Analysis
-
max time kernel
149s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20250610-en -
resource tags
arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system -
submitted
04/07/2025, 12:13
Static task
static1
General
-
Target
2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
-
Size
2.1MB
-
MD5
ca1eef78df829a9a6a6b676652bee86a
-
SHA1
260e798ab5f5365c70d601cba16cf43485433d15
-
SHA256
33ed29a94afa1d569b04e29d326a7e3979b9a27bd7a8356bf863a661bdbeb3c4
-
SHA512
f75e92c41b06f207d609516b4741804885f4df79757ec4fa21e0cee9510c7ab9fbed48291765655190155893598294f461105ea30b151d0f6e663a1fe16df7f9
-
SSDEEP
49152:iLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLeuTz9jmcEir:iLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLx
Malware Config
Signatures
-
Drops startup file 2 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini Logo1_.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini Logo1_.exe -
Executes dropped EXE 54 IoCs
pid Process 5248 Logo1_.exe 5456 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2268 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 3148 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 4608 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 4596 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 4536 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 4812 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 4060 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 5036 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 3944 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 5324 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 1032 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 3000 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2908 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2932 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 3104 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2508 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 6060 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 5092 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 1396 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 396 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 4148 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2920 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 5300 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 4024 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 4872 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 4704 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2876 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 4392 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 6104 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 1508 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 3900 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 3080 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 5444 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 976 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 5764 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 1864 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 1984 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2992 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 1872 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2940 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 4016 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 4448 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 6060 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 3788 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 3272 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 4168 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2084 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 1248 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 5040 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 4756 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 4260 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 5204 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\Z: Logo1_.exe File opened (read-only) \??\S: Logo1_.exe File opened (read-only) \??\Q: Logo1_.exe File opened (read-only) \??\O: Logo1_.exe File opened (read-only) \??\N: Logo1_.exe File opened (read-only) \??\J: Logo1_.exe File opened (read-only) \??\I: Logo1_.exe File opened (read-only) \??\U: Logo1_.exe File opened (read-only) \??\M: Logo1_.exe File opened (read-only) \??\L: Logo1_.exe File opened (read-only) \??\K: Logo1_.exe File opened (read-only) \??\Y: Logo1_.exe File opened (read-only) \??\X: Logo1_.exe File opened (read-only) \??\V: Logo1_.exe File opened (read-only) \??\R: Logo1_.exe File opened (read-only) \??\H: Logo1_.exe File opened (read-only) \??\E: Logo1_.exe File opened (read-only) \??\W: Logo1_.exe File opened (read-only) \??\T: Logo1_.exe File opened (read-only) \??\P: Logo1_.exe File opened (read-only) \??