File name:

2025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop

Full analysis: https://app.any.run/tasks/b528ed22-1840-4bda-8cc3-ef344b3eb02d
Verdict: Malicious activity
Threats:

BlackMoon also known as KrBanker is a trojan aimed at stealing payment credentials. It specializes in man-in-the-browser (MitB) attacks, web injection, and credential theft to compromise users' online banking accounts. It was first noticed in early 2014 attacking banks in South Korea and has impressively evolved since by adding a number of new infiltration techniques and information stealing methods.

Malware Trends Tracker     >>>
Analysis date: June 21, 2025, 06:04:58
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
blackmoon
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

D2E3F0FEC1A2B27806B413CBF3B1E8EA

SHA1:

08475F1DA2D43AEEA743A9BF28E018EB5062E6FC

SHA256:

8F4B016FE95AE9B087116A589447B1B4E719F20A3237710F0DBC05033E0D4866

SSDEEP:

98304:vKOlBcIt0ML1CXN0RqfaSfS25dBWO7thGjLK/cVYRrs47iZEcF2W7rxLyDzsRncD:koxjraH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • BLACKMOON has been detected (YARA)

      • 2025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop.exe (PID: 1356)
      • ufxujmsyaz.exe (PID: 4372)

  • SUSPICIOUS

    • Application launched itself

      • 2025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop.exe (PID: 1356)
      • ryhqscxais.exe (PID: 4868)
      • rrqjuohiwd.exe (PID: 3752)
      • rccbismcdp.exe (PID: 4768)
      • rcdhuaruyn.exe (PID: 6540)
      • wpxoncwcsw.exe (PID: 2120)
      • hzmusayftu.exe (PID: 2976)
      • mfjcftxqou.exe (PID: 3740)
      • juqcyakxpf.exe (PID: 504)
      • mjgszzjley.exe (PID: 5764)
      • zhaynchxhs.exe (PID: 2620)
      • wthoczabzg.exe (PID: 7008)
      • gxgkvlprpj.exe (PID: 5612)
      • iluqqfrrmm.exe (PID: 6772)
      • bmtcfhumbt.exe (PID: 1480)
      • ojcjuaddkd.exe (PID: 5240)
      • odyctbhclp.exe (PID: 4984)
      • ttfimxowgi.exe (PID: 2368)
      • gvvidqvpje.exe (PID: 6016)
      • oowgpspksg.exe (PID: 4816)
      • ohfejtaojz.exe (PID: 4088)
      • vmzpgykmfg.exe (PID: 3704)
      • dfafbzwioa.exe (PID: 5124)
      • nxzlqmyqay.exe (PID: 6868)
      • qofgxcrypw.exe (PID: 1100)
      • vumonsqowf.exe (PID: 3196)
      • qamcnxaxty.exe (PID: 3640)
      • cksadagqeo.exe (PID: 2716)
      • ateffhjivg.exe (PID: 3736)
      • iukornhfih.exe (PID: 684)
      • amwekfdrxa.exe (PID: 5720)
      • fkeppapvnr.exe (PID: 2524)
      • foafjhbxdv.exe (PID: 2972)
      • snfjcegjph.exe (PID: 2120)
      • auttjmlfan.exe (PID: 2468)
      • snqmbgtrsp.exe (PID: 2160)
      • vmgvwkcwwu.exe (PID: 3740)
      • fxxqvjpugm.exe (PID: 2696)
      • sdympzdpvv.exe (PID: 2116)
      • vodcmkfwod.exe (PID: 1560)
      • hmucvyydlz.exe (PID: 4808)
      • hfidamsmxz.exe (PID: 1636)
