac55e2d91788d6a3056c0995367a616103342395d98db
SHA512 016774d9c2e465695da176f0ac05aec62f1ec14685e5f9e3f27496a4d2d96bdb1425dff64856cbfd9e373677931e7a3bc87da5cb544294a36f9606a8e33850a7

memory/1592-104-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 ff9aa2eabd6af37cb4592feeca60e7d9
SHA1 55c9cb88a56cbf9fcac39158d1e2226f232a7b2c
SHA256 427e7a9831fd837e8ae648040e1999531fe93673182c77cf2ac8a0677c6262e7
SHA512 6bbe75f25da9f238ef8abeb1f5ebdf84fceb9b0138f0b46b313d4f2f404bb0e6564d5a157bb8a6895ec04170204df0631a554984f35c5ddd283086d064c82db5

memory/1412-111-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a734B.bat

MD5 69f4a48e2f88758a73662938213a98fa
SHA1 8d610557dd54784d42863ace4704e748c18706e0
SHA256 47a7839ca9bcab3f42ffa8caaf7629cc6a8ce4c2b2087d6bcff84026bdc13d5b
SHA512 778552dafb564d3322816251b77c9a53d89d3ee3b49617b68bdea574066eade698b445b1b55ca758da1b695c46101c69f42f7039546c74635f9f740054493bbd

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 b2cc03fec835158f089ea779a0a744aa
SHA1 70321aa424e53eb6cedde9dc69a6b7cffdbb24cf
SHA256 340937edc76e4a378505768ef09a0f17874aa913c74b931f6b1f767da2842eb8
SHA512 60f1214ef1c91ab2ab1f6d6104eba4fd765126075c7f435a7bda6314ab60d049f6e017805fd62bcd96f9fd2b5577c679ad0aee8a38949e11e256cb74b25aa223

memory/1936-118-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a73C8.bat

MD5 42ed8af7889fdcc03b89159d86a1f50a
SHA1 1e2a5154a7ab27da5297448c1e7943da1b5fd597
SHA256 ba8a0e4d2d3e7739dedb08a2fdfe7939c29154c8b65c8d5d6820f3a84cb7f0f1
SHA512 2b5d54406da1464ba57b31665f1672999f49bc87e9487c5a32e42317ffb632914bc7b07dbb713215a8c813f7bdbb6bc9de584325cc542486d6955244252e4177

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 1d71b86aa1f8d32070d5ed79377108bc
SHA1 f0a2772ec0469409d56b1a42ed8ba7c827ef2c49
SHA256 1a9dea78ef3a52f777dabc2d41a32cd3e48a0ea54f9153fa55df2ac7eed4138d
SHA512 cd26f2a3e48b0ac22ea523c253e9668a6a96c094c64af64de0760c66a4953ada4fa62a1882d886da0d3e7540fc26d771821bd85120e17f6bf53577d1ae8a0c65

memory/1956-125-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a7484.bat

MD5 58749395a7a6f7188245ea2b36f41ccc
SHA1 829f7dca477103984519eed2cdd10a9d1462280e
SHA256 1b5c2aef17d067fbe17d8ccd2eb31de22ec95527f541a073ce2cebe38f8a8a2d
SHA512 b01198e0bc69a96311e57f1216d977530bd3dbae752064ba16c10c154fc762d34c2e2beb9ea0f42df5ad337af2016df703c1b7628264ccd16c6902edabdc3c1d

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 bd4088548ede174ddd0ce92fc6975d77
SHA1 e27a2fb5589b99678482f2cc10481a8c36a016a7
SHA256 ba2be1ce13e4047ce9e275b7b57f44b819230b91cc4f9c97fc814d49a06b6a96
SHA512 a88804984e92db658c393684f56b79206b3686d93ab408d49ec0af6b2fd07ad30df4753f86dc91f9e73418a4929397e89392d63635fe56938c4280f7ba70e438

memory/2816-134-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a756E.bat

MD5 40bafb0620d0bbf6b65dd2819c6ea56c
SHA1 05878376174e6b8ed984a69c3f0626dd24a7937f
SHA256 bb944b6aea9ca3f52d8a085f125ac8c7000d23468b9d004834320a94d6e12fc2
SHA512 32945262c1f544ba65a2bb6f98cceb1f757f84cf45018bec94af5f006cb07d1bfb76a4e8f66703216f83b1283cda61a11b7bd543cb124ea62c62806be4eae05f