\G: Logo1_.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Microsoft Office\root\Office16\FPA_f14\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ko-kr\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\hu-hu\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-ae\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\VisualElements\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\wa\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Windows Media Player\fr-FR\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\css\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_proxy\win11\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fi-fi\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sk-sk\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\da-dk\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\EBWebView\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Trust Protection Lists\Mu\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\hr-hr\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\it-it\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\_desktop.ini Logo1_.exe File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\be\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\it-it\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\identity_proxy\win11\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sl-sl\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sl-sl\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-gb\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fi-fi\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files-select\js\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fi-fi\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ru-ru\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Microsoft Office\Updates\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\hr-hr\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\zh-cn\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\br\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-fr\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\root\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ko-kr\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ca-es\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Reference Assemblies\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\Bibliography\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\cy\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\nn\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\nb-no\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\tr-tr\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\_desktop.ini Logo1_.exe File created C:\Program Files\Mozilla Firefox\defaults\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\hi\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ja-jp\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\es-es\_desktop.ini Logo1_.exe -
Drops file in Windows directory 56 IoCs
description ioc Process File opened for modification C:\Windows\rundl132.exe Logo1_.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\rundl132.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Dll.dll Logo1_.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe File created C:\Windows\Logo1_.exe 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Logo1_.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 62 IoCs
pid Process 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe 5248 Logo1_.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2996 wrote to memory of 5920 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 86 PID 2996 wrote to memory of 5920 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 86 PID 2996 wrote to memory of 5920 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 86 PID 2996 wrote to memory of 5248 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 87 PID 2996 wrote to memory of 5248 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 87 PID 2996 wrote to memory of 5248 2996 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 87 PID 5248 wrote to memory of 5704 5248 Logo1_.exe 89 PID 5248 wrote to memory of 5704 5248 Logo1_.exe 89 PID 5248 wrote to memory of 5704 5248 Logo1_.exe 89 PID 5704 wrote to memory of 5276 5704 net.exe 91 PID 5704 wrote to memory of 5276 5704 net.exe 91 PID 5704 wrote to memory of 5276 5704 net.exe 91 PID 5920 wrote to memory of 5456 5920 cmd.exe 92 PID 5920 wrote to memory of 5456 5920 cmd.exe 92 PID 5920 wrote to memory of 5456 5920 cmd.exe 92 PID 5456 wrote to memory of 2232 5456 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 93 PID 5456 wrote to memory of 2232 5456 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 93 PID 5456 wrote to memory of 2232 5456 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 93 PID 2232 wrote to memory of 2268 2232 cmd.exe 95 PID 2232 wrote to memory of 2268 2232 