File name:

2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader

Full analysis: https://app.any.run/tasks/48c597cc-0d6b-4a89-9e00-21e5eeb5b4dd
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: April 29, 2025, 21:55:48
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
upx
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
MD5:

2FA49FC377DB448C767359DFE6621B14

SHA1:

0D013A6549E4F1AD24FB0B8D328B17E95DA062CA

SHA256:

2BCD21C1920C201C8FCA602E33AC9526B233F5B621A4C9EC4C0321AE5B68A61E

SSDEEP:

49152:vfi1Kal/wICLXUZgvBzHwf65oaBR9+IuvJU8tWmbf8+hQAHPAkR0CGss/eg4gYo6:S17/DyXUSzQy57QIuvN8mYFAvAkR0CGI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 5176)

    • Connects to the CnC server

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 4408)

    • Actions looks like stealing of personal data

      • 360TS_Setup.exe (PID: 6724)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 4408)
      • 360TS_Setup.exe (PID: 6724)

    • Executable content was dropped or overwritten

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 4408)
      • 360TS_Setup.exe (PID: 3676)
      • 360TS_Setup.exe (PID: 6724)

    • Reads security settings of Internet Explorer

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 4408)
      • 360TS_Setup.exe (PID: 6724)

    • Contacting a server suspected of hosting an CnC

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 4408)

    • Process requests binary or script from the Internet

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 4408)

    • Potential Corporate Privacy Violation

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 4408)

    • Starts itself from another location

      • 360TS_Setup.exe (PID: 3676)

    • Creates file in the systems drive root

      • 360TS_Setup.exe (PID: 6724)

    • There is functionality for taking screenshot (YARA)

      • 360TS_Setup.exe (PID: 3676)
      • 360TS_Setup.exe (PID: 6724)

    • Drops 7-zip archiver for unpacking

      • 360TS_Setup.exe (PID: 6724)

    • Drops a system driver (possible attempt to evade defenses)

      • 360TS_Setup.exe (PID: 6724)

    • The process verifies whether the antivirus software is installed

      • 360TS_Setup.exe (PID: 6724)

  • INFO

    • Checks supported languages

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 4408)
      • 360TS_Setup.exe (PID: 6724)
      • 360TS_Setup.exe (PID: 3676)

    • Reads the computer name

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 4408)
      • 360TS_Setup.exe (PID: 6724)
      • 360TS_Setup.exe (PID: 3676)

    • The sample compiled with english language support

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 4408)
      • 360TS_Setup.exe (PID: 6724)

    • Checks proxy server information

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 4408)
      • 360TS_Setup.exe (PID: 6724)
      • slui.exe (PID: 5384)

    • Create files in a temporary directory

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 4408)
      • 360TS_Setup.exe (PID: 3676)
      • 360TS_Setup.exe (PID: 6724)

    • Disables trace logs

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 4408)

    • Reads the machine GUID from the registry

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 4408)
      • 360TS_Setup.exe (PID: 6724)

    • Reads the software policy settings

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 4408)
      • 360TS_Setup.exe (PID: 6724)
      • slui.exe (PID: 5384)

    • Creates files or folders in the user directory

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 4408)
      • 360TS_Setup.exe (PID: 6724)

    • Creates files in the program directory

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 4408)
      • 360TS_Setup.exe (PID: 3676)
      • 360TS_Setup.exe (PID: 6724)

    • Process checks computer location settings

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 4408)
      • 360TS_Setup.exe (PID: 6724)

    • UPX packer has been detected

      • 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe (PID: 4408)

    • The sample compiled with chinese language support

      • 360TS_Setup.exe (PID: 3676)
      • 360TS_Setup.exe (PID: 6724)

    • The sample compiled with turkish language support

      • 360TS_Setup.exe (PID: 6724)

    • The sample compiled with russian language support

      • 360TS_Setup.exe (PID: 6724)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (56.1)
.scr | Windows screen saver (26.6)
.exe | Win32 Executable (generic) (9.1)
.exe | Generic Win/DOS Executable (4)
.exe | DOS Executable Generic (4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:12:09 06:58:37+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 456704
InitializedDataSize: 1054720
UninitializedDataSize: -
EntryPoint: 0x53c04
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 6.6.0.1054
ProductVersionNumber: 6.6.0.1054
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Qihoo 360 Technology Co. Ltd.
FileDescription: 360 Total Security Online Installer
FileVersion: 6, 6, 0, 1054
InternalName: 360Installer
LegalCopyright: (C) Qihoo 360 Technology Co. Ltd., All rights reserved.
OriginalFileName: 360Installer.exe
ProductName: 360 Total Security Online Installer
ProductVersion: 6, 6, 0, 1054
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
125
Monitored processes
5
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe 360ts_setup.exe 360ts_setup.exe slui.exe 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3676"C:\Users\admin\Desktop\360TS_Setup.exe" /c:WW.NewDon.CPI20230201 /pmode:2 /syncid0_2 /promo:eyJib290dGltZSI6IjciLCJtZWRhbCI6IjciLCJuZXdzIjoiMCIsIm9wZXJhIjoiNyIsIm9wZXJhX2lucyI6IjAiLCJwb3B1cCI6IjciLCJyZW1pbmRlciI6IjciLCJ1cGdyYWRlX25vdyI6IjAifQo=C:\Users\admin\Desktop\360TS_Setup.exe
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
User:
admin
Integrity Level:
HIGH
Description:
Installer Module
Version:
11,0,0,1195
Modules
Images
c:\users\admin\desktop\360ts_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\imm32.dll
4408"C:\Users\admin\Desktop\2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe" C:\Users\admin\Desktop\2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
explorer.exe
User:
admin
Company:
Qihoo 360 Technology Co. Ltd.
Integrity Level:
HIGH
Description:
360 Total Security Online Installer
Exit code:
1
Version:
6, 6, 0, 1054
Modules
Images
c:\users\admin\desktop\2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\program files\common files\system\symsrv.dll
5176"C:\Users\admin\Desktop\2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe" C:\Users\admin\Desktop\2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exeexplorer.exe
User:
admin
Company:
Qihoo 360 Technology Co. Ltd.
Integrity Level:
MEDIUM
Description:
360 Total Security Online Installer
Exit code:
3221226540
Version:
6, 6, 0, 1054
Modules
Images
c:\users\admin\desktop\2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
5384C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6724"C:\Program Files (x86)\1745963791_0\360TS_Setup.exe" /c:WW.NewDon.CPI20230201 /pmode:2 /syncid0_2 /promo:eyJib290dGltZSI6IjciLCJtZWRhbCI6IjciLCJuZXdzIjoiMCIsIm9wZXJhIjoiNyIsIm9wZXJhX2lucyI6IjAiLCJwb3B1cCI6IjciLCJyZW1pbmRlciI6IjciLCJ1cGdyYWRlX25vdyI6IjAifQo= /TSinstallC:\Program Files (x86)\1745963791_0\360TS_Setup.exe
360TS_Setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Installer Module
Version:
11,0,0,1195
Modules
Images
c:\program files (x86)\1745963791_0\360ts_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\imm32.dll
Total events
10 604
Read events
10 576
Write events
24
Delete events
4

Modification events

(PID) Process:(4408) 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LiveUpdate360
Operation:delete valueName:ieproxy
Value:
(PID) Process:(4408) 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\360Safe\Liveup
Operation:writeName:mid
Value:
80342cb959da2233832ae840f019ccba8b56b331eb673be97c52113eab1cd1bc
(PID) Process:(4408) 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LiveUpdate360
Operation:writeName:proxytype
Value:
1
(PID) Process:(4408) 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(4408) 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(4408) 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(4408) 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(4408) 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(4408) 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(4408) 2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
Executable files
864
Suspicious files
754
Text files
350
Unknown types
0

Dropped files

PID
Process
Filename
Type
44082025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exeC:\Users\admin\Desktop\360TS_Setup.exe.P2P
MD5:
SHA256:
44082025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exeC:\Users\admin\Desktop\360TS_Setup.exe
MD5:
SHA256:
3676360TS_Setup.exeC:\Program Files (x86)\1745963791_0\360TS_Setup.exe
MD5:
SHA256:
44082025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exeC:\Users\admin\AppData\Local\Temp\!@tDEE8.tmpcompressed
MD5:23F6C2D22E02CA57E5981390A31614E6
SHA256:E286B44BC86EC8C30BC4212181EEA925D1BEF1045A1BF1D0C2384140F7027A60
44082025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exeC:\Users\admin\AppData\Local\Temp\C__Users_admin_Desktop_360TS_Setup.exe.membinary
MD5:F523AB266F71D0E283920DDBE063CB9D
SHA256:6E342C8839E395C3217D84840954101D991371B261C5CAB0D92BE5BBA5FA9E85
44082025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exeC:\Program Files\Common Files\System\symsrv.dll.000text
MD5:1130C911BF5DB4B8F7CF9B6F4B457623
SHA256:EBA08CC8182F379392A97F542B350EA0DBBE5E4009472F35AF20E3D857EAFDF1
6724360TS_Setup.exeC:\Users\admin\AppData\Local\Temp\360_install_20250429215634_1139078\temp.7z
MD5:
SHA256:
44082025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exeC:\Users\admin\AppData\Local\Temp\C__Users_admin_AppData_Local_Temp_!@tDEE8.tmp.membinary
MD5:512DEE7E7F43DAE845D12AEFAA7D35ED
SHA256:0590E3D04B5D75EA34583DCBB5903A1B2F41080EB93A98952FD9DDE4B8361BA7
44082025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exeC:\Users\admin\AppData\Local\Temp\{1088B23A-AD5D-4e68-9959-0D27099B0D93}.tmpimage
MD5:B1DDD3B1895D9A3013B843B3702AC2BD
SHA256:46CDA5AD256BF373F5ED0B2A20EFA5275C1FFD96864C33F3727E76A3973F4B3C
44082025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exeC:\Users\admin\AppData\Local\Temp\!@tDEE8.tmp.P2Pcompressed
MD5:23F6C2D22E02CA57E5981390A31614E6
SHA256:E286B44BC86EC8C30BC4212181EEA925D1BEF1045A1BF1D0C2384140F7027A60
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
43
TCP/UDP connections
69
DNS requests
17
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
GET
200
52.29.179.141:80
http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1054&pid=WW.NewDon.CPI20230201&os=10.0&mid=80342cb959da2233832ae840f019ccba&state=153
unknown
whitelisted
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
GET
200
151.236.118.173:80
http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab
unknown
whitelisted
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
GET
403
45.56.79.23:80
http://www.aieov.com/logo.gif
unknown
malicious
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
GET
200
52.29.179.141:80
http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=80342cb959da2233832ae840f019ccba&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=654&tdl=654&tds=643&terr=0&tes=Status|1,ErrorCode|0,DnCount|6,HttpNum|1,DnFailCount|6,FStatus|1,P2SS|654,P2PS|0,PDMode|2&tfl=654&tp=t&tst=1&ttdl=654&ttm=1016&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
unknown
whitelisted
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
GET
200
108.138.24.16:80
http://sd.p.360safe.com/88C6CB61B6BAE97616CD44945EDD50B8C6CA8B0C.trt
unknown
whitelisted
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
GET
104.192.108.21:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1195.exe
unknown
whitelisted
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
GET
104.192.108.17:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1195.exe
unknown
whitelisted
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
GET
104.192.108.20:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1195.exe
unknown
whitelisted
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
GET
206
104.192.108.21:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1195.exe
unknown
whitelisted
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
GET
104.192.108.20:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1195.exe
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
54.77.42.29:3478
st.p.360safe.com
whitelisted
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
54.76.174.118:80
tr.p.360safe.com
whitelisted
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
47.254.140.82:443
orion.ts.360.com
Alibaba US Technology Co., Ltd.
DE
whitelisted
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
52.29.179.141:80
s.360safe.com
AMAZON-02
DE
whitelisted
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
151.236.118.173:80
iup.360safe.com
CDNetworks LLC
RU
whitelisted
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
45.56.79.23:80
www.aieov.com
Linode, LLC
US
malicious
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
108.138.24.16:80
sd.p.360safe.com
AMAZON-02
US
whitelisted
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
104.192.108.21:80
int.down.360safe.com
Beijing Qihu Technology Company Limited
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
google.com
  • 142.250.185.78
whitelisted
st.p.360safe.com
  • 54.77.42.29
whitelisted
orion.ts.360.com
  • 47.254.140.82
whitelisted
s.360safe.com
  • 52.29.179.141
  • 18.184.178.29
whitelisted
iup.360safe.com
  • 151.236.118.173
whitelisted
tr.p.360safe.com
  • 54.76.174.118
whitelisted
5isohu.com
whitelisted
www.aieov.com
  • 45.56.79.23
  • 198.58.118.167
  • 45.33.30.197
  • 45.79.19.196
  • 173.255.194.134
  • 45.33.2.79
  • 45.33.20.235
  • 72.14.178.174
  • 96.126.123.244
  • 45.33.18.44
  • 72.14.185.43
  • 45.33.23.183
malicious
int.down.360safe.com
  • 104.192.108.21
  • 104.192.108.17
  • 104.192.108.20
whitelisted

Threats

PID
Process
Class
Message
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
Malware Command and Control Activity Detected
MALWARE [ANY.RUN] Possible Floxif CnC Communication
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
Misc activity
ET INFO Packed Executable Download
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
Malware Command and Control Activity Detected
MALWARE [ANY.RUN] Possible Floxif CnC Communication
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
Malware Command and Control Activity Detected
MALWARE [ANY.RUN] Possible Floxif CnC Communication
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
Malware Command and Control Activity Detected
MALWARE [ANY.RUN] Possible Floxif CnC Communication
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
Malware Command and Control Activity Detected
MALWARE [ANY.RUN] Possible Floxif CnC Communication
4408
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader.exe
Malware Command and Control Activity Detected
MALWARE [ANY.RUN] Possible Floxif CnC Communication
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-04-29_2fa49fc377db448c767359dfe6621b14_amadey_elex_floxif_remcos_smoke-loader