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 d2ad3ee5a299b23c491dec7c4d12436d
SHA1 4b1b3500978b6306e6e34cb53a90da7d7bb13a57
SHA256 95895ddfa7e15e87281def40ad11e103a173a18731b18e69a462098437792596
SHA512 02b666a31882b040b31b6e89c1b9defa9c51f91ac29883b39fe78fee8f86ca388897bb3a29e94e15d8f28e232d8693f220faa05b672b1fcb5f5471d26e6cc036

memory/4856-141-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a76B6.bat

MD5 4e990ba4022eb169f6af3c9a06016b83
SHA1 b9b2bbc349bdf04766bf0d4ca739b9eeee6e1baa
SHA256 5eb503aa11049675044f2b80e5962e6b6450d1e7e89299aa90f3813d637b4fa8
SHA512 ba16a3c2d9f7dc17d12c875178434364a99909e79ab312d203f7e0357ee70590e08f0ffec8d7b9ba60538fc3b4e27ee37cbc93aba325d2a799513653073adbeb

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 e753b2cb430b4d9557b1c3c4ebc1699a
SHA1 0c4fc16e70440cffffe58b699239e7ad842ff9d4
SHA256 4b3adf8fd153b1648224bf7264ed73e9c3ce4ea7a3a7b43622be4a70f5d2ddaf
SHA512 4895ad7fb02dab75d99efc3a16f5edfbf214581afac48df07ac61c509b5b0033ee0a73369813e99d05853a0075d61efd001733fc9cf76dfdb99dca56d35b3ded

memory/1888-148-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a77D0.bat

MD5 b5209029a1fae0dae7d346efb7df4b6d
SHA1 72c31da0b7339541257f9ed11309d40f4d6eb44c
SHA256 87d58feef5b670b80ef8dc8ef26a72ee099e1ce775918e29eda2b895e5d3dc58
SHA512 8b4ed139daa7ae7a5900dcc2edc3d067a3ed93795f313f70d81abdf34d8dd1950f83699bf97995e4bf79937947a33e216a61590554650cca1bbf1534fb9d49e2

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 135ebbe9337d2af180436d5ad036019a
SHA1 165c97df3f426040c0ca68d7091a6cd5b421c1ff
SHA256 17554e49a8cb2ddb0658896fca59179a40086668e7e187209656daaaafdcd667
SHA512 f93564a5bdec18f8b308ffc75dd1406f459429d64b4a48bd6c35914b8d7fe8d861e049b2af6e928fbbe612985a7999a3c73452d7289081ad253d37f02cfffeb5

C:\Users\Admin\AppData\Local\Temp\$$a78D9.bat

MD5 af0600674ad4041cfd11c56c303b2bd7
SHA1 2fa5c95c034ec76ed20c4f8ce7a137367b39e223
SHA256 834c667e25b23ca165d9f4a5a5d6ff503ba15938695c4ae12f6b417c67f492a3
SHA512 c47810562b2a65ea8164deff9f269c2ff7bfd62c7b174c9cfdb4c1e745511a22b8b77986ba743fd930d6991a94135af5b001806a55193b214c249ced1839717b

memory/4820-155-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 df0341888d55a56f098914a9b4be90fd
SHA1 52dc9af602deb7410f93ddb1646afebe7b4ef410
SHA256 e0ee940392df93819b08cf07ef66c1ace6d9810b14b21beab8c99b83549b696f
SHA512 84b56fa4e13c6526f5ef11cf3da5f5d32e098e39457f3c7f663dc70c4d35c4a1ffc9cc30dc40f280e74119c023c67fd8b4d942d2c47390bff3da278ff6416ef3

memory/4372-164-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a79A4.bat

MD5 fe8d319abb41a39aed7197b16fb941b7
SHA1 fdf3b314f436ee52c15144b1ca32bd80449df060
SHA256 462b053ad8e72e065ba4da93b19f3ae0af9b118dcb845463293b8f83bf48a89c
SHA512 27a27a35410bd643a156253cbda2ce4289896f3660cbd355f34ec887b8a14b9eed07d27a3fbf03da439b6edbcc091998b6b584607558132113afe0eb9065ac74

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 7461964b86d8d9ceb81ea27bbd1cead9
SHA1 1fe3400e26d424b93c055e75ef46952dac20ceca
SHA256 691c5bfa0bc220695339b8e06e208e4f3d1a625a89cbb2a7f9d15155feacf23c
SHA512 276da7c1112185df9ec77133e1cb4d87d0b1f4a83f2af8fd43f1e933fe5d481e8462279e97f28ca34d76bb87263ae693944f260cf687251137ed87369c85f288

memory/4940-171-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a7AAE.bat

MD5 012c2d66660064976e3d612cfef536b6
SHA1 c6c57eeeb13513a0b5fd94e633ecd9a29a8a7b36
SHA256 8eefeee3338ed64ace0ec4442fb71016cd7a37094777a11e3e85c15adf36a6ce
SHA512 87e3772001e13298bf4df23da578201000f196aa3b0af278befea09649a2c2fc83b5308aa6b8b8f723fae99a8ce5cc20ddc8c9a40195b24af39ea6e7d0bd11ab