      • fgmghrpnjl.exe (PID: 1036)
      • clzlokfdst.exe (PID: 2780)
      • xgyjrfyrmj.exe (PID: 5504)
      • kqfnticczf.exe (PID: 4412)
      • cxepzhigqm.exe (PID: 3876)
      • mpdwoukock.exe (PID: 2368)
      • mxockrqlij.exe (PID: 6012)
      • zvxtcfisxf.exe (PID: 1816)
      • rzyvgqdzqo.exe (PID: 4036)
      • kotghgcbyb.exe (PID: 3948)
      • xxfazestuh.exe (PID: 3864)
      • toffrqobjk.exe (PID: 4760)
      • uggcmgveht.exe (PID: 4552)
      • gfviefoqww.exe (PID: 2632)
      • mkgdzzqlad.exe (PID: 420)
      • twajshbgys.exe (PID: 5724)
      • ruufiqwerq.exe (PID: 5744)
      • llczudnhvx.exe (PID: 6292)
      • zdtitzkoci.exe (PID: 6128)
      • rcdppeqtih.exe (PID: 6164)
      • oozbqhcorn.exe (PID: 3624)
      • omyvqpfdsj.exe (PID: 1484)
      • qwziwfusia.exe (PID: 6368)
      • vqrbsxhgqy.exe (PID: 2040)
      • gtvzwwoaki.exe (PID: 2188)
      • wqvmjzuguo.exe (PID: 1604)
      • bpnvcooabp.exe (PID: 4120)
      • bptynykkeq.exe (PID: 5240)
      • oskrqecuux.exe (PID: 2532)
      • digftsdnbe.exe (PID: 6688)
      • epukheoxkc.exe (PID: 5012)
      • lbpdntojly.exe (PID: 6420)
      • npfhnixsql.exe (PID: 1560)
      • ghirnygair.exe (PID: 1068)
      • oefxjyeyhg.exe (PID: 1128)
      • xmsvlipqso.exe (PID: 2272)
      • ilvfekuckl.exe (PID: 5528)
      • ldjnkfmfaz.exe (PID: 5968)
      • iwseptwtxv.exe (PID: 1644)
      • abcqvrbreq.exe (PID: 3704)
      • slzjgljdws.exe (PID: 1688)
      • ksqltkyzfy.exe (PID: 5564)
      • qgwpbvsqzu.exe (PID: 6264)
      • fwfnioffbo.exe (PID: 5252)
      • pvdvrpzfmu.exe (PID: 5708)
      • xsajfpwlls.exe (PID: 5264)
      • dflwabhypy.exe (PID: 4528)
      • ufxujmsyaz.exe (PID: 4372)
      • kctqsfjbcm.exe (PID: 5960)
      • cvvfbixaxg.exe (PID: 6160)
      • kvegsmbaqq.exe (PID: 5724)
      • eggzjcwybg.exe (PID: 6292)
      • fvoxyacwrb.exe (PID: 536)
      • mdmbjjyoub.exe (PID: 4860)
      • ullwubngft.exe (PID: 1056)
      • sjuptpvwvb.exe (PID: 1132)
      • epxvgstiyd.exe (PID: 1740)
      • kbsvxjbapj.exe (PID: 5620)
      • efpkzotpjt.exe (PID: 6504)
      • exgbjdusmm.exe (PID: 6796)
      • jhzdvfgday.exe (PID: 2528)
      • zpwotroswp.exe (PID: 4224)
      • zwdryuhxhf.exe (PID: 2188)
      • mdjadykbfq.exe (PID: 7096)
      • rxqmduasqx.exe (PID: 2580)
      • wohdcqxzxi.exe (PID: 5220)
      • btdbbusqsb.exe (PID: 3716)
      • yvxhcehidv.exe (PID: 4088)
      • bbnpfqpvyz.exe (PID: 6004)
      • osbveticcu.exe (PID: 3908)
      • qvgmbdkjvc.exe (PID: 1180)
      • tfxovkpttz.exe (PID: 1028)
      • dbjxawgmtv.exe (PID: 5504)
      • wcflrkxmat.exe (PID: 1816)
      • tzsqrcocrk.exe (PID: 2864)
      • yikmseuncy.exe (PID: 1352)
      • yfkkouattb.exe (PID: 728)
      • qffipfllmb.exe (PID: 5248)
      • wsqvkrwgqi.exe (PID: 3388)
      • yvdzsbvmdg.exe (PID: 4544)
      • fvaphaqauk.exe (PID: 4832)