cmd.exe 95 PID 2232 wrote to memory of 2268 2232 cmd.exe 95 PID 2268 wrote to memory of 4672 2268 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 96 PID 2268 wrote to memory of 4672 2268 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 96 PID 2268 wrote to memory of 4672 2268 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 96 PID 4672 wrote to memory of 3148 4672 cmd.exe 98 PID 4672 wrote to memory of 3148 4672 cmd.exe 98 PID 4672 wrote to memory of 3148 4672 cmd.exe 98 PID 3148 wrote to memory of 4904 3148 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 99 PID 3148 wrote to memory of 4904 3148 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 99 PID 3148 wrote to memory of 4904 3148 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 99 PID 4904 wrote to memory of 4608 4904 cmd.exe 102 PID 4904 wrote to memory of 4608 4904 cmd.exe 102 PID 4904 wrote to memory of 4608 4904 cmd.exe 102 PID 4608 wrote to memory of 4724 4608 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 103 PID 4608 wrote to memory of 4724 4608 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 103 PID 4608 wrote to memory of 4724 4608 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 103 PID 4724 wrote to memory of 4596 4724 cmd.exe 105 PID 4724 wrote to memory of 4596 4724 cmd.exe 105 PID 4724 wrote to memory of 4596 4724 cmd.exe 105 PID 4596 wrote to memory of 624 4596 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 106 PID 4596 wrote to memory of 624 4596 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 106 PID 4596 wrote to memory of 624 4596 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 106 PID 5248 wrote to memory of 3532 5248 Logo1_.exe 56 PID 5248 wrote to memory of 3532 5248 Logo1_.exe 56 PID 624 wrote to memory of 4536 624 cmd.exe 108 PID 624 wrote to memory of 4536 624 cmd.exe 108 PID 624 wrote to memory of 4536 624 cmd.exe 108 PID 4536 wrote to memory of 3248 4536 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 109 PID 4536 wrote to memory of 3248 4536 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 109 PID 4536 wrote to memory of 3248 4536 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 109 PID 3248 wrote to memory of 4812 3248 cmd.exe 112 PID 3248 wrote to memory of 4812 3248 cmd.exe 112 PID 3248 wrote to memory of 4812 3248 cmd.exe 112 PID 4812 wrote to memory of 4388 4812 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 113 PID 4812 wrote to memory of 4388 4812 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 113 PID 4812 wrote to memory of 4388 4812 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 113 PID 4388 wrote to memory of 4060 4388 cmd.exe 115 PID 4388 wrote to memory of 4060 4388 cmd.exe 115 PID 4388 wrote to memory of 4060 4388 cmd.exe 115 PID 4060 wrote to memory of 4396 4060 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 117 PID 4060 wrote to memory of 4396 4060 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 117 PID 4060 wrote to memory of 4396 4060 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe 117 PID 4396 wrote to memory of 5036 4396 cmd.exe 119 PID 4396 wrote to memory of 5036 4396 cmd.exe 119
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3532
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"2⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2996 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a510E.bat3⤵
- Suspicious use of WriteProcessMemory
PID:5920 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"4⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5456 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5275.bat5⤵
- Suspicious use of WriteProcessMemory
PID:2232 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"6⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2268 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5331.bat7⤵
- Suspicious use of WriteProcessMemory
PID:4672 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"8⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3148 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a53FC.bat9⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4904 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"10⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4608 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a565D.bat11⤵
- Suspicious use of WriteProcessMemory
PID:4724 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"12⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4596 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5767.bat13⤵
- Suspicious use of WriteProcessMemory
PID:624 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"14⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4536 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a57E4.bat15⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3248 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"16⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4812 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a58AF.bat17⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4388 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"18⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4060 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a59E7.bat19⤵