memory/3812-176-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2256-180-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3872-184-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3576-188-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1396-194-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4296-198-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1936-202-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3192-206-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2828-210-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5004-214-0x0000000000400000-0x0000000000445000-memory.dmp

memory/212-218-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4964-222-0x0000000000400000-0x0000000000445000-memory.dmp

memory/692-226-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3108-230-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4220-234-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1268-328-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3504-483-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4168-654-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3036-892-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5000-1220-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4640-1528-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3888-1812-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1432-1998-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3148-2010-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3968-2014-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4164-2018-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2260-2022-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3364-2026-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1392-2030-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4324-2034-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1396-2038-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2232-2042-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2228-2046-0x0000000000400000-0x0000000000445000-memory.dmp

memory/460-2050-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3604-2177-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4152-2339-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4864-3255-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1828-3463-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3032-3663-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3228-3748-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3228-3790-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3604-10086-0x0000000000400000-0x0000000000445000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-07-04 12:13

Reported

2025-07-04 12:16

Platform

win11-20250619-en

Max time kernel

149s

Max time network

104s

Command Line

C:\Windows\Explorer.EXE

Signatures

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini C:\Windows\Logo1_.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A

Reads user/profile data of web browsers

spyware stealer

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\X: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\V: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\R: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\O: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\K: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\I: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\E: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\W: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\U: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\T: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Q: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\L: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\G: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Z: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Y: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\S: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\N: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\H: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\P: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\M: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\J: C:\Windows\Logo1_.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\hr\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\Locales\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fi-fi\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ar-ae\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\css\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pa\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\de-DE\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\sl-si\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\de-DE\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nb-no\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\css\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\es-es\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ca-es\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-ma\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\root\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Google\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\1033\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\es_MX\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\en-gb\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\tr-tr\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\EBWebView\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_proxy\win11\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\ja\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ja-JP\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft.NET\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ro-ro\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fi-fi\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sl-si\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\pl-pl\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\server\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\ja-JP\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\pt-br\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\sl-sl\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ja-jp\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\pt-br\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\hu-hu\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\eu-es\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Trust Protection Lists\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\mn\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\es-es\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\es-es\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\hr-hr\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\MEIPreload\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sv-se\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\hu-hu\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\cs-cz\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\AdSelectionAttestationsPreloaded\_desktop.ini C:\Windows\Logo1_.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File opened for modification C:\Windows\rundl132.exe C:\Windows\Logo1_.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\rundl132.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Dll.dll C:\Windows\Logo1_.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Logo1_.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5396 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 5396 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 5396 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 5396 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\Logo1_.exe
PID 5396 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\Logo1_.exe
PID 5396 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\Logo1_.exe
PID 2680 wrote to memory of 6056 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 2680 wrote to memory of 6056 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 2680 wrote to memory of 6056 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 6056 wrote to memory of 3400 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 6056 wrote to memory of 3400 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 6056 wrote to memory of 3400 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2044 wrote to memory of 3028 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 2044 wrote to memory of 3028 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 2044 wrote to memory of 3028 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 3028 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 3028 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 3028 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 3132 wrote to memory of 628 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 3132 wrote to memory of 628 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 3132 wrote to memory of 628 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 628 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 628 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 628 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4444 wrote to memory of 4952 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 4444 wrote to memory of 4952 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 4444 wrote to memory of 4952 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 4952 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4952 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4952 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 5056 wrote to memory of 4396 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 5056 wrote to memory of 4396 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 5056 wrote to memory of 4396 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 4396 wrote to memory of 5044 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4396 wrote to memory of 5044 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4396 wrote to memory of 5044 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 5044 wrote to memory of 5624 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 5044 wrote to memory of 5624 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 5044 wrote to memory of 5624 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 5624 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 5624 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 5624 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 5052 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 5052 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 5052 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 2216 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 2216 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 2216 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4760 wrote to memory of 840 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 4760 wrote to memory of 840 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 4760 wrote to memory of 840 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 840 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 840 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 840 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 2280 wrote to memory of 4812 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 2280 wrote to memory of 4812 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 2280 wrote to memory of 4812 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 4812 wrote to memory of 6028 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4812 wrote to memory of 6028 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4812 wrote to memory of 6028 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 6028 wrote to memory of 2880 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 6028 wrote to memory of 2880 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 6028 wrote to memory of 2880 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe
PID 2880 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a680C.bat

C:\Windows\Logo1_.exe

C:\Windows\Logo1_.exe

C:\Windows\SysWOW64\net.exe

net stop "Kingsoft AntiVirus Service"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a69F0.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6A5D.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6B19.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6BB5.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6C71.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6D3C.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6DF7.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6E94.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6F30.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6FFB.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a70A7.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7133.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a71DF.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a72CA.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7347.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a73D3.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7470.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a74FC.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7589.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7615.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a76A2.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a772F.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a778C.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a77DB.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7858.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a78C5.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7913.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7961.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a79AF.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a79EE.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7A4C.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7A9A.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7B07.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7B74.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7BC3.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7C20.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7C7E.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7CCC.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7D2A.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7D78.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7DD6.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7E34.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7E91.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7EEF.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7F7C.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7FCA.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8047.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a80A5.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8102.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8170.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a81FC.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a824A.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8299.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a82D7.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8335.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8393.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a83F0.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a843E.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a849C.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe"