    • Executable content was dropped or overwritten

      • 2025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop.exe (PID: 4644)
      • ryhqscxais.exe (PID: 2280)
      • rcdhuaruyn.exe (PID: 6220)
      • rrqjuohiwd.exe (PID: 2596)
      • rccbismcdp.exe (PID: 1180)
      • wpxoncwcsw.exe (PID: 3908)
      • mfjcftxqou.exe (PID: 6584)
      • hzmusayftu.exe (PID: 5616)
      • juqcyakxpf.exe (PID: 1644)
      • mjgszzjley.exe (PID: 6980)
      • zhaynchxhs.exe (PID: 684)
      • 2025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop.exe (PID: 1356)
      • wthoczabzg.exe (PID: 4116)
      • gxgkvlprpj.exe (PID: 5708)
      • iluqqfrrmm.exe (PID: 5552)
      • ojcjuaddkd.exe (PID: 5348)
      • bmtcfhumbt.exe (PID: 3148)
      • odyctbhclp.exe (PID: 6380)
      • gvvidqvpje.exe (PID: 436)
      • ttfimxowgi.exe (PID: 4708)
      • ohfejtaojz.exe (PID: 4196)
      • oowgpspksg.exe (PID: 6672)
      • vmzpgykmfg.exe (PID: 5968)
      • dfafbzwioa.exe (PID: 5564)
      • nxzlqmyqay.exe (PID: 1816)
      • qofgxcrypw.exe (PID: 5456)
      • qamcnxaxty.exe (PID: 6656)
      • vumonsqowf.exe (PID: 5896)
      • ateffhjivg.exe (PID: 6148)
      • cksadagqeo.exe (PID: 6980)
      • iukornhfih.exe (PID: 6180)
      • fkeppapvnr.exe (PID: 5060)
      • amwekfdrxa.exe (PID: 6892)
      • auttjmlfan.exe (PID: 5744)
      • foafjhbxdv.exe (PID: 728)
      • snqmbgtrsp.exe (PID: 7056)
      • snfjcegjph.exe (PID: 2512)
      • vmgvwkcwwu.exe (PID: 2952)
      • fxxqvjpugm.exe (PID: 3540)
      • hmucvyydlz.exe (PID: 2680)
      • sdympzdpvv.exe (PID: 1872)
      • hfidamsmxz.exe (PID: 6304)
      • vodcmkfwod.exe (PID: 2280)
      • clzlokfdst.exe (PID: 4172)
      • xgyjrfyrmj.exe (PID: 4836)
      • fgmghrpnjl.exe (PID: 4580)
      • cxepzhigqm.exe (PID: 1096)
      • mpdwoukock.exe (PID: 1136)
      • kqfnticczf.exe (PID: 1068)
      • zvxtcfisxf.exe (PID: 6016)
      • rzyvgqdzqo.exe (PID: 3488)
      • mxockrqlij.exe (PID: 5896)
      • kotghgcbyb.exe (PID: 3704)
      • xxfazestuh.exe (PID: 1644)
      • uggcmgveht.exe (PID: 5124)
      • toffrqobjk.exe (PID: 2604)
      • mkgdzzqlad.exe (PID: 6360)
      • twajshbgys.exe (PID: 1896)
      • gfviefoqww.exe (PID: 1932)
      • llczudnhvx.exe (PID: 5552)
      • zdtitzkoci.exe (PID: 4832)
      • ruufiqwerq.exe (PID: 7072)
      • oozbqhcorn.exe (PID: 5692)
      • omyvqpfdsj.exe (PID: 7004)
      • rcdppeqtih.exe (PID: 6836)
      • qwziwfusia.exe (PID: 724)
      • vqrbsxhgqy.exe (PID: 2380)
      • wqvmjzuguo.exe (PID: 2120)
      • gtvzwwoaki.exe (PID: 320)
      • bpnvcooabp.exe (PID: 3740)
      • bptynykkeq.exe (PID: 6504)
      • oskrqecuux.exe (PID: 5020)
      • epukheoxkc.exe (PID: 1096)
      • lbpdntojly.exe (PID: 2664)
      • digftsdnbe.exe (PID: 2792)
      • ghirnygair.exe (PID: 1136)
      • oefxjyeyhg.exe (PID: 2220)
      • npfhnixsql.exe (PID: 6620)
      • ilvfekuckl.exe (PID: 1180)
      • xmsvlipqso.exe (PID: 4752)
      • iwseptwtxv.exe (PID: 2168)
      • abcqvrbreq.exe (PID: 5952)
      • ldjnkfmfaz.exe (PID: 3160)
      • ksqltkyzfy.exe (PID: 188)
      • qgwpbvsqzu.exe (PID: 2612)
      • slzjgljdws.exe (PID: 868)
      • fwfnioffbo.exe (PID: 3732)
      • pvdvrpzfmu.exe (PID: 3668)
      • dflwabhypy.exe (PID: 3388)
      • ufxujmsyaz.exe (PID: 3976)
      • xsajfpwlls.exe (PID: 2648)
      • cvvfbixaxg.exe (PID: 6748)
      • kctqsfjbcm.exe (PID: 3752)
      • kvegsmbaqq.exe (PID: 2468)
      • eggzjcwybg.exe (PID: 3112)
      • fvoxyacwrb.exe (PID: 4576)
      • mdmbjjyoub.exe (PID: 2296)
      • ullwubngft.exe (PID: 7140)
      • sjuptpvwvb.exe (PID: 620)
      • kbsvxjbapj.exe (PID: 3644)
      • epxvgstiyd.exe (PID: 6260)
      • exgbjdusmm.exe (PID: 6268)
      • efpkzotpjt.exe (PID: 2696)
      • jhzdvfgday.exe (PID: 6124)
      • zwdryuhxhf.exe (PID: 3820)
      • zpwotroswp.exe (PID: 6876)
      • rxqmduasqx.exe (PID: 5480)
      • mdjadykbfq.exe (PID: 6828)
      • wohdcqxzxi.exe (PID: 504)
      • btdbbusqsb.exe (PID: 4984)
      • yvxhcehidv.exe (PID: 6344)
      • osbveticcu.exe (PID: 1216)
      • bbnpfqpvyz.exe (PID: 5772)
      • tfxovkpttz.exe (PID: 1852)
      • dbjxawgmtv.exe (PID: 188)
      • qvgmbdkjvc.exe (PID: 3672)
      • tzsqrcocrk.exe (PID: 1036)
      • yikmseuncy.exe (PID: 1896)
      • wcflrkxmat.exe (PID: 1440)
      • yfkkouattb.exe (PID: 3864)
      • wsqvkrwgqi.exe (PID: 4684)
      • yvdzsbvmdg.exe (PID: 6232)
      • qffipfllmb.exe (PID: 3572)
      • fvaphaqauk.exe (PID: 4760)

    • Starts itself from another location

      • 2025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop.exe (PID: 1356)
      • ryhqscxais.exe (PID: 4868)
      • rrqjuohiwd.exe (PID: 3752)
      • rccbismcdp.exe (PID: 4768)
      • rcdhuaruyn.exe (PID: 6540)
      • wpxoncwcsw.exe (PID: 2120)
      • hzmusayftu.exe (PID: 2976)
      • mfjcftxqou.exe (PID: 3740)
      • juqcyakxpf.exe (PID: 504)
      • mjgszzjley.exe (PID: 5764)
      • zhaynchxhs.exe (PID: 2620)
      • wthoczabzg.exe (PID: 7008)
      • gxgkvlprpj.exe (PID: 5612)
      • ojcjuaddkd.exe (PID: 5240)
      • iluqqfrrmm.exe (PID: 6772)
      • bmtcfhumbt.exe (PID: 1480)
      • odyctbhclp.exe (PID: 4984)
      • ttfimxowgi.exe (PID: 2368)
      • gvvidqvpje.exe (PID: 6016)
      • oowgpspksg.exe (PID: 4816)
      • ohfejtaojz.exe (PID: 4088)
      • vmzpgykmfg.exe (PID: 3704)
      • dfafbzwioa.exe (PID: 5124)
      • qofgxcrypw.exe (PID: 1100)
      • nxzlqmyqay.exe (PID: 6868)
      • vumonsqowf.exe (PID: 3196)
      • qamcnxaxty.exe (PID: 3640)
      • ateffhjivg.exe (PID: 3736)
      • cksadagqeo.exe (PID: 2716)
      • iukornhfih.exe (PID: 684)
      • fkeppapvnr.exe (PID: 2524)
      • amwekfdrxa.exe (PID: 5720)
      • foafjhbxdv.exe (PID: 2972)
      • auttjmlfan.exe (PID: 2468)
      • snfjcegjph.exe (PID: 2120)
      • snqmbgtrsp.exe (PID: 2160)
      • vmgvwkcwwu.exe (PID: 3740)
      • fxxqvjpugm.exe (PID: 2696)
      • sdympzdpvv.exe (PID: 2116)
      • hmucvyydlz.exe (PID: 4808)
      • vodcmkfwod.exe (PID: 1560)
      • hfidamsmxz.exe (PID: 1636)
      • clzlokfdst.exe (PID: 2780)
      • fgmghrpnjl.exe (PID: 1036)
      • cxepzhigqm.exe (PID: 3876)
      • xgyjrfyrmj.exe (PID: 5504)
      • mpdwoukock.exe (PID: 2368)
      • kqfnticczf.exe (PID: 4412)
      • zvxtcfisxf.exe (PID: 1816)
      • rzyvgqdzqo.exe (PID: 4036)
      • mxockrqlij.exe (PID: 6012)
      • xxfazestuh.exe (PID: 3864)
      • kotghgcbyb.exe (PID: 3948)
      • uggcmgveht.exe (PID: 4552)
      • mkgdzzqlad.exe (PID: 420)
      • toffrqobjk.exe (PID: 4760)
      • gfviefoqww.exe (PID: 2632)
      • twajshbgys.exe (PID: 5724)
      • llczudnhvx.exe (PID: 6292)
      • zdtitzkoci.exe (PID: 6128)
      • ruufiqwerq.exe (PID: 5744)
      • oozbqhcorn.exe (PID: 3624)
      • omyvqpfdsj.exe (PID: 1484)
      • rcdppeqtih.exe (PID: 6164)
      • qwziwfusia.exe (PID: 6368)
      • vqrbsxhgqy.exe (PID: 2040)
      • wqvmjzuguo.exe (PID: 1604)
      • bpnvcooabp.exe (PID: 4120)
      • gtvzwwoaki.exe (PID: 2188)
      • bptynykkeq.exe (PID: 5240)
      • epukheoxkc.exe (PID: 5012)
      • oskrqecuux.exe (PID: 2532)
      • lbpdntojly.exe (PID: 6420)
      • digftsdnbe.exe (PID: 6688)
      • ghirnygair.exe (PID: 1068)
      • npfhnixsql.exe (PID: 1560)
      • oefxjyeyhg.exe (PID: 1128)
      • ilvfekuckl.exe (PID: 5528)
      • iwseptwtxv.exe (PID: 1644)
      • xmsvlipqso.exe (PID: 2272)
      • abcqvrbreq.exe (PID: 3704)
      • ldjnkfmfaz.exe (PID: 5968)
      • ksqltkyzfy.exe (PID: 5564)
      • qgwpbvsqzu.exe (PID: 6264)
      • slzjgljdws.exe (PID: 1688)
      • fwfnioffbo.exe (PID: 5252)
      • pvdvrpzfmu.exe (PID: 5708)
      • dflwabhypy.exe (PID: 4528)
      • ufxujmsyaz.exe (PID: 4372)
      • xsajfpwlls.exe (PID: 5264)
      • cvvfbixaxg.exe (PID: 6160)
      • kvegsmbaqq.exe (PID: 5724)
      • kctqsfjbcm.exe (PID: 5960)
      • eggzjcwybg.exe (PID: 6292)
      • mdmbjjyoub.exe (PID: 4860)
      • fvoxyacwrb.exe (PID: 536)
      • ullwubngft.exe (PID: 1056)
      • sjuptpvwvb.exe (PID: 1132)
      • epxvgstiyd.exe (PID: 1740)
      • kbsvxjbapj.exe (PID: 5620)
      • exgbjdusmm.exe (PID: 6796)
      • efpkzotpjt.exe (PID: 6504)
      • jhzdvfgday.exe (PID: 2528)
      • zpwotroswp.exe (PID: 4224)
      • zwdryuhxhf.exe (PID: 2188)
      • rxqmduasqx.exe (PID: 2580)
      • wohdcqxzxi.exe (PID: 5220)
      • mdjadykbfq.exe (PID: 7096)
      • btdbbusqsb.exe (PID: 3716)
      • yvxhcehidv.exe (PID: 4088)
      • osbveticcu.exe (PID: 3908)
      • bbnpfqpvyz.exe (PID: 6004)
      • tfxovkpttz.exe (PID: 1028)
      • qvgmbdkjvc.exe (PID: 1180)
      • dbjxawgmtv.exe (PID: 5504)
      • tzsqrcocrk.exe (PID: 2864)
      • wcflrkxmat.exe (PID: 1816)
      • yfkkouattb.exe (PID: 728)
      • yikmseuncy.exe (PID: 1352)
      • wsqvkrwgqi.exe (PID: 3388)
      • qffipfllmb.exe (PID: 5248)
      • yvdzsbvmdg.exe (PID: 4544)
      • fvaphaqauk.exe (PID: 4832)

    • There is functionality for taking screenshot (YARA)

      • 2025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop.exe (PID: 1356)
      • ufxujmsyaz.exe (PID: 4372)

  • INFO

    • Checks supported languages

      • 2025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop.exe (PID: 4644)
      • 2025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop.exe (PID: 1356)
      • ryhqscxais.exe (PID: 4868)
      • ryhqscxais.exe (PID: 2280)
      • rrqjuohiwd.exe (PID: 3752)
      • rrqjuohiwd.exe (PID: 2596)
      • rccbismcdp.exe (PID: 1180)
      • rcdhuaruyn.exe (PID: 6540)
      • rccbismcdp.exe (PID: 4768)
      • rcdhuaruyn.exe (PID: 6220)
      • wpxoncwcsw.exe (PID: 2120)
      • hzmusayftu.exe (PID: 2976)
      • wpxoncwcsw.exe (PID: 3908)
      • juqcyakxpf.exe (PID: 504)
      • mfjcftxqou.exe (PID: 6584)
      • hzmusayftu.exe (PID: 5616)
      • mfjcftxqou.exe (PID: 3740)
      • juqcyakxpf.exe (PID: 1644)
      • mjgszzjley.exe (PID: 6980)
      • zhaynchxhs.exe (PID: 2620)
      • zhaynchxhs.exe (PID: 684)
      • mjgszzjley.exe (PID: 5764)
      • wthoczabzg.exe (PID: 7008)
      • wthoczabzg.exe (PID: 4116)
      • gxgkvlprpj.exe (PID: 5708)
      • iluqqfrrmm.exe (PID: 6772)
      • iluqqfrrmm.exe (PID: 5552)
      • bmtcfhumbt.exe (PID: 1480)
      • ojcjuaddkd.exe (PID: 5348)
      • bmtcfhumbt.exe (PID: 3148)
      • ojcjuaddkd.exe (PID: 5240)
      • gxgkvlprpj.exe (PID: 5612)
      • odyctbhclp.exe (PID: 4984)
      • odyctbhclp.exe (PID: 6380)
      • ttfimxowgi.exe (PID: 2368)
      • ttfimxowgi.exe (PID: 4708)
      • gvvidqvpje.exe (PID: 6016)
      • gvvidqvpje.exe (PID: 436)
      • ohfejtaojz.exe (PID: 4196)
      • vmzpgykmfg.exe (PID: 3704)
      • vmzpgykmfg.exe (PID: 5968)
      • oowgpspksg.exe (PID: 6672)
      • oowgpspksg.exe (PID: 4816)
      • dfafbzwioa.exe (PID: 5124)
      • dfafbzwioa.exe (PID: 5564)
      • ohfejtaojz.exe (PID: 4088)
      • qofgxcrypw.exe (PID: 1100)
      • nxzlqmyqay.exe (PID: 6868)
      • nxzlqmyqay.exe (PID: 1816)
      • vumonsqowf.exe (PID: 3196)
      • qofgxcrypw.exe (PID: 5456)
      • vumonsqowf.exe (PID: 5896)
      • qamcnxaxty.exe (PID: 3640)
      • qamcnxaxty.exe (PID: 6656)
      • ateffhjivg.exe (PID: 3736)
      • ateffhjivg.exe (PID: 6148)
      • cksadagqeo.exe (PID: 6980)
      • cksadagqeo.exe (PID: 2716)
      • iukornhfih.exe (PID: 6180)
      • amwekfdrxa.exe (PID: 5720)
      • amwekfdrxa.exe (PID: 6892)
      • iukornhfih.exe (PID: 684)
      • fkeppapvnr.exe (PID: 2524)
      • foafjhbxdv.exe (PID: 2972)
      • fkeppapvnr.exe (PID: 5060)
      • auttjmlfan.exe (PID: 2468)
      • auttjmlfan.exe (PID: 5744)
      • snfjcegjph.exe (PID: 2120)
      • snfjcegjph.exe (PID: 2512)
      • foafjhbxdv.exe (PID: 728)
      • snqmbgtrsp.exe (PID: 2160)
      • snqmbgtrsp.exe (PID: 7056)
      • fxxqvjpugm.exe (PID: 2696)
      • fxxqvjpugm.exe (PID: 3540)
      • vmgvwkcwwu.exe (PID: 3740)
      • vmgvwkcwwu.exe (PID: 2952)
      • sdympzdpvv.exe (PID: 2116)
      • sdympzdpvv.exe (PID: 1872)
      • hmucvyydlz.exe (PID: 2680)
      • vodcmkfwod.exe (PID: 2280)
      • vodcmkfwod.exe (PID: 1560)
      • hmucvyydlz.exe (PID: 4808)
      • hfidamsmxz.exe (PID: 1636)
      • hfidamsmxz.exe (PID: 6304)
      • fgmghrpnjl.exe (PID: 1036)
      • clzlokfdst.exe (PID: 2780)
      • clzlokfdst.exe (PID: 4172)
      • fgmghrpnjl.exe (PID: 4580)
      • xgyjrfyrmj.exe (PID: 5504)
      • xgyjrfyrmj.exe (PID: 4836)
      • kqfnticczf.exe (PID: 4412)
      • cxepzhigqm.exe (PID: 3876)
      • cxepzhigqm.exe (PID: 1096)
      • mpdwoukock.exe (PID: 2368)
      • mpdwoukock.exe (PID: 1136)
      • kqfnticczf.exe (PID: 1068)
      • zvxtcfisxf.exe (PID: 6016)
      • mxockrqlij.exe (PID: 6012)
      • mxockrqlij.exe (PID: 5896)
      • zvxtcfisxf.exe (PID: 1816)
      • rzyvgqdzqo.exe (PID: 4036)
      • xxfazestuh.exe (PID: 3864)
      • rzyvgqdzqo.exe (PID: 3488)
      • kotghgcbyb.exe (PID: 3704)
      • xxfazestuh.exe (PID: 1644)
      • kotghgcbyb.exe (PID: 3948)
      • uggcmgveht.exe (PID: 4552)
      • uggcmgveht.exe (PID: 5124)
      • toffrqobjk.exe (PID: 4760)
      • toffrqobjk.exe (PID: 2604)
      • mkgdzzqlad.exe (PID: 6360)
      • gfviefoqww.exe (PID: 2632)
      • mkgdzzqlad.exe (PID: 420)
      • twajshbgys.exe (PID: 5724)
      • gfviefoqww.exe (PID: 1932)
      • twajshbgys.exe (PID: 1896)
      • llczudnhvx.exe (PID: 5552)
      • ruufiqwerq.exe (PID: 5744)
      • ruufiqwerq.exe (PID: 7072)
      • oozbqhcorn.exe (PID: 3624)
      • zdtitzkoci.exe (PID: 6128)
      • llczudnhvx.exe (PID: 6292)
      • zdtitzkoci.exe (PID: 4832)
      • rcdppeqtih.exe (PID: 6164)
      • rcdppeqtih.exe (PID: 6836)
      • oozbqhcorn.exe (PID: 5692)
      • omyvqpfdsj.exe (PID: 7004)
      • qwziwfusia.exe (PID: 6368)
      • omyvqpfdsj.exe (PID: 1484)
      • qwziwfusia.exe (PID: 724)
      • vqrbsxhgqy.exe (PID: 2040)
      • vqrbsxhgqy.exe (PID: 2380)
      • wqvmjzuguo.exe (PID: 1604)
      • gtvzwwoaki.exe (PID: 2188)
      • gtvzwwoaki.exe (PID: 320)
      • wqvmjzuguo.exe (PID: 2120)
      • bpnvcooabp.exe (PID: 3740)
      • bptynykkeq.exe (PID: 5240)
      • bpnvcooabp.exe (PID: 4120)
      • oskrqecuux.exe (PID: 2532)
      • oskrqecuux.exe (PID: 5020)
      • bptynykkeq.exe (PID: 6504)
      • digftsdnbe.exe (PID: 6688)
      • epukheoxkc.exe (PID: 5012)
      • epukheoxkc.exe (PID: 1096)
      • ghirnygair.exe (PID: 1068)
      • lbpdntojly.exe (PID: 2664)
      • digftsdnbe.exe (PID: 2792)
      • lbpdntojly.exe (PID: 6420)
      • npfhnixsql.exe (PID: 6620)
      • ghirnygair.exe (PID: 1136)
      • npfhnixsql.exe (PID: 1560)
      • oefxjyeyhg.exe (PID: 1128)
      • oefxjyeyhg.exe (PID: 2220)
      • ilvfekuckl.exe (PID: 5528)
      • xmsvlipqso.exe (PID: 2272)
      • xmsvlipqso.exe (PID: 4752)
      • ilvfekuckl.exe (PID: 1180)
      • iwseptwtxv.exe (PID: 2168)
      • ldjnkfmfaz.exe (PID: 5968)
      • iwseptwtxv.exe (PID: 1644)
      • abcqvrbreq.exe (PID: 3704)
      • abcqvrbreq.exe (PID: 5952)
      • ksqltkyzfy.exe (PID: 5564)
      • ldjnkfmfaz.exe (PID: 3160)
      • slzjgljdws.exe (PID: 868)
      • ksqltkyzfy.exe (PID: 188)
      • slzjgljdws.exe (PID: 1688)
      • qgwpbvsqzu.exe (PID: 2612)
      • fwfnioffbo.exe (PID: 5252)
      • qgwpbvsqzu.exe (PID: 6264)
      • pvdvrpzfmu.exe (PID: 3668)
      • fwfnioffbo.exe (PID: 3732)
      • dflwabhypy.exe (PID: 3388)
      • xsajfpwlls.exe (PID: 5264)
      • pvdvrpzfmu.exe (PID: 5708)
      • dflwabhypy.exe (PID: 4528)
      • ufxujmsyaz.exe (PID: 3976)
      • cvvfbixaxg.exe (PID: 6160)
      • xsajfpwlls.exe (PID: 2648)
      • ufxujmsyaz.exe (PID: 4372)
      • cvvfbixaxg.exe (PID: 6748)
      • kctqsfjbcm.exe (PID: 5960)
      • kctqsfjbcm.exe (PID: 3752)
      • kvegsmbaqq.exe (PID: 2468)
      • eggzjcwybg.exe (PID: 3112)
      • eggzjcwybg.exe (PID: 6292)
      • kvegsmbaqq.exe (PID: 5724)
      • fvoxyacwrb.exe (PID: 4576)
      • fvoxyacwrb.exe (PID: 536)
      • ullwubngft.exe (PID: 1056)
      • ullwubngft.exe (PID: 7140)
      • mdmbjjyoub.exe (PID: 4860)
      • mdmbjjyoub.exe (PID: 2296)
      • sjuptpvwvb.exe (PID: 1132)
      • sjuptpvwvb.exe (PID: 620)
      • epxvgstiyd.exe (PID: 1740)
      • kbsvxjbapj.exe (PID: 3644)
      • exgbjdusmm.exe (PID: 6796)
      • epxvgstiyd.exe (PID: 6260)
      • kbsvxjbapj.exe (PID: 5620)
      • exgbjdusmm.exe (PID: 6268)
      • efpkzotpjt.exe (PID: 6504)
      • efpkzotpjt.exe (PID: 2696)
      • zpwotroswp.exe (PID: 6876)
      • jhzdvfgday.exe (PID: 2528)
      • jhzdvfgday.exe (PID: 6124)
      • zwdryuhxhf.exe (PID: 3820)
      • rxqmduasqx.exe (PID: 2580)
      • zpwotroswp.exe (PID: 4224)
      • zwdryuhxhf.exe (PID: 2188)
      • mdjadykbfq.exe (PID: 7096)
      • mdjadykbfq.exe (PID: 6828)
      • rxqmduasqx.exe (PID: 5480)
      • btdbbusqsb.exe (PID: 3716)
      • btdbbusqsb.exe (PID: 4984)
      • wohdcqxzxi.exe (PID: 5220)
      • wohdcqxzxi.exe (PID: 504)
      • yvxhcehidv.exe (PID: 4088)
      • yvxhcehidv.exe (PID: 6344)
      • bbnpfqpvyz.exe (PID: 6004)
      • bbnpfqpvyz.exe (PID: 5772)
      • tfxovkpttz.exe (PID: 1028)
      • osbveticcu.exe (PID: 3908)
      • osbveticcu.exe (PID: 1216)
      • qvgmbdkjvc.exe (PID: 1180)
      • qvgmbdkjvc.exe (PID: 3672)
      • tfxovkpttz.exe (PID: 1852)
      • dbjxawgmtv.exe (PID: 5504)
      • dbjxawgmtv.exe (PID: 188)
      • tzsqrcocrk.exe (PID: 1036)
      • wcflrkxmat.exe (PID: 1816)
      • tzsqrcocrk.exe (PID: 2864)
      • yikmseuncy.exe (PID: 1352)
      • yikmseuncy.exe (PID: 1896)
      • wcflrkxmat.exe (PID: 1440)
      • yfkkouattb.exe (PID: 3864)
      • wsqvkrwgqi.exe (PID: 3388)
      • yfkkouattb.exe (PID: 728)
      • qffipfllmb.exe (PID: 5248)
      • wsqvkrwgqi.exe (PID: 4684)
      • yvdzsbvmdg.exe (PID: 4544)
      • yvdzsbvmdg.exe (PID: 6232)
      • qffipfllmb.exe (PID: 3572)
      • fvaphaqauk.exe (PID: 4760)
      • fvaphaqauk.exe (PID: 4832)

    • The sample compiled with chinese language support

      • 2025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop.exe (PID: 1356)
      • 2025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop.exe (PID: 4644)
      • ryhqscxais.exe (PID: 2280)
      • rrqjuohiwd.exe (PID: 2596)
      • rccbismcdp.exe (PID: 1180)
      • rcdhuaruyn.exe (PID: 6220)
      • wpxoncwcsw.exe (PID: 3908)
      • hzmusayftu.exe (PID: 5616)
      • mfjcftxqou.exe (PID: 6584)
      • juqcyakxpf.exe (PID: 1644)
      • mjgszzjley.exe (PID: 6980)
      • zhaynchxhs.exe (PID: 684)
      • wthoczabzg.exe (PID: 4116)
      • gxgkvlprpj.exe (PID: 5708)
      • iluqqfrrmm.exe (PID: 5552)
      • ojcjuaddkd.exe (PID: 5348)
      • bmtcfhumbt.exe (PID: 3148)
      • odyctbhclp.exe (PID: 6380)
      • gvvidqvpje.exe (PID: 436)
      • ttfimxowgi.exe (PID: 4708)
      • oowgpspksg.exe (PID: 6672)
      • ohfejtaojz.exe (PID: 4196)
      • vmzpgykmfg.exe (PID: 5968)
      • dfafbzwioa.exe (PID: 5564)
      • qofgxcrypw.exe (PID: 5456)
      • nxzlqmyqay.exe (PID: 1816)
      • vumonsqowf.exe (PID: 5896)
      • qamcnxaxty.exe (PID: 6656)
      • ateffhjivg.exe (PID: 6148)
      • cksadagqeo.exe (PID: 6980)
      • iukornhfih.exe (PID: 6180)
      • fkeppapvnr.exe (PID: 5060)
      • amwekfdrxa.exe (PID: 6892)
      • auttjmlfan.exe (PID: 5744)
      • foafjhbxdv.exe (PID: 728)
      • snfjcegjph.exe (PID: 2512)
      • snqmbgtrsp.exe (PID: 7056)
      • vmgvwkcwwu.exe (PID: 2952)
      • fxxqvjpugm.exe (PID: 3540)
      • hmucvyydlz.exe (PID: 2680)
      • sdympzdpvv.exe (PID: 1872)
      • vodcmkfwod.exe (PID: 2280)
      • hfidamsmxz.exe (PID: 6304)
      • clzlokfdst.exe (PID: 4172)
      • xgyjrfyrmj.exe (PID: 4836)
      • fgmghrpnjl.exe (PID: 4580)
      • cxepzhigqm.exe (PID: 1096)
      • mpdwoukock.exe (PID: 1136)
      • kqfnticczf.exe (PID: 1068)
      • zvxtcfisxf.exe (PID: 6016)
      • rzyvgqdzqo.exe (PID: 3488)
      • mxockrqlij.exe (PID: 5896)
      • xxfazestuh.exe (PID: 1644)
      • kotghgcbyb.exe (PID: 3704)
      • toffrqobjk.exe (PID: 2604)
      • uggcmgveht.exe (PID: 5124)
      • mkgdzzqlad.exe (PID: 6360)
      • twajshbgys.exe (PID: 1896)
      • gfviefoqww.exe (PID: 1932)
      • llczudnhvx.exe (PID: 5552)
      • zdtitzkoci.exe (PID: 4832)
      • ruufiqwerq.exe (PID: 7072)
      • oozbqhcorn.exe (PID: 5692)
      • rcdppeqtih.exe (PID: 6836)
      • omyvqpfdsj.exe (PID: 7004)
      • vqrbsxhgqy.exe (PID: 2380)
      • qwziwfusia.exe (PID: 724)
      • wqvmjzuguo.exe (PID: 2120)
      • bpnvcooabp.exe (PID: 3740)
      • gtvzwwoaki.exe (PID: 320)
      • bptynykkeq.exe (PID: 6504)
      • oskrqecuux.exe (PID: 5020)
      • epukheoxkc.exe (PID: 1096)
      • digftsdnbe.exe (PID: 2792)
      • ghirnygair.exe (PID: 1136)
      • lbpdntojly.exe (PID: 2664)
      • oefxjyeyhg.exe (PID: 2220)
      • npfhnixsql.exe (PID: 6620)
      • ilvfekuckl.exe (PID: 1180)
      • iwseptwtxv.exe (PID: 2168)
      • xmsvlipqso.exe (PID: 4752)
      • abcqvrbreq.exe (PID: 5952)
      • ldjnkfmfaz.exe (PID: 3160)
      • ksqltkyzfy.exe (PID: 188)
      • qgwpbvsqzu.exe (PID: 2612)
      • slzjgljdws.exe (PID: 868)
      • pvdvrpzfmu.exe (PID: 3668)
      • fwfnioffbo.exe (PID: 3732)
      • dflwabhypy.exe (PID: 3388)
      • ufxujmsyaz.exe (PID: 3976)
      • xsajfpwlls.exe (PID: 2648)
      • cvvfbixaxg.exe (PID: 6748)
      • kvegsmbaqq.exe (PID: 2468)
      • kctqsfjbcm.exe (PID: 3752)
      • fvoxyacwrb.exe (PID: 4576)
      • eggzjcwybg.exe (PID: 3112)
      • mdmbjjyoub.exe (PID: 2296)
      • ullwubngft.exe (PID: 7140)
      • sjuptpvwvb.exe (PID: 620)
      • kbsvxjbapj.exe (PID: 3644)
      • epxvgstiyd.exe (PID: 6260)
      • exgbjdusmm.exe (PID: 6268)
      • efpkzotpjt.exe (PID: 2696)
      • jhzdvfgday.exe (PID: 6124)
      • zwdryuhxhf.exe (PID: 3820)
      • zpwotroswp.exe (PID: 6876)
      • rxqmduasqx.exe (PID: 5480)
      • wohdcqxzxi.exe (PID: 504)
      • mdjadykbfq.exe (PID: 6828)
      • btdbbusqsb.exe (PID: 4984)
      • bbnpfqpvyz.exe (PID: 5772)
      • osbveticcu.exe (PID: 1216)
      • tfxovkpttz.exe (PID: 1852)
      • dbjxawgmtv.exe (PID: 188)
      • qvgmbdkjvc.exe (PID: 3672)
      • tzsqrcocrk.exe (PID: 1036)
      • wcflrkxmat.exe (PID: 1440)
      • yfkkouattb.exe (PID: 3864)
      • yikmseuncy.exe (PID: 1896)
      • wsqvkrwgqi.exe (PID: 4684)
      • qffipfllmb.exe (PID: 3572)
      • yvdzsbvmdg.exe (PID: 6232)
      • fvaphaqauk.exe (PID: 4760)
      • yvxhcehidv.exe (PID: 6344)

    • Reads the machine GUID from the registry

      • 2025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop.exe (PID: 4644)
      • ryhqscxais.exe (PID: 2280)
      • rrqjuohiwd.exe (PID: 2596)
      • rcdhuaruyn.exe (PID: 6220)
      • rccbismcdp.exe (PID: 1180)
      • 2025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop.exe (PID: 1356)
      • wpxoncwcsw.exe (PID: 3908)
      • ryhqscxais.exe (PID: 4868)
      • rrqjuohiwd.exe (PID: 3752)
      • rccbismcdp.exe (PID: 4768)
      • mfjcftxqou.exe (PID: 6584)
      • hzmusayftu.exe (PID: 5616)
      • rcdhuaruyn.exe (PID: 6540)
      • wpxoncwcsw.exe (PID: 2120)
      • hzmusayftu.exe (PID: 2976)
      • mfjcftxqou.exe (PID: 3740)
      • juqcyakxpf.exe (PID: 1644)
      • juqcyakxpf.exe (PID: 504)
      • mjgszzjley.exe (PID: 6980)
      • zhaynchxhs.exe (PID: 684)
      • mjgszzjley.exe (PID: 5764)
      • wthoczabzg.exe (PID: 4116)
      • zhaynchxhs.exe (PID: 2620)
      • gxgkvlprpj.exe (PID: 5708)
      • wthoczabzg.exe (PID: 7008)
      • iluqqfrrmm.exe (PID: 5552)
      • gxgkvlprpj.exe (PID: 5612)
      • ojcjuaddkd.exe (PID: 5348)
      • iluqqfrrmm.exe (PID: 6772)
      • bmtcfhumbt.exe (PID: 3148)
      • ojcjuaddkd.exe (PID: 5240)
      • odyctbhclp.exe (PID: 6380)
      • bmtcfhumbt.exe (PID: 1480)
      • ttfimxowgi.exe (PID: 4708)
      • odyctbhclp.exe (PID: 4984)
      • gvvidqvpje.exe (PID: 436)
      • ttfimxowgi.exe (PID: 2368)
      • oowgpspksg.exe (PID: 6672)
      • gvvidqvpje.exe (PID: 6016)
      • ohfejtaojz.exe (PID: 4196)
      • oowgpspksg.exe (PID: 4816)
      • ohfejtaojz.exe (PID: 4088)
      • vmzpgykmfg.exe (PID: 5968)
      • dfafbzwioa.exe (PID: 5564)
      • qofgxcrypw.exe (PID: 5456)
      • dfafbzwioa.exe (PID: 5124)
      • nxzlqmyqay.exe (PID: 1816)
      • vmzpgykmfg.exe (PID: 3704)
      • qofgxcrypw.exe (PID: 1100)
      • vumonsqowf.exe (PID: 5896)
      • nxzlqmyqay.exe (PID: 6868)
      • qamcnxaxty.exe (PID: 6656)
      • ateffhjivg.exe (PID: 6148)
      • qamcnxaxty.exe (PID: 3640)
      • cksadagqeo.exe (PID: 6980)
      • vumonsqowf.exe (PID: 3196)
      • ateffhjivg.exe (PID: 3736)
      • iukornhfih.exe (PID: 6180)
      • cksadagqeo.exe (PID: 2716)
      • amwekfdrxa.exe (PID: 6892)
      • fkeppapvnr.exe (PID: 5060)
      • amwekfdrxa.exe (PID: 5720)
      • iukornhfih.exe (PID: 684)
      • auttjmlfan.exe (PID: 5744)
      • fkeppapvnr.exe (PID: 2524)
      • foafjhbxdv.exe (PID: 728)
      • snfjcegjph.exe (PID: 2512)
      • snqmbgtrsp.exe (PID: 7056)
      • foafjhbxdv.exe (PID: 2972)
      • auttjmlfan.exe (PID: 2468)
      • snqmbgtrsp.exe (PID: 2160)
      • vmgvwkcwwu.exe (PID: 2952)
      • fxxqvjpugm.exe (PID: 3540)
      • snfjcegjph.exe (PID: 2120)
      • sdympzdpvv.exe (PID: 1872)
      • vmgvwkcwwu.exe (PID: 3740)
      • sdympzdpvv.exe (PID: 2116)
      • hmucvyydlz.exe (PID: 2680)
      • fxxqvjpugm.exe (PID: 2696)
      • hfidamsmxz.exe (PID: 6304)
      • hmucvyydlz.exe (PID: 4808)
      • vodcmkfwod.exe (PID: 2280)
      • clzlokfdst.exe (PID: 4172)
      • hfidamsmxz.exe (PID: 1636)
      • vodcmkfwod.exe (PID: 1560)
      • clzlokfdst.exe (PID: 2780)
      • xgyjrfyrmj.exe (PID: 4836)
      • fgmghrpnjl.exe (PID: 4580)
      • cxepzhigqm.exe (PID: 1096)
      • fgmghrpnjl.exe (PID: 1036)
      • mpdwoukock.exe (PID: 1136)
      • xgyjrfyrmj.exe (PID: 5504)
      • kqfnticczf.exe (PID: 1068)
      • cxepzhigqm.exe (PID: 3876)
      • zvxtcfisxf.exe (PID: 6016)
      • mpdwoukock.exe (PID: 2368)
      • mxockrqlij.exe (PID: 5896)
      • kqfnticczf.exe (PID: 4412)
      • zvxtcfisxf.exe (PID: 1816)
      • rzyvgqdzqo.exe (PID: 3488)
      • mxockrqlij.exe (PID: 6012)
      • rzyvgqdzqo.exe (PID: 4036)
      • kotghgcbyb.exe (PID: 3704)
      • xxfazestuh.exe (PID: 1644)
      • toffrqobjk.exