Malware Analysis Report

2025-08-10 20:04

Sample ID 250704-pdvsqahl2z
Target 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop
SHA256 33ed29a94afa1d569b04e29d326a7e3979b9a27bd7a8356bf863a661bdbeb3c4
Tags
discovery spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

33ed29a94afa1d569b04e29d326a7e3979b9a27bd7a8356bf863a661bdbeb3c4

Threat Level: Shows suspicious behavior

The file 2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer

Drops startup file

Executes dropped EXE

Reads user/profile data of web browsers

Enumerates connected drives

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-04 12:13

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-04 12:13

Reported

2025-07-04 12:15

Platform

win10v2004-20250610-en

Max time kernel

149s

Max time network

140s

Command Line

C:\Windows\Explorer.EXE

Signatures

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini C:\Windows\Logo1_.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A

Reads user/profile data of web browsers

spyware stealer

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Z: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\S: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Q: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\O: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\N: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\J: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\I: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\U: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\M: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\L: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\K: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Y: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\X: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\V: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\R: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\H: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\E: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\W: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\T: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\P: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\G: C:\Windows\Logo1_.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Office\root\Office16\FPA_f14\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ko-kr\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\hu-hu\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-ae\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\VisualElements\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\wa\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Windows Media Player\fr-FR\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\css\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_proxy\win11\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fi-fi\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sk-sk\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\da-dk\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\EBWebView\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Trust Protection Lists\Mu\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\hr-hr\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\it-it\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\be\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\it-it\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\identity_proxy\win11\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sl-sl\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sl-sl\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-gb\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fi-fi\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files-select\js\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fi-fi\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ru-ru\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Updates\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\hr-hr\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\zh-cn\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\br\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-fr\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\root\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ko-kr\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ca-es\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\Bibliography\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\cy\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\nn\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\nb-no\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\tr-tr\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Mozilla Firefox\defaults\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\hi\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ja-jp\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\es-es\_desktop.ini C:\Windows\Logo1_.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\rundl132.exe C:\Windows\Logo1_.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\rundl132.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Dll.dll C:\Windows\Logo1_.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Logo1_.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2996 wrote to memory of 5920 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 2996 wrote to memory of 5920 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 2996 wrote to memory of 5920 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 2996 wrote to memory of 5248 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\Logo1_.exe
PID 2996 wrote to memory of 5248 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\Logo1_.exe
PID 2996 wrote to memory of 5248 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\Logo1_.exe
PID 5248 wrote to memory of 5704 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 5248 wrote to memory of 5704 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 5248 wrote to memory of 5704 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 5704 wrote to memory of 5276 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 5704 wrote to memory of 5276 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 5704 wrote to memory of 5276 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 5920 wrote to memory of 5456 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 5920 wrote to memory of 5456 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 5920 wrote to memory of 5456 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 5456 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 5456 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 5456 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 2232 wrote to memory of 2268 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 2232 wrote to memory of 2268 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 2232 wrote to memory of 2268 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 2268 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 2268 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 2268 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4672 wrote to memory of 3148 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 4672 wrote to memory of 3148 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 4672 wrote to memory of 3148 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 3148 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 3148 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 3148 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4904 wrote to memory of 4608 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 4904 wrote to memory of 4608 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 4904 wrote to memory of 4608 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 4608 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4608 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4608 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4724 wrote to memory of 4596 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 4724 wrote to memory of 4596 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 4724 wrote to memory of 4596 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 4596 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4596 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4596 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 5248 wrote to memory of 3532 N/A C:\Windows\Logo1_.exe C:\Windows\Explorer.EXE
PID 5248 wrote to memory of 3532 N/A C:\Windows\Logo1_.exe C:\Windows\Explorer.EXE
PID 624 wrote to memory of 4536 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 624 wrote to memory of 4536 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 624 wrote to memory of 4536 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 4536 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4536 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4536 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 3248 wrote to memory of 4812 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 3248 wrote to memory of 4812 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 3248 wrote to memory of 4812 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 4812 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4812 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4812 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4388 wrote to memory of 4060 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 4388 wrote to memory of 4060 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 4388 wrote to memory of 4060 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 4060 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4060 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4060 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe C:\Windows\SysWOW64\cmd.exe
PID 4396 wrote to memory of 5036 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe
PID 4396 wrote to memory of 5036 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a510E.bat