Network

Files

memory/5396-0-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Windows\Logo1_.exe

MD5 4f07b7c07db3deeaef154a2f2c9646b0
SHA1 6ada698575fd2ce3b8041f85d04dad5bd846a03f
SHA256 5c6ca16525876afba9f88ae6809b550793501ed5c5a73b8a800d4029ff92c98c
SHA512 35d71140bddbe016fe55a1e9328b3d284b3c9d5ebe9225b062b994bff4c70555fdf81378a299ab70f1c4d37b60a18a5f8a411e63fe4562299863bb1378616a90

memory/2680-8-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5396-10-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a680C.bat

MD5 239ba6329bc19bb30d348f826f1a7837
SHA1 7fd09bcd68268ffbd9bbc9468b5b7bf78fbd8ad0
SHA256 a96aeed78515fb98625ca8c87ddf3c126037658ece628a405018c2ba1b4023a6
SHA512 1e6f0e84e6d884a7464bd9b25e479ee108681f80d396ba400168a393c899d6b9c8063a1dfa7bac2e697d00c065f1b39344617b8934383fdb7049f1f263e6f6dc

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 266b353a77eb4c93ec246992a813afea
SHA1 1e13c4eb9a3729c3edbfa57dff399a3d07983e9f
SHA256 945e8240bd45d28cc9a933012b84cc394bb77ed26b07ea6f38477f1a6c99052d
SHA512 7893bdf8a68c2bc872cff5a95c3aeb1ea337dcff60b02fa88f0dfe3cabf69a421124e2a710c152eeedf53405e5d18e730be30b7c80780ae65dbdf35b6a0e0978

memory/3028-20-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a69F0.bat

MD5 8ea62722a99de07d5afcabe591b20343
SHA1 188b0e2e2c102674e11f8386f7dcd7703e904f14
SHA256 496e2819dd495cf60af1a232d849ffa50b227e5fcdea661016c5f317efae6723
SHA512 f7ca72f008fb9a384ac41cd67c1072a29fd58895a9c13e863d3b2afc7ee6f0306b281132ab48a10412688dfa684650f6dddcf124115c1ed4b05ecc23807120c8

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 c7f123848ba4c433ffed711d09d9a84c
SHA1 abcfadc14301554ec3e7be8dfc4513cc0994f590
SHA256 92cabd1a9db819e7d57d59a5f23f6437c61b982443de3c3781010961b79091ac
SHA512 7851dd4a461e24b8d47c7e116c2795a8f3915ee9a1a58d7a8c9c6b8bcacccf5dd24e09389b11df22f24d991d7011282fdd63a0167e3b0e6792f6012138eb708c

memory/628-27-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a6A5D.bat

MD5 eaf88fb0e07d6dcda75e149f92e15643
SHA1 21c860b4d00a2ad1c3578481be8d521f1c20ce98
SHA256 549a7e09c444d215ed77841d6f3a302767a4036643e4e9c74c5b07a808bcc9fa
SHA512 99197a81bafce02757287bfaa546845cdb1e732ff813a3a688789a8d34a7a84a0407b36542fe44a9764aa9bc63e10a84fc8477d972c2c1de6b45c886f6008283

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 b429c2b368de54aef2015862f0cc18e2
SHA1 f1da548a03916b44311cb0e6d9c92fd05d45f5d9
SHA256 5589ac9fffb48edaa6de1b3381bff554075e83d5da8009b017f9261a5de8e33f
SHA512 9027ca9ed194c79500172c93f4ac3f9de2390aefe5b88aa5f02011dc49b166ff3760d01efccc742ea91a1bff97485255e7e92c377114468a49d3ea1b524b20ff

C:\Users\Admin\AppData\Local\Temp\$$a6B19.bat

MD5 66cc50fcd4aa83cf1f6dac14f5726048
SHA1 6a097ea43837ee8b476d2edaf1b578efc5f6d9d7
SHA256 0939d2d37b9c0e870ce5ea21a5f631f7fcb071be23d417bd716ef55cd290490a
SHA512 5bd750b1112d76c8345305bcc96a1c2b5d040111bddc56a637a7026459cd58f9ec3e38d07f7aba9b60575f2d4a3e1c8b994e6d544f5f33027d4901ed6db2e486