- Suspicious use of WriteProcessMemory
PID:4396 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"20⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:5036 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5AE1.bat21⤵PID:556
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"22⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:3944 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5B7E.bat23⤵
- System Location Discovery: System Language Discovery
PID:1112 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"24⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5324 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5C58.bat25⤵
- System Location Discovery: System Language Discovery
PID:2844 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"26⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1032 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5D33.bat27⤵PID:2992
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"28⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:3000 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5E8B.bat29⤵
- System Location Discovery: System Language Discovery
PID:5576 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"30⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2908 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5F08.bat31⤵PID:5604
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"32⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2932 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5FE3.bat33⤵
- System Location Discovery: System Language Discovery
PID:3468 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"34⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:3104 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a606F.bat35⤵
- System Location Discovery: System Language Discovery
PID:876 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"36⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:2508 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a610C.bat37⤵PID:3788
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"38⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:6060 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6189.bat39⤵
- System Location Discovery: System Language Discovery
PID:1676 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"40⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5092 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a63DA.bat41⤵
- System Location Discovery: System Language Discovery
PID:5116 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"42⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1396 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6448.bat43⤵
- System Location Discovery: System Language Discovery
PID:3924 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"44⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:396 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6542.bat45⤵PID:1640
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"46⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:4148 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a659F.bat47⤵PID:2540
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"48⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:2920 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a65EE.bat49⤵PID:4236
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"50⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:5300 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a666B.bat51⤵
- System Location Discovery: System Language Discovery
PID:5040 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"52⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:4024 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a66C8.bat53⤵PID:2232
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"54⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:4872 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6726.bat55⤵PID:4492
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"56⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:4704 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6793.bat57⤵
- System Location Discovery: System Language Discovery
PID:4836 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"58⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2876 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a67E2.bat59⤵
- System Location Discovery: System Language Discovery
PID:4596 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"60⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:4392 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a683F.bat61⤵