C:\Windows\Logo1_.exe

C:\Windows\Logo1_.exe

C:\Windows\SysWOW64\net.exe

net stop "Kingsoft AntiVirus Service"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5275.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5331.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a53FC.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a565D.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5767.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a57E4.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a58AF.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a59E7.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5AE1.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5B7E.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5C58.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5D33.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5E8B.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5F08.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5FE3.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a606F.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a610C.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6189.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a63DA.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6448.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6542.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a659F.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a65EE.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a666B.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a66C8.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6726.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6793.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a67E2.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a683F.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a688D.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a68DC.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6939.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6987.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a69D6.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6A24.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6A81.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6AD0.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6B0E.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6B6C.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6BCA.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6C27.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6C85.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6CC4.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6D21.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6D7F.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6DCD.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6E69.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6F35.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6FD1.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a708C.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7177.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7280.bat

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp

Files

memory/2996-0-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Windows\Logo1_.exe

MD5 4f07b7c07db3deeaef154a2f2c9646b0
SHA1 6ada698575fd2ce3b8041f85d04dad5bd846a03f
SHA256 5c6ca16525876afba9f88ae6809b550793501ed5c5a73b8a800d4029ff92c98c
SHA512 35d71140bddbe016fe55a1e9328b3d284b3c9d5ebe9225b062b994bff4c70555fdf81378a299ab70f1c4d37b60a18a5f8a411e63fe4562299863bb1378616a90

memory/5248-8-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2996-11-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a510E.bat

MD5 801d6f198f5bfd815226916080ccf985
SHA1 e71e379c7c5f77c002f7935e117d48c8658a5177
SHA256 de9a1ef8de63d66a896f3e136e13a47d5c94a9aa894619f463a60936dfec4dbb
SHA512 d60b146c8fd54e374c48adce8f081a04bfd1da1b0992e59258d4f84ef77c098d9e143cfa720b6c308a96cd6010965556a6d60b2c37566045119d86774255101f

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 7938572cb00a29f5d274feeac93b4587
SHA1 fbe6449dbcde47c32c087bf554747cf2bd1901e3
SHA256 33a99f439b01b893b57cebc91385e0fe3dd817904cd691b21f4b901b91385d59
SHA512 2e5f9ac2bfdf1d6f3f74ae5513ff8180c637641119a5075cac31840301c4c5675f9ec6763d9cadf722676bf2f91e34ce75d728bd71fa1aa340ecd42cc61c5489

memory/5456-20-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a5275.bat

MD5 ab54ec135e4a72f285c93849e32d3419
SHA1 bfe1c7557a4127c1e5a42ce581695436269107a6
SHA256 0b4a26f75e38c95a1b99abb89dbb1f555ea1d1bc90a901de4349a31a0cf8c9f3
SHA512 bde14314bf7539b4c9114ba8befaf1b4871885572bbd715e278ea6cf13e60fd25ade67f5ec99bfc8894f9f8633dccfcfe93566530cbef0a3e439e8cb556fcf8c

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 b370bf7b5f408728135027702741575f
SHA1 7d9d0988351850e9254dbb0e413540a602a29f73
SHA256 5f4ad444f640b440f8dbd93d7b7bdcde6f49eb0d934713639ae1960882b35b10
SHA512 6f9c83b8b31b4747d934daa6920acf2ff261b045bef62cdc92fcc2bbe4a60e6ca47d85e96a36a35fbaea63ab7dfcfdeb85af81b1988e306563ec5989f349a5cd

memory/2268-27-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a5331.bat

MD5 e874692c0827d162d54d6e48bc72c187
SHA1 fb4567ed4ea7a52e97328511ab02446310befeef
SHA256 152243874e74772308c75afeb4eacb8a21de9f9ddae697fc09d030ef94ee838d
SHA512 603bb712428659b4886de79efdec9d72836e55445106b8f5a32114a0346c47fcd83294d32fd31db60ed91aebd15833ffc5aa465cb55db3e5a5a736d88a72007c