memory/4952-34-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 372e8975966a02985165b96f51290ab1
SHA1 f7d64e2fe396ef19a537c66b863d26725938d7ef
SHA256 ded7b0ec4ef932d17a88eda9cb924fc2c2bb48d95fa654b333b6c0044f21ddb1
SHA512 6e499b6a47909d2ebc111d8f317a4b865ebca530d37b2e512ab006a1fc034573fcbf168731b23a062595cb6c23bef05122082ecd2a7563799399c2ac01eda7af

memory/4396-41-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a6BB5.bat

MD5 c0644a83bbb0253904a0e077d9ede4e3
SHA1 b2b67792d60daef12d270bf916e96f9026005ffa
SHA256 395e4420e3225938fb8023caae4887e1c0bb3b1840aedd7a92b9576e5dfaa732
SHA512 00a5f0a9b85f202955a71ec0633efaa233896e3629d5e71cd0e418cd0e1fe0512106ee75718bed2b38198b91cdaa6b3532143b1f9ce6e7dc673222fa56cd537f

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 19a110c6ec8e337a5328e0d18e50d0fc
SHA1 fc76008a6ba215d0b710b5868a56dd2cad556df8
SHA256 04b23c057d97ee46f3ac5ce1bd170761e1bfc28982036db7c6220930dd1cdc4e
SHA512 a7ec622c7c870fc96160c9fd8fcc9d429db18246af0b3394964d669a8d591338fee04922686ca59115a0b076e3da48fa4d88d7f489048607e2a8a5111d7dd307

memory/5624-50-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a6C71.bat

MD5 ee769f7e3deaadf41e7f059abd7b4689
SHA1 179e1384a4cbc609c295c0fb6d28509dc57dd2e4
SHA256 d72a7756a1640972c494676b4b37eb05d3382e14e85d59bb991ef28969727c6e
SHA512 65d0a52b255d9cfe6a4a6db7b0f211d09ad2eec85cd8c83741d422e25f482cbf19edb0c111049186b8ad325d462d03a194f9e1b62b28ecd3e3a5e79518ab9cc0

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 2547e7bbe30bb3543dde3176bf8b19a1
SHA1 7608ecd9326b4373381646cf20d51334388e41da
SHA256 3f3e63c3f2b9137f4098e9e5cc311b43834e1223912bb65ff5495b56d140465d
SHA512 650282cfb55213c8c3f7b63174ee317c43f70166c6535fdd1ec06ac527d2f4ef9b9a7c88cc4f7a4fa913ebe39c329a86ebc01f92e960c18f06aa766798dbcebd

C:\Users\Admin\AppData\Local\Temp\$$a6D3C.bat

MD5 151c22d8b91ac2043e18ba7136195243
SHA1 7226dbcf7a4bb875066c7ee1e2b3e39537085b07
SHA256 32ab6f779278d3a5382894219dde22ed9774e561a5f7325515c3c00b8afee7fe
SHA512 aacf06b6916f2b3d884c39556441bb0dfb7bce0a10ad562fe7b01b6f300a7de0d2e9498bb4dc8c082cd7814675f74fbbeed514b6f53ac8bc596599a1b194bfb1

memory/2216-57-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 ca1eef78df829a9a6a6b676652bee86a
SHA1 260e798ab5f5365c70d601cba16cf43485433d15
SHA256 33ed29a94afa1d569b04e29d326a7e3979b9a27bd7a8356bf863a661bdbeb3c4
SHA512 f75e92c41b06f207d609516b4741804885f4df79757ec4fa21e0cee9510c7ab9fbed48291765655190155893598294f461105ea30b151d0f6e663a1fe16df7f9

C:\Users\Admin\AppData\Local\Temp\$$a6DF7.bat

MD5 855063fd3977effe4cfde2d5bf22f6a0
SHA1 d74559e6fb9f04a78ae6862a99884352697252bc
SHA256 9297e5cd23f0a335dc85c513538095ac19406e05e977a591fea61e1a36c24cc1
SHA512 a83c949a9597973c1c7802337c54b1402af17bc7701e2d047deb30fc8323be6614c44f7aa234d153c483451f8ddcfa43e281a6e142a8bc5e5d1cabfc5aa71e46

memory/840-64-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 7938572cb00a29f5d274feeac93b4587
SHA1 fbe6449dbcde47c32c087bf554747cf2bd1901e3
SHA256 33a99f439b01b893b57cebc91385e0fe3dd817904cd691b21f4b901b91385d59
SHA512 2e5f9ac2bfdf1d6f3f74ae5513ff8180c637641119a5075cac31840301c4c5675f9ec6763d9cadf722676bf2f91e34ce75d728bd71fa1aa340ecd42cc61c5489

memory/4812-71-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a6E94.bat

MD5 c152606a122b200f07720f94fac473e6
SHA1 d4fcf3f78b8668ddf68141d30fa94fdd695afc8a
SHA256 2c57654ab158453596650838ec569bd19feca28e172b618eaa5c167e20c4041f
SHA512 b3a78e35b2055d146364f1450230be42afd874f8eadc5db5e71e724ed08f4a1648c80b87f547888f917dd595d7102ed2fea5e7605789e0699e0a51e46c7ae2d0

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 b370bf7b5f408728135027702741575f
SHA1 7d9d0988351850e9254dbb0e413540a602a29f73
SHA256 5f4ad444f640b440f8dbd93d7b7bdcde6f49eb0d934713639ae1960882b35b10
SHA512 6f9c83b8b31b4747d934daa6920acf2ff261b045bef62cdc92fcc2bbe4a60e6ca47d85e96a36a35fbaea63ab7dfcfdeb85af81b1988e306563ec5989f349a5cd

memory/2880-79-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a6F30.bat

MD5 050201b1671334decc0506ee9a6506e9
SHA1 766df58570462e6f2a0cc4e8afde85d3772045d8
SHA256 1d09f7aa2ff29628e3e33b7c43c68b4244819c53000912bbe82f4e1dadfccf68
SHA512 67ff0e5ca8fac387aba6e79f19ad612a9e1ec208d401bda8882f0c41ea3125079c24d1209d24d371ca18b68d08ac596becda2c6b2810e6fe0325ee3cc4be3f91

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 303a355f22509e59a213419f95e6be89
SHA1 8c4afa4b8b0b2540ccfc7a05cf90c8acd9403902
SHA256 df0440dc62f4f9ffb87b29a773b34faa7cca111b64000485347fc5461249bcc8
SHA512 122f1d387c551c405bb8d6b416be8c3ae15239c4180abbfa9edf012bb0061b90fd3bac8a2fd09f1c9ee05a2694cacb5a616bc9a44d9b007a348d3c2999f7e1e6

memory/2680-83-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5792-87-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a6FFB.bat

MD5 d1e0f6b1e3bd34a2e7ea3b5d3f2af2da
SHA1 956ca3016b5c8eba27fd4e220bc0a01b3da6d88c
SHA256 dd621d32946c86e09eeb895f137c0b03facb971e52746ce8170de8c8c6498626
SHA512 72df9dc076b28c1d81ac56a5bdeafcba1a57c1266b5a219c193d50558bc0feda85c5cc01bd9a7d5b2aaeb215cca70e3a7ff8b48590c7559c7acc86495acf53a0

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 a0fde2f1eef57cfd1fb57a8dd0dbc2aa
SHA1 7ad54bea32cbaf5c9161b3c98001a4cf6cf6b2dd
SHA256 07175b86daccf8d25d71eed1ed175db22244f0a65721ffc972bff96bdd6753b2
SHA512 87599ad66df95f7f212607b8a95cb580acd8633d70aa3495b584dce1efc12bcfc693886734a71412e47285e14aff491b751371be87ef78371e3ae6a9fbcad8a2

C:\Users\Admin\AppData\Local\Temp\$$a70A7.bat

MD5 276a94d3131d36666e4361b93b20d187
SHA1 c283ab5719f44223be5c8470beb7359af18773e1
SHA256 b6be53acec81c13672bee37ef82c98369a0d133da43dbfdf6df71b734fbae956
SHA512 2ac5c83034b09bfab06f88a2e0886d4bb8cd30e2d9f5e41d2c970c0385b901a87873127329f0f3dd193defec05551a2a1ec25e864806bd500795ede821ed9d56

memory/2740-100-0x0000000000400000-0x0000000000445000-memory.dmp

F:\$RECYCLE.BIN\S-1-5-21-3625340254-1625357543-1797847221-1000\_desktop.ini

MD5 6ef23bccadc81fb82d7eeecab7166eed
SHA1 379fb55375f791483209d02402c6c359fe6afc12
SHA256 da5498ac44fd5b5f97353e6f28c673c28985ae25330f183b90a1a20b4bf4e85a
SHA512 6e10f0bfc5983272d128dfe59f9868a59098e8ae388e55a0ab9f25d85b1c979728b295f39bef985bb7ef8ff1bc9b14c5f315ead269b8cefb4aaa2e82ca0cf5b1

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 ff9aa2eabd6af37cb4592feeca60e7d9
SHA1 55c9cb88a56cbf9fcac39158d1e2226f232a7b2c
SHA256 427e7a9831fd837e8ae648040e1999531fe93673182c77cf2ac8a0677c6262e7
SHA512 6bbe75f25da9f238ef8abeb1f5ebdf84fceb9b0138f0b46b313d4f2f404bb0e6564d5a157bb8a6895ec04170204df0631a554984f35c5ddd283086d064c82db5