- System Location Discovery: System Language Discovery
PID:872 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"62⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:6104 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a688D.bat63⤵
- System Location Discovery: System Language Discovery
PID:4808 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"64⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:1508 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a68DC.bat65⤵
- System Location Discovery: System Language Discovery
PID:3628 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"66⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:3900 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6939.bat67⤵
- System Location Discovery: System Language Discovery
PID:4768 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"68⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:3080 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6987.bat69⤵PID:5884
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"70⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:5444 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a69D6.bat71⤵PID:1252
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"72⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:976 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6A24.bat73⤵
- System Location Discovery: System Language Discovery
PID:3604 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"74⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5764 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6A81.bat75⤵
- System Location Discovery: System Language Discovery
PID:1112 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"76⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1864 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6AD0.bat77⤵PID:708
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"78⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1984 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6B0E.bat79⤵
- System Location Discovery: System Language Discovery
PID:2092 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"80⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2992 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6B6C.bat81⤵
- System Location Discovery: System Language Discovery
PID:2652 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"82⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1872 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6BCA.bat83⤵
- System Location Discovery: System Language Discovery
PID:1432 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"84⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:2940 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6C27.bat85⤵
- System Location Discovery: System Language Discovery
PID:2320 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"86⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:4016 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6C85.bat87⤵
- System Location Discovery: System Language Discovery
PID:2724 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"88⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:4448 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6CC4.bat89⤵PID:5900
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"90⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:6060 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6D21.bat91⤵PID:5916
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"92⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:3788 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6D7F.bat93⤵
- System Location Discovery: System Language Discovery
PID:3228 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"94⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:3272 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6DCD.bat95⤵PID:2128
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"96⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:4168 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6E69.bat97⤵
- System Location Discovery: System Language Discovery
PID:6032 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"98⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:2084 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6F35.bat99⤵
- System Location Discovery: System Language Discovery
PID:3652 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"100⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:1248 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6FD1.bat101⤵PID:5604
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"102⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5040 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a708C.bat103⤵
- System Location Discovery: System Language Discovery
PID:1680 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"104⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:4756 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7177.bat105⤵
- System Location Discovery: System Language Discovery
PID:1160 -
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"106⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:4260 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7280.bat107⤵PID:3000
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"108⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5204
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\Logo1_.exeC:\Windows\Logo1_.exe3⤵
- Drops startup file
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5248 -
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5704 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"5⤵PID:5276
-
-
-
-
Network
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
776B
MD5801d6f198f5bfd815226916080ccf985
SHA1e71e379c7c5f77c002f7935e117d48c8658a5177
SHA256de9a1ef8de63d66a896f3e136e13a47d5c94a9aa894619f463a60936dfec4dbb
SHA512d60b146c8fd54e374c48adce8f081a04bfd1da1b0992e59258d4f84ef77c098d9e143cfa720b6c308a96cd6010965556a6d60b2c37566045119d86774255101f
-
Filesize
776B
MD5ab54ec135e4a72f285c93849e32d3419
SHA1bfe1c7557a4127c1e5a42ce581695436269107a6
SHA2560b4a26f75e38c95a1b99abb89dbb1f555ea1d1bc90a901de4349a31a0cf8c9f3
SHA512bde14314bf7539b4c9114ba8befaf1b4871885572bbd715e278ea6cf13e60fd25ade67f5ec99bfc8894f9f8633dccfcfe93566530cbef0a3e439e8cb556fcf8c
-
Filesize
776B
MD5e874692c0827d162d54d6e48bc72c187
SHA1fb4567ed4ea7a52e97328511ab02446310befeef
SHA256152243874e74772308c75afeb4eacb8a21de9f9ddae697fc09d030ef94ee838d
SHA512603bb712428659b4886de79efdec9d72836e55445106b8f5a32114a0346c47fcd83294d32fd31db60ed91aebd15833ffc5aa465cb55db3e5a5a736d88a72007c
-
Filesize
776B
MD51bf973f11e400bb899f207e47649de9c
SHA1b5cdfe7cb9fe75f2eba86c9c336bae224b925639
SHA256fd95dd7a9472cb748ce9910bf88e8ac37f1a97911344f02244e421ac0d41f0fa
SHA51288744dee9aa4970162bf422fbc11906a291a9fd95c220aa101bde843257a1ee35ed1a04bebaeb28d2b718f24e7aeb4ecf8d8cfa7fb80ec8b78508422d1ddc4fe
-
Filesize
776B
MD588b9b4ae7f045d37cba74b14eada5e1b
SHA16e5600c99f53175a4b20173da44b91d93d3d2c1d
SHA256177e240af6590958593fd19ee588cff46454bf33a72ae41c8b9e5e87920e759d
SHA512c6661cdfc3860829128b32990ee92d857a0a2246ea37f733ae352ddcdc8f8d6ef0dd9ab0d63a40ba65b93adc5094bef1ca528e44cdd32cf999282d8730fc116b
-
Filesize
776B
MD580ca9cb11b1064879099a06faa64de4c
SHA173b9697e726310b08e8dfd11fa193b7e66d59d67
SHA256505fab6082e4c39b95d98db7616c41d881b4db7b75440d58feaf5946df084a81
SHA5125870c498c7238f30b0068128cd86989c29739ee2273f1c673cf69e0cf98832460daee7cf9092245cc5f8a7c6182671d8b6a02896b9b7304cd528f5e15267152a
-
Filesize
776B
MD520d089be03f4b4b8ca3e23145b87ad9b
SHA110b27917e87575178357f07ad2c2d9a227b64d62
SHA256b04a5e8e51199dbd25e9cbc8a07e8cb9263b38c7897a7e456d9d68f265f3da44
SHA51250d31db0b3a339ff92551ccd6066e1812169870e2a09e719a8c291bdd241c0828ac6882fb2c51c7bee2044b0f3b7b5f68d8975d4b7faeb0833bedc4e4ef9a41f
-
Filesize
776B
MD5de725abec0e3dc46d204d5e0c7930d94
SHA1e7c8f30cc65a24be52610cf2c699810b404e7713
SHA2564f8dce771af0891674febea9549be7e1616a0e27291589a5c7b690ac75b511a0
SHA512c8800d2eda892bfb1f161c3337a1780f8efb62f505d44ae1600f7891100aea6218f362a67b8471e953f89d7d31bc5df849f7faa2c142694813dcf637d3096a37
-
Filesize
776B
MD59b468af967c99f0fec43b114c4664245
SHA17b85d2d99e3d062e6fa0fe84dca077c4bf1fb807
SHA25639472a8b7180155359cd46bdef4405db66a7285a7d6330df3aff0b8f6e2cb702
SHA51266bc163533329bb3299b061d497a2ec46841f2ccc2c66d163d3eeefb47449190a1ec484f9143b955820225b081e73edc47f6c0e800bdcf1b9fecfa91e9413535
-
Filesize
776B
MD531f0589ba1dbde82b6420649b0276f51
SHA14472882839e7b2034d2a68900c66267f716cedb9
SHA2560fab4ce0b6f886e1c92ee98c8c78d938dcb3cffb32b251309281db551ffc4a8e
SHA512c0bbd3f6e537e92a98c91e7202ebe6b8b65d4524e2272ff71f7cfe15c18377bf4b408b3997b3dc14c1320acccd6348e134c72cd161d90dc86f6e418db997de00
-
Filesize
776B
MD56b7f839aa62c1f951701b84564934e98
SHA1d50dca092c3d3cbfeb52d32e1fe1cb75cf885b48
SHA25611bfd6a12f11660b064a563835db7f93c6858d41d92c610109d18989980399c6
SHA5129d91299c595d69363fd8310b78c01a4f65cb9fcbb7ecf91a4fa81a52671cf0ca52c4d04e448ccb02c2685f45cb5c5464ea276d49ea62eadd9cf4920edd8567b5
-
Filesize
776B
MD580dff0fffd099b34d5278901064a270b
SHA18a8d6eaf7255e7885acc4b7e0801f9e26f0b72a7
SHA25623e346475f7bc5e6a062d06684d46a5d7eb22233ef6c8b1af5b81f95632fa954
SHA5126e61923b58e981080171f344288a04f7ec08903b416e98d22d9939887e99ec17500a7e4dbe8e3106545f3278e6b4aa4bcca6018516db7e587d5e69ad897b4725
-
Filesize
776B
MD54baaaa988d78e8a48b72c6080c9bea3b
SHA1ac43e664e9f878f866f81d652b3f89dc37471935
SHA2569e1732c267a2f9032adbfc98630aa5f13efd4a990261fb7b9b76ae670fbc5145
SHA512b8b6bc5f55362398568fa822ec6a2dfb83ea3e5003a1d8b06e61d60da74b9fbfb4c51797e18cfb4a0a3e8234a648a94ffeb9aa45923b56f9ba5a9fad1e86d4de
-
Filesize
776B
MD5f2db97ad87077ff80c0b45dbc0d55e23
SHA13b6827aa6cba3c08f5b1e8e5efce7497ddecb288
SHA2569a3e7f61e8bca46a729021a035798cfbb4c5aa9a09ba2112e7ad26c1abf88ebe
SHA5123dbbdd31e6600d8db9e52b1bcf05cd9645ad140dd268b2a09fee211e44254ed0e4f3994bbe034ad223beac250a2d840b258caaf7e1ec20eed4985b56f61368ed
-
Filesize
776B
MD5f69fe0fe8e7e25ed57bf5131dd8bd0f1
SHA1f525a4f44c6a9cb5b24e8f37410391a8651d779f
SHA2563289c7726ba3e8526a5daca83eb308f0af8d1a624c93d645b8f749767febd21f
SHA512b83cc5baf900f31ef9c17ce7ec28bd00737c8e99cb4195f0bf2d3976aa80ee619124288a22f7e048c759ae688119d6765725a8ce92acff0dd16879a08ca852d6
-
Filesize
776B
MD5cade2937bc6ccebd463e7a37ee87a29d
SHA13a0fa7b089c36896ebc89b8640ae3d37c5714104
SHA25608a2fab1b9648f25f2fead7b6f01c2b9e5b5908190d7b58f08955551443c6903
SHA5126d270cd5caf5055421c3932fb5832b821cc7280c79f1590cb0c06fb03496072e7f3ae369dc3882e305834533e6d8e5f71a23c67c9549436328c3637052e7ae3d
-
Filesize
776B
MD5e346815834dd93b360b7d8f825f0cf25
SHA1342027dff513be4c46f4427841433ac01c468a1f
SHA25696e539d3393951410c17e0d804f42c3da91c27b68e339456e9c705b6b1ef7f34
SHA5128a0224c6acf78f452c70ff5ff305e327e2db2ea2c4440b06e274cdcc008f8223ff5be29ef3e4b2d1c1c0d3c62cfd2b0960a1fe3c5c1d8fe87170123baec7f8bd
-
Filesize
776B
MD5edd48eb5d479c8035d9f01949cd398e8
SHA189c501eb517c75511dd29649d8e9cb812faba1ce
SHA2563986aad3a218cd574f51c02b4d529b04047f435000e715712c47ab590924b78e
SHA5120b17b397e68dec7fe4de421c9f1fe3494336848fcff5b0d7fdb5f1534643bf21d9d89fb826eb1f930b8f964ae870b98a040c54a93a79735ff942b0cf974e6c29
-
Filesize
776B
MD5f500c4ff8a0780757387beb159727edc
SHA138a2048747dd5195abb84ad91a98bbf8157e6097
SHA2568d31c136f84094b766e537f0b881cce8ebcc409958997643ffaf01e43d3fbff1
SHA512913e3eee9623279674d901eef0ad7bbb4149de6c7fa85b492776b488ed3015c1b434893fcbe1bb2d15392186cc84531b4b327ed9ad8c793fd20d206641cb8772
-
Filesize
776B
MD5943fd77e353978f67f493431047cd904
SHA1febab7b16bb87b2d979abc33fb3b6695c7ff602b
SHA25619c9283e3bf990472c98ea69978cf9ad8b2e8025b3e642c6d5d0ea65622d0b05
SHA5124a27f44a0be258f71b9c063550e1646264d2df4bdac34b241301b681fbb2a7383fa04b7d85016f9a9a10b97f478a61293738b2a9b109b9cbca8cf313d1dd0f2d
-
Filesize
776B
MD50863152a8193568ea493d7b64b285028
SHA19b00ac8e393421146dcd5401e620f70a4a3405fd
SHA25623bd299e8e5fc4b30ee2c9b119d5ed274f2017c7b630175bf99fb27696a69e6f
SHA512c01c357a025e80c5ed8de0d2cef9af68327748c332faa1393cb9ab490aabafb432a35d6178d4d0a1793fb19c020f48514fc669b08596be8858088692cb84e655
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize2.1MB
MD57938572cb00a29f5d274feeac93b4587
SHA1fbe6449dbcde47c32c087bf554747cf2bd1901e3
SHA25633a99f439b01b893b57cebc91385e0fe3dd817904cd691b21f4b901b91385d59
SHA5122e5f9ac2bfdf1d6f3f74ae5513ff8180c637641119a5075cac31840301c4c5675f9ec6763d9cadf722676bf2f91e34ce75d728bd71fa1aa340ecd42cc61c5489
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize2.0MB
MD5b370bf7b5f408728135027702741575f
SHA17d9d0988351850e9254dbb0e413540a602a29f73
SHA2565f4ad444f640b440f8dbd93d7b7bdcde6f49eb0d934713639ae1960882b35b10
SHA5126f9c83b8b31b4747d934daa6920acf2ff261b045bef62cdc92fcc2bbe4a60e6ca47d85e96a36a35fbaea63ab7dfcfdeb85af81b1988e306563ec5989f349a5cd
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize1.8MB
MD5d2ad3ee5a299b23c491dec7c4d12436d
SHA14b1b3500978b6306e6e34cb53a90da7d7bb13a57
SHA25695895ddfa7e15e87281def40ad11e103a173a18731b18e69a462098437792596
SHA51202b666a31882b040b31b6e89c1b9defa9c51f91ac29883b39fe78fee8f86ca388897bb3a29e94e15d8f28e232d8693f220faa05b672b1fcb5f5471d26e6cc036
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize1.5MB
MD51090b37d9d14b51753fcb76982193355
SHA1623eb7266431fcdee66cc5dd95bf62f7d9c90ef4
SHA25622fba10f578b8352eb5076ffb8c1ac6a66403d8796a9a3a98ac04583080b3b8b
SHA512006a7f35a3d8889c20f4959e9d33b48637f86f2d6c7ffc13e44b4933274f0b7e0a718e2b2adfdd150e9acc38088a322b7188b89aba0ba650caa528fa1485f232
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize2.0MB
MD5303a355f22509e59a213419f95e6be89
SHA18c4afa4b8b0b2540ccfc7a05cf90c8acd9403902
SHA256df0440dc62f4f9ffb87b29a773b34faa7cca111b64000485347fc5461249bcc8
SHA512122f1d387c551c405bb8d6b416be8c3ae15239c4180abbfa9edf012bb0061b90fd3bac8a2fd09f1c9ee05a2694cacb5a616bc9a44d9b007a348d3c2999f7e1e6
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize2.0MB
MD5a0fde2f1eef57cfd1fb57a8dd0dbc2aa
SHA17ad54bea32cbaf5c9161b3c98001a4cf6cf6b2dd
SHA25607175b86daccf8d25d71eed1ed175db22244f0a65721ffc972bff96bdd6753b2
SHA51287599ad66df95f7f212607b8a95cb580acd8633d70aa3495b584dce1efc12bcfc693886734a71412e47285e14aff491b751371be87ef78371e3ae6a9fbcad8a2
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize1.7MB
MD5135ebbe9337d2af180436d5ad036019a
SHA1165c97df3f426040c0ca68d7091a6cd5b421c1ff
SHA25617554e49a8cb2ddb0658896fca59179a40086668e7e187209656daaaafdcd667
SHA512f93564a5bdec18f8b308ffc75dd1406f459429d64b4a48bd6c35914b8d7fe8d861e049b2af6e928fbbe612985a7999a3c73452d7289081ad253d37f02cfffeb5
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize1.9MB
MD5ff9aa2eabd6af37cb4592feeca60e7d9
SHA155c9cb88a56cbf9fcac39158d1e2226f232a7b2c
SHA256427e7a9831fd837e8ae648040e1999531fe93673182c77cf2ac8a0677c6262e7
SHA5126bbe75f25da9f238ef8abeb1f5ebdf84fceb9b0138f0b46b313d4f2f404bb0e6564d5a157bb8a6895ec04170204df0631a554984f35c5ddd283086d064c82db5
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize1.9MB
MD5b2cc03fec835158f089ea779a0a744aa
SHA170321aa424e53eb6cedde9dc69a6b7cffdbb24cf
SHA256340937edc76e4a378505768ef09a0f17874aa913c74b931f6b1f767da2842eb8
SHA51260f1214ef1c91ab2ab1f6d6104eba4fd765126075c7f435a7bda6314ab60d049f6e017805fd62bcd96f9fd2b5577c679ad0aee8a38949e11e256cb74b25aa223
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize1.7MB
MD57461964b86d8d9ceb81ea27bbd1cead9
SHA11fe3400e26d424b93c055e75ef46952dac20ceca
SHA256691c5bfa0bc220695339b8e06e208e4f3d1a625a89cbb2a7f9d15155feacf23c
SHA512276da7c1112185df9ec77133e1cb4d87d0b1f4a83f2af8fd43f1e933fe5d481e8462279e97f28ca34d76bb87263ae693944f260cf687251137ed87369c85f288
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize1.9MB
MD51d71b86aa1f8d32070d5ed79377108bc
SHA1f0a2772ec0469409d56b1a42ed8ba7c827ef2c49
SHA2561a9dea78ef3a52f777dabc2d41a32cd3e48a0ea54f9153fa55df2ac7eed4138d
SHA512cd26f2a3e48b0ac22ea523c253e9668a6a96c094c64af64de0760c66a4953ada4fa62a1882d886da0d3e7540fc26d771821bd85120e17f6bf53577d1ae8a0c65
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize1.8MB
MD5bd4088548ede174ddd0ce92fc6975d77
SHA1e27a2fb5589b99678482f2cc10481a8c36a016a7
SHA256ba2be1ce13e4047ce9e275b7b57f44b819230b91cc4f9c97fc814d49a06b6a96
SHA512a88804984e92db658c393684f56b79206b3686d93ab408d49ec0af6b2fd07ad30df4753f86dc91f9e73418a4929397e89392d63635fe56938c4280f7ba70e438
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize1.6MB
MD51c19f6830bfc3fc0740427cb14e1040e
SHA10d9fab5c9f647153f02e6340f0f92482ab8751af
SHA256bffea8706766361769b12c56f9b33ab95b097e1621c79d43ba8cf37a296750d5
SHA51204e73d2ee53c60417fa1363231fc2d9c26ca0932c9b20a40a29b01cd2e3f514bf460822127261b82e3155773603c0824aa72ad47354ea08b0f6bca16cd69d921
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize1.8MB
MD5e753b2cb430b4d9557b1c3c4ebc1699a
SHA10c4fc16e70440cffffe58b699239e7ad842ff9d4
SHA2564b3adf8fd153b1648224bf7264ed73e9c3ce4ea7a3a7b43622be4a70f5d2ddaf
SHA5124895ad7fb02dab75d99efc3a16f5edfbf214581afac48df07ac61c509b5b0033ee0a73369813e99d05853a0075d61efd001733fc9cf76dfdb99dca56d35b3ded
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize1.6MB
MD584647a39a0ad452f817c79b54c417213
SHA1fdd4d3aab692ef571e3c40461d803834695c2e42
SHA256164895fd7a55a5155ec4f6543f550f1d6535a7a95ed01f8012e661afac3f02e2
SHA5120df23163881dcc812ffc782e54e0011bf586bb86097a9cde81ea7f60fa3d9596054952fbc304c19b7af94d8ecf02e1d72bc818c2cb2a866cf0b0bf30388e9e69
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize1.7MB
MD5df0341888d55a56f098914a9b4be90fd
SHA152dc9af602deb7410f93ddb1646afebe7b4ef410
SHA256e0ee940392df93819b08cf07ef66c1ace6d9810b14b21beab8c99b83549b696f
SHA51284b56fa4e13c6526f5ef11cf3da5f5d32e098e39457f3c7f663dc70c4d35c4a1ffc9cc30dc40f280e74119c023c67fd8b4d942d2c47390bff3da278ff6416ef3
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize1.5MB
MD558f5774c17668db110cc17ee2283ab27
SHA1bd0662ce731e7f36e52fad4b8a73f2b132a4528e
SHA256efbd8711ef5018e42159beb614e8d94671c23ade9b0d7e652356c7af6b2ca740
SHA512ca9cba1caa4a25f6205c4f2fdea0de17ac55a47029646603089dc703a5dca053089393bbee5de5ce3782265fbcc78983a4350df9acee1ebfae76e5281f59c4c7
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize1.6MB
MD5df0302482ccd76fc6908b820306f8ba2
SHA1bdc4aed7a37e6f8cebf7795e35680a7ecb93bd88
SHA256412724c9387e49a920f095b18ab31a64034005666ea39252ac6568cfd73c3c0d
SHA5122ec1f2538089a9b79ca7a9315cf121f08758af75a63c13675a643f1580650eeefd5fdb7ef52539a373cf42cb03ee554181e1bae27a7e76d359a684b258f0b692
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize1.6MB
MD5eb47c42e1779e57506d7238581b0ed8d
SHA1d2b538fb7efc750a44e4f64cf6c6444cc2e6e7cb
SHA256d4fb284b8814929af7252e93e534a5a511ed8fa94013f6c1fd097c5d46fa1f25
SHA512490e0968c7b45d9321fb4ca7fd4fbebb845c1410152d528c673fd271ea537c9df7bf93a659ed0ec284718f01881d6ff8a1de9615a888f2520a1dc74a90dc0451
-
C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe
Filesize1.5MB
MD526d32b81aa2c689bd02a123b70459da5
SHA12f32cf147c72db23d3399830c65f416c50943edb
SHA256b725aa36c84935145a08acd2dc2be48f3da11e32c084496d2f1e0b5b1177175c
SHA51259d9d052262aff882ea50636d3ac8864c6c1cf0f58f813ed4f0b0de795464d1e62d5c67ebc547c92e62b9df3f8cf04f755e12d03d253d8ef29a3edb75df8a727
-
Filesize
32KB
MD54f07b7c07db3deeaef154a2f2c9646b0
SHA16ada698575fd2ce3b8041f85d04dad5bd846a03f
SHA2565c6ca16525876afba9f88ae6809b550793501ed5c5a73b8a800d4029ff92c98c
SHA51235d71140bddbe016fe55a1e9328b3d284b3c9d5ebe9225b062b994bff4c70555fdf81378a299ab70f1c4d37b60a18a5f8a411e63fe4562299863bb1378616a90
-
Filesize
8B
MD56ef23bccadc81fb82d7eeecab7166eed
SHA1379fb55375f791483209d02402c6c359fe6afc12
SHA256da5498ac44fd5b5f97353e6f28c673c28985ae25330f183b90a1a20b4bf4e85a
SHA5126e10f0bfc5983272d128dfe59f9868a59098e8ae388e55a0ab9f25d85b1c979728b295f39bef985bb7ef8ff1bc9b14c5f315ead269b8cefb4aaa2e82ca0cf5b1