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 303a355f22509e59a213419f95e6be89
SHA1 8c4afa4b8b0b2540ccfc7a05cf90c8acd9403902
SHA256 df0440dc62f4f9ffb87b29a773b34faa7cca111b64000485347fc5461249bcc8
SHA512 122f1d387c551c405bb8d6b416be8c3ae15239c4180abbfa9edf012bb0061b90fd3bac8a2fd09f1c9ee05a2694cacb5a616bc9a44d9b007a348d3c2999f7e1e6

memory/3148-34-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a53FC.bat

MD5 1bf973f11e400bb899f207e47649de9c
SHA1 b5cdfe7cb9fe75f2eba86c9c336bae224b925639
SHA256 fd95dd7a9472cb748ce9910bf88e8ac37f1a97911344f02244e421ac0d41f0fa
SHA512 88744dee9aa4970162bf422fbc11906a291a9fd95c220aa101bde843257a1ee35ed1a04bebaeb28d2b718f24e7aeb4ecf8d8cfa7fb80ec8b78508422d1ddc4fe

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 a0fde2f1eef57cfd1fb57a8dd0dbc2aa
SHA1 7ad54bea32cbaf5c9161b3c98001a4cf6cf6b2dd
SHA256 07175b86daccf8d25d71eed1ed175db22244f0a65721ffc972bff96bdd6753b2
SHA512 87599ad66df95f7f212607b8a95cb580acd8633d70aa3495b584dce1efc12bcfc693886734a71412e47285e14aff491b751371be87ef78371e3ae6a9fbcad8a2

memory/4608-43-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a565D.bat

MD5 88b9b4ae7f045d37cba74b14eada5e1b
SHA1 6e5600c99f53175a4b20173da44b91d93d3d2c1d
SHA256 177e240af6590958593fd19ee588cff46454bf33a72ae41c8b9e5e87920e759d
SHA512 c6661cdfc3860829128b32990ee92d857a0a2246ea37f733ae352ddcdc8f8d6ef0dd9ab0d63a40ba65b93adc5094bef1ca528e44cdd32cf999282d8730fc116b

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 ff9aa2eabd6af37cb4592feeca60e7d9
SHA1 55c9cb88a56cbf9fcac39158d1e2226f232a7b2c
SHA256 427e7a9831fd837e8ae648040e1999531fe93673182c77cf2ac8a0677c6262e7
SHA512 6bbe75f25da9f238ef8abeb1f5ebdf84fceb9b0138f0b46b313d4f2f404bb0e6564d5a157bb8a6895ec04170204df0631a554984f35c5ddd283086d064c82db5

memory/4596-50-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a5767.bat

MD5 80ca9cb11b1064879099a06faa64de4c
SHA1 73b9697e726310b08e8dfd11fa193b7e66d59d67
SHA256 505fab6082e4c39b95d98db7616c41d881b4db7b75440d58feaf5946df084a81
SHA512 5870c498c7238f30b0068128cd86989c29739ee2273f1c673cf69e0cf98832460daee7cf9092245cc5f8a7c6182671d8b6a02896b9b7304cd528f5e15267152a

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 b2cc03fec835158f089ea779a0a744aa
SHA1 70321aa424e53eb6cedde9dc69a6b7cffdbb24cf
SHA256 340937edc76e4a378505768ef09a0f17874aa913c74b931f6b1f767da2842eb8
SHA512 60f1214ef1c91ab2ab1f6d6104eba4fd765126075c7f435a7bda6314ab60d049f6e017805fd62bcd96f9fd2b5577c679ad0aee8a38949e11e256cb74b25aa223

memory/4536-58-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a57E4.bat

MD5 20d089be03f4b4b8ca3e23145b87ad9b
SHA1 10b27917e87575178357f07ad2c2d9a227b64d62
SHA256 b04a5e8e51199dbd25e9cbc8a07e8cb9263b38c7897a7e456d9d68f265f3da44
SHA512 50d31db0b3a339ff92551ccd6066e1812169870e2a09e719a8c291bdd241c0828ac6882fb2c51c7bee2044b0f3b7b5f68d8975d4b7faeb0833bedc4e4ef9a41f