C:\Users\Admin\AppData\Local\Temp\$$a7133.bat

MD5 d1b8a54b2b68da0984681f40a72e6066
SHA1 af636b9fec7be7fde47e3e0b931e40cfe7ea7129
SHA256 69a7200314517b83ca8c635ea0daba65e300af9974bc84d9f630a76d2c07ca75
SHA512 9736ac26ca1a90a3215c6375fa35e51e6b0cee2c134ec05c457ec9e816dae67c562635746d89794e2182b2ab64ded125875a13c4c4c2282de9ccd6d3d934fe52

memory/3380-107-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 b2cc03fec835158f089ea779a0a744aa
SHA1 70321aa424e53eb6cedde9dc69a6b7cffdbb24cf
SHA256 340937edc76e4a378505768ef09a0f17874aa913c74b931f6b1f767da2842eb8
SHA512 60f1214ef1c91ab2ab1f6d6104eba4fd765126075c7f435a7bda6314ab60d049f6e017805fd62bcd96f9fd2b5577c679ad0aee8a38949e11e256cb74b25aa223

C:\Users\Admin\AppData\Local\Temp\$$a71DF.bat

MD5 c01010aa6fd6a9359f22000baf070726
SHA1 81cd49b5e3fc7273f0aa06f16f819da70b9fc3ac
SHA256 549d005fc6f83d6a966b6ad8104adbaaebbb8b6d45b8dad492f3fc4dd9fd70a4
SHA512 b94ff8a5a5fbd16d7abd8850fe6e3a3793eb79354e6a74d60d51e83c593b883cf2158bb44857f46fd543433c8ec3432865151c217c2a5d11fdad5191f330959c

memory/4892-114-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 1d71b86aa1f8d32070d5ed79377108bc
SHA1 f0a2772ec0469409d56b1a42ed8ba7c827ef2c49
SHA256 1a9dea78ef3a52f777dabc2d41a32cd3e48a0ea54f9153fa55df2ac7eed4138d
SHA512 cd26f2a3e48b0ac22ea523c253e9668a6a96c094c64af64de0760c66a4953ada4fa62a1882d886da0d3e7540fc26d771821bd85120e17f6bf53577d1ae8a0c65

memory/5780-121-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a72CA.bat

MD5 a7d92a61b19e6466629703ea572be1d8
SHA1 3abe599e0f3e250d12eb4fe869bf6be49166f877
SHA256 2509e24048c9da60033025c282caff1c999efcfe96851e82c2583caa4addd1f7
SHA512 8812fda5f8e3d2f734afa96462ffba8787bdb1e1db20c10d7d6f362b5e0f2f7aa8c056111dc0565185ae4c544bd2c625c0842c1615c3735860352100c402f23c

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 bd4088548ede174ddd0ce92fc6975d77
SHA1 e27a2fb5589b99678482f2cc10481a8c36a016a7
SHA256 ba2be1ce13e4047ce9e275b7b57f44b819230b91cc4f9c97fc814d49a06b6a96
SHA512 a88804984e92db658c393684f56b79206b3686d93ab408d49ec0af6b2fd07ad30df4753f86dc91f9e73418a4929397e89392d63635fe56938c4280f7ba70e438

C:\Users\Admin\AppData\Local\Temp\$$a7347.bat

MD5 37397d5034a9bcfe8daa21ad874bbfe3
SHA1 74bba1451194c1b562e436a643b3540f117ecb5d
SHA256 17f6bf777d25f82afe47b746be17f0384273af1453617cae4a98588a8fd11696
SHA512 dcad836f71ab2c3562c4e695ce4d0b6936ac58c8df8a28cc99ab4ef846da3b8a0c3ef4cbc2d6778653b035616c2a70f2cd58a1db77220893d3dc765e31802652

memory/4848-128-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 d2ad3ee5a299b23c491dec7c4d12436d
SHA1 4b1b3500978b6306e6e34cb53a90da7d7bb13a57
SHA256 95895ddfa7e15e87281def40ad11e103a173a18731b18e69a462098437792596
SHA512 02b666a31882b040b31b6e89c1b9defa9c51f91ac29883b39fe78fee8f86ca388897bb3a29e94e15d8f28e232d8693f220faa05b672b1fcb5f5471d26e6cc036

memory/6048-135-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a73D3.bat

MD5 d6f8029c12ad4b0503337baa5fb3240f
SHA1 515478f2472382424b69dc2400abc2a597d18e61
SHA256 68b41a8ce52a32e715f63790657e845f5ea82abad6e3c881ca75aaaf68eb32da
SHA512 1697a601a274a7e903762327764c94f8bc1190fb5cc39e0db4a0c721f308dbecfc9c0e96afe928a08cfe2d6697e38b7f99643346da4c0a309d4300d472f9b1a2

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 e753b2cb430b4d9557b1c3c4ebc1699a
SHA1 0c4fc16e70440cffffe58b699239e7ad842ff9d4
SHA256 4b3adf8fd153b1648224bf7264ed73e9c3ce4ea7a3a7b43622be4a70f5d2ddaf
SHA512 4895ad7fb02dab75d99efc3a16f5edfbf214581afac48df07ac61c509b5b0033ee0a73369813e99d05853a0075d61efd001733fc9cf76dfdb99dca56d35b3ded

C:\Users\Admin\AppData\Local\Temp\$$a7470.bat

MD5 cf89ed3dc89d8839cbcb664658a75017
SHA1 fed330b2a246d519d29d9bdf21ec8773b0a0afdf
SHA256 9cb2b05a6475db835ed1c12b967b1ff2764ff58f4439daf028e26082c61977f5
SHA512 7af0fc0267a5c814299af516b46117491383ba02be8bd08a0890aca13a4370bafd6168d4b97ba6f18541403704321d5ad947483dd062f0d897e2f6e8da0a1b42

memory/2828-142-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 135ebbe9337d2af180436d5ad036019a
SHA1 165c97df3f426040c0ca68d7091a6cd5b421c1ff
SHA256 17554e49a8cb2ddb0658896fca59179a40086668e7e187209656daaaafdcd667
SHA512 f93564a5bdec18f8b308ffc75dd1406f459429d64b4a48bd6c35914b8d7fe8d861e049b2af6e928fbbe612985a7999a3c73452d7289081ad253d37f02cfffeb5

memory/556-153-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a74FC.bat

MD5 822c6be34f17bd349ef01acf90a1f146
SHA1 27e1dfce4c7faa43a1d268a556a198b2b9e4446e
SHA256 221fec23af70acfb75264db8ff86cf311dec07b702437034d1e34614915cbcf0
SHA512 f594d9edec0879fda4be806e045b1409a6411116e128d4d4f1e8d8603eb72e65030ec00111edc2a9f7263996b79c0084c53a350e2746b5a046018acc24901605

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 df0341888d55a56f098914a9b4be90fd
SHA1 52dc9af602deb7410f93ddb1646afebe7b4ef410
SHA256 e0ee940392df93819b08cf07ef66c1ace6d9810b14b21beab8c99b83549b696f
SHA512 84b56fa4e13c6526f5ef11cf3da5f5d32e098e39457f3c7f663dc70c4d35c4a1ffc9cc30dc40f280e74119c023c67fd8b4d942d2c47390bff3da278ff6416ef3

C:\Users\Admin\AppData\Local\Temp\$$a7589.bat

MD5 dd7170f55f8fbe0b84632b4faeb27d88
SHA1 1d5427b618cf193c2fe998010ccd5e2585cf4007
SHA256 76d3d0a4972ccc9ade619cf222d6bf0feeef9306dbcbeca2721d503118d0969d
SHA512 53340d21c06802e209cbacfcd08012e07332a3c54fa9b7a10b167310092872eb4223dc9666236b8f86f6174ce03f7998b6c6fdb666e66f3bad2e0bd5a5921d0c

memory/4992-160-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ccd8fe83b3d1ac5c96579c464a5b5553_amadey_elex_smoke-loader_stop.exe.exe

MD5 7461964b86d8d9ceb81ea27bbd1cead9
SHA1 1fe3400e26d424b93c055e75ef46952dac20ceca
SHA256 691c5bfa0bc220695339b8e06e208e4f3d1a625a89cbb2a7f9d15155feacf23c
SHA512 276da7c1112185df9ec77133e1cb4d87d0b1f4a83f2af8fd43f1e933fe5d481e8462279e97f28ca34d76bb87263ae693944f260cf687251137ed87369c85f288

memory/4080-167-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a7615.bat

MD5 e952880abf21ace3e6ad61ff75acb419
SHA1 b3240ec2b649c1a22015708b3392af45a9343d85
SHA256 8cd1008646bbc1f77489acef095151b8f3045d266c40dedc1236cefd12c1cf8c
SHA512 64f7ffa2f0ad84e1f7a7c7284407baf70b5ef9727a30647bb5ddf0741682da556790c48d0139fffca2b83ae240a94476cb1aa6d262a569923c5b9edda42321ad

memory/4560-172-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5908-176-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5244-180-0x0000000000400000-0x0000000000445000-memory.dmp

memory/920-184-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2036-188-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3552-194-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2616-198-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4116-202-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1128-206-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5828-210-0x0000000000400000-0x0000000000445000-memory.dmp

memory/568-214-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2832-218-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1080-222-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5176-226-0x0000000000400000-0x0000000000445000-memory.dmp

memory/924-230-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4456-234-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4984-238-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5048-244-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2356-248-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5128-252-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5308-256-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4316-260-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4696-264-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4232-268-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4640-272-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2412-276-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2120-280-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4268-286-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5496-290-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3816-294-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5916-298-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1192-302-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3712-306-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3136-310-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1784-314-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5556-318-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3860-322-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3784-326-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3120-327-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3120-341-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2680-2676-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2680-10668-0x0000000000400000-0x0000000000445000-memory.dmp