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 1d71b86aa1f8d32070d5ed79377108bc
SHA1 f0a2772ec0469409d56b1a42ed8ba7c827ef2c49
SHA256 1a9dea78ef3a52f777dabc2d41a32cd3e48a0ea54f9153fa55df2ac7eed4138d
SHA512 cd26f2a3e48b0ac22ea523c253e9668a6a96c094c64af64de0760c66a4953ada4fa62a1882d886da0d3e7540fc26d771821bd85120e17f6bf53577d1ae8a0c65

memory/4812-65-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a58AF.bat

MD5 de725abec0e3dc46d204d5e0c7930d94
SHA1 e7c8f30cc65a24be52610cf2c699810b404e7713
SHA256 4f8dce771af0891674febea9549be7e1616a0e27291589a5c7b690ac75b511a0
SHA512 c8800d2eda892bfb1f161c3337a1780f8efb62f505d44ae1600f7891100aea6218f362a67b8471e953f89d7d31bc5df849f7faa2c142694813dcf637d3096a37

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 bd4088548ede174ddd0ce92fc6975d77
SHA1 e27a2fb5589b99678482f2cc10481a8c36a016a7
SHA256 ba2be1ce13e4047ce9e275b7b57f44b819230b91cc4f9c97fc814d49a06b6a96
SHA512 a88804984e92db658c393684f56b79206b3686d93ab408d49ec0af6b2fd07ad30df4753f86dc91f9e73418a4929397e89392d63635fe56938c4280f7ba70e438

F:\$RECYCLE.BIN\S-1-5-21-815616237-4012932787-4224613991-1000\_desktop.ini

MD5 6ef23bccadc81fb82d7eeecab7166eed
SHA1 379fb55375f791483209d02402c6c359fe6afc12
SHA256 da5498ac44fd5b5f97353e6f28c673c28985ae25330f183b90a1a20b4bf4e85a
SHA512 6e10f0bfc5983272d128dfe59f9868a59098e8ae388e55a0ab9f25d85b1c979728b295f39bef985bb7ef8ff1bc9b14c5f315ead269b8cefb4aaa2e82ca0cf5b1

memory/4060-78-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a59E7.bat

MD5 9b468af967c99f0fec43b114c4664245
SHA1 7b85d2d99e3d062e6fa0fe84dca077c4bf1fb807
SHA256 39472a8b7180155359cd46bdef4405db66a7285a7d6330df3aff0b8f6e2cb702
SHA512 66bc163533329bb3299b061d497a2ec46841f2ccc2c66d163d3eeefb47449190a1ec484f9143b955820225b081e73edc47f6c0e800bdcf1b9fecfa91e9413535

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 d2ad3ee5a299b23c491dec7c4d12436d
SHA1 4b1b3500978b6306e6e34cb53a90da7d7bb13a57
SHA256 95895ddfa7e15e87281def40ad11e103a173a18731b18e69a462098437792596
SHA512 02b666a31882b040b31b6e89c1b9defa9c51f91ac29883b39fe78fee8f86ca388897bb3a29e94e15d8f28e232d8693f220faa05b672b1fcb5f5471d26e6cc036

memory/5036-85-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a5AE1.bat

MD5 31f0589ba1dbde82b6420649b0276f51
SHA1 4472882839e7b2034d2a68900c66267f716cedb9
SHA256 0fab4ce0b6f886e1c92ee98c8c78d938dcb3cffb32b251309281db551ffc4a8e
SHA512 c0bbd3f6e537e92a98c91e7202ebe6b8b65d4524e2272ff71f7cfe15c18377bf4b408b3997b3dc14c1320acccd6348e134c72cd161d90dc86f6e418db997de00

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 e753b2cb430b4d9557b1c3c4ebc1699a
SHA1 0c4fc16e70440cffffe58b699239e7ad842ff9d4
SHA256 4b3adf8fd153b1648224bf7264ed73e9c3ce4ea7a3a7b43622be4a70f5d2ddaf
SHA512 4895ad7fb02dab75d99efc3a16f5edfbf214581afac48df07ac61c509b5b0033ee0a73369813e99d05853a0075d61efd001733fc9cf76dfdb99dca56d35b3ded

memory/5248-89-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3944-93-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a5B7E.bat

MD5 6b7f839aa62c1f951701b84564934e98
SHA1 d50dca092c3d3cbfeb52d32e1fe1cb75cf885b48
SHA256 11bfd6a12f11660b064a563835db7f93c6858d41d92c610109d18989980399c6
SHA512 9d91299c595d69363fd8310b78c01a4f65cb9fcbb7ecf91a4fa81a52671cf0ca52c4d04e448ccb02c2685f45cb5c5464ea276d49ea62eadd9cf4920edd8567b5

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 135ebbe9337d2af180436d5ad036019a
SHA1 165c97df3f426040c0ca68d7091a6cd5b421c1ff
SHA256 17554e49a8cb2ddb0658896fca59179a40086668e7e187209656daaaafdcd667
SHA512 f93564a5bdec18f8b308ffc75dd1406f459429d64b4a48bd6c35914b8d7fe8d861e049b2af6e928fbbe612985a7999a3c73452d7289081ad253d37f02cfffeb5

memory/5324-100-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a5C58.bat

MD5 80dff0fffd099b34d5278901064a270b
SHA1 8a8d6eaf7255e7885acc4b7e0801f9e26f0b72a7
SHA256 23e346475f7bc5e6a062d06684d46a5d7eb22233ef6c8b1af5b81f95632fa954
SHA512 6e61923b58e981080171f344288a04f7ec08903b416e98d22d9939887e99ec17500a7e4dbe8e3106545f3278e6b4aa4bcca6018516db7e587d5e69ad897b4725

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 df0341888d55a56f098914a9b4be90fd
SHA1 52dc9af602deb7410f93ddb1646afebe7b4ef410
SHA256 e0ee940392df93819b08cf07ef66c1ace6d9810b14b21beab8c99b83549b696f
SHA512 84b56fa4e13c6526f5ef11cf3da5f5d32e098e39457f3c7f663dc70c4d35c4a1ffc9cc30dc40f280e74119c023c67fd8b4d942d2c47390bff3da278ff6416ef3

memory/1032-107-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a5D33.bat

MD5 4baaaa988d78e8a48b72c6080c9bea3b
SHA1 ac43e664e9f878f866f81d652b3f89dc37471935
SHA256 9e1732c267a2f9032adbfc98630aa5f13efd4a990261fb7b9b76ae670fbc5145
SHA512 b8b6bc5f55362398568fa822ec6a2dfb83ea3e5003a1d8b06e61d60da74b9fbfb4c51797e18cfb4a0a3e8234a648a94ffeb9aa45923b56f9ba5a9fad1e86d4de

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 7461964b86d8d9ceb81ea27bbd1cead9
SHA1 1fe3400e26d424b93c055e75ef46952dac20ceca
SHA256 691c5bfa0bc220695339b8e06e208e4f3d1a625a89cbb2a7f9d15155feacf23c
SHA512 276da7c1112185df9ec77133e1cb4d87d0b1f4a83f2af8fd43f1e933fe5d481e8462279e97f28ca34d76bb87263ae693944f260cf687251137ed87369c85f288

memory/3000-118-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a5E8B.bat

MD5 f2db97ad87077ff80c0b45dbc0d55e23
SHA1 3b6827aa6cba3c08f5b1e8e5efce7497ddecb288
SHA256 9a3e7f61e8bca46a729021a035798cfbb4c5aa9a09ba2112e7ad26c1abf88ebe
SHA512 3dbbdd31e6600d8db9e52b1bcf05cd9645ad140dd268b2a09fee211e44254ed0e4f3994bbe034ad223beac250a2d840b258caaf7e1ec20eed4985b56f61368ed

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 df0302482ccd76fc6908b820306f8ba2
SHA1 bdc4aed7a37e6f8cebf7795e35680a7ecb93bd88
SHA256 412724c9387e49a920f095b18ab31a64034005666ea39252ac6568cfd73c3c0d
SHA512 2ec1f2538089a9b79ca7a9315cf121f08758af75a63c13675a643f1580650eeefd5fdb7ef52539a373cf42cb03ee554181e1bae27a7e76d359a684b258f0b692

memory/2908-125-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a5F08.bat

MD5 f69fe0fe8e7e25ed57bf5131dd8bd0f1
SHA1 f525a4f44c6a9cb5b24e8f37410391a8651d779f
SHA256 3289c7726ba3e8526a5daca83eb308f0af8d1a624c93d645b8f749767febd21f
SHA512 b83cc5baf900f31ef9c17ce7ec28bd00737c8e99cb4195f0bf2d3976aa80ee619124288a22f7e048c759ae688119d6765725a8ce92acff0dd16879a08ca852d6

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 1c19f6830bfc3fc0740427cb14e1040e
SHA1 0d9fab5c9f647153f02e6340f0f92482ab8751af
SHA256 bffea8706766361769b12c56f9b33ab95b097e1621c79d43ba8cf37a296750d5
SHA512 04e73d2ee53c60417fa1363231fc2d9c26ca0932c9b20a40a29b01cd2e3f514bf460822127261b82e3155773603c0824aa72ad47354ea08b0f6bca16cd69d921

memory/2932-132-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a5FE3.bat

MD5 cade2937bc6ccebd463e7a37ee87a29d
SHA1 3a0fa7b089c36896ebc89b8640ae3d37c5714104
SHA256 08a2fab1b9648f25f2fead7b6f01c2b9e5b5908190d7b58f08955551443c6903
SHA512 6d270cd5caf5055421c3932fb5832b821cc7280c79f1590cb0c06fb03496072e7f3ae369dc3882e305834533e6d8e5f71a23c67c9549436328c3637052e7ae3d

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 eb47c42e1779e57506d7238581b0ed8d
SHA1 d2b538fb7efc750a44e4f64cf6c6444cc2e6e7cb
SHA256 d4fb284b8814929af7252e93e534a5a511ed8fa94013f6c1fd097c5d46fa1f25
SHA512 490e0968c7b45d9321fb4ca7fd4fbebb845c1410152d528c673fd271ea537c9df7bf93a659ed0ec284718f01881d6ff8a1de9615a888f2520a1dc74a90dc0451

memory/3104-139-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a606F.bat

MD5 e346815834dd93b360b7d8f825f0cf25
SHA1 342027dff513be4c46f4427841433ac01c468a1f
SHA256 96e539d3393951410c17e0d804f42c3da91c27b68e339456e9c705b6b1ef7f34
SHA512 8a0224c6acf78f452c70ff5ff305e327e2db2ea2c4440b06e274cdcc008f8223ff5be29ef3e4b2d1c1c0d3c62cfd2b0960a1fe3c5c1d8fe87170123baec7f8bd

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 84647a39a0ad452f817c79b54c417213
SHA1 fdd4d3aab692ef571e3c40461d803834695c2e42
SHA256 164895fd7a55a5155ec4f6543f550f1d6535a7a95ed01f8012e661afac3f02e2
SHA512 0df23163881dcc812ffc782e54e0011bf586bb86097a9cde81ea7f60fa3d9596054952fbc304c19b7af94d8ecf02e1d72bc818c2cb2a866cf0b0bf30388e9e69

memory/2508-146-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a610C.bat

MD5 edd48eb5d479c8035d9f01949cd398e8
SHA1 89c501eb517c75511dd29649d8e9cb812faba1ce
SHA256 3986aad3a218cd574f51c02b4d529b04047f435000e715712c47ab590924b78e
SHA512 0b17b397e68dec7fe4de421c9f1fe3494336848fcff5b0d7fdb5f1534643bf21d9d89fb826eb1f930b8f964ae870b98a040c54a93a79735ff942b0cf974e6c29

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 26d32b81aa2c689bd02a123b70459da5
SHA1 2f32cf147c72db23d3399830c65f416c50943edb
SHA256 b725aa36c84935145a08acd2dc2be48f3da11e32c084496d2f1e0b5b1177175c
SHA512 59d9d052262aff882ea50636d3ac8864c6c1cf0f58f813ed4f0b0de795464d1e62d5c67ebc547c92e62b9df3f8cf04f755e12d03d253d8ef29a3edb75df8a727

memory/6060-153-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a6189.bat

MD5 f500c4ff8a0780757387beb159727edc
SHA1 38a2048747dd5195abb84ad91a98bbf8157e6097
SHA256 8d31c136f84094b766e537f0b881cce8ebcc409958997643ffaf01e43d3fbff1
SHA512 913e3eee9623279674d901eef0ad7bbb4149de6c7fa85b492776b488ed3015c1b434893fcbe1bb2d15392186cc84531b4b327ed9ad8c793fd20d206641cb8772

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 58f5774c17668db110cc17ee2283ab27
SHA1 bd0662ce731e7f36e52fad4b8a73f2b132a4528e
SHA256 efbd8711ef5018e42159beb614e8d94671c23ade9b0d7e652356c7af6b2ca740
SHA512 ca9cba1caa4a25f6205c4f2fdea0de17ac55a47029646603089dc703a5dca053089393bbee5de5ce3782265fbcc78983a4350df9acee1ebfae76e5281f59c4c7

memory/5092-162-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a63DA.bat

MD5 943fd77e353978f67f493431047cd904
SHA1 febab7b16bb87b2d979abc33fb3b6695c7ff602b
SHA256 19c9283e3bf990472c98ea69978cf9ad8b2e8025b3e642c6d5d0ea65622d0b05
SHA512 4a27f44a0be258f71b9c063550e1646264d2df4bdac34b241301b681fbb2a7383fa04b7d85016f9a9a10b97f478a61293738b2a9b109b9cbca8cf313d1dd0f2d

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ca1eef78df829a9a6a6b676652bee86a_amadey_elex_smoke-loader_stop.exe.exe

MD5 1090b37d9d14b51753fcb76982193355
SHA1 623eb7266431fcdee66cc5dd95bf62f7d9c90ef4
SHA256 22fba10f578b8352eb5076ffb8c1ac6a66403d8796a9a3a98ac04583080b3b8b
SHA512 006a7f35a3d8889c20f4959e9d33b48637f86f2d6c7ffc13e44b4933274f0b7e0a718e2b2adfdd150e9acc38088a322b7188b89aba0ba650caa528fa1485f232

memory/1396-169-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a6448.bat

MD5 0863152a8193568ea493d7b64b285028
SHA1 9b00ac8e393421146dcd5401e620f70a4a3405fd
SHA256 23bd299e8e5fc4b30ee2c9b119d5ed274f2017c7b630175bf99fb27696a69e6f
SHA512 c01c357a025e80c5ed8de0d2cef9af68327748c332faa1393cb9ab490aabafb432a35d6178d4d0a1793fb19c020f48514fc669b08596be8858088692cb84e655

memory/396-174-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4148-178-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2920-184-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5300-188-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4024-192-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4872-196-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4704-200-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2876-204-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4392-208-0x0000000000400000-0x0000000000445000-memory.dmp

memory/6104-212-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1508-216-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3900-220-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3080-224-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5444-228-0x0000000000400000-0x0000000000445000-memory.dmp

memory/976-234-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5764-238-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1864-242-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1984-246-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2992-250-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1872-254-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2940-258-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4016-262-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4448-266-0x0000000000400000-0x0000000000445000-memory.dmp

memory/6060-270-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3788-274-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3272-285-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4168-368-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2084-561-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1248-702-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5040-910-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4756-1258-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4260-1503-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4260-1617-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5248-2606-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5248-10220-0x0000000000400000-0x0000000000445000-memory.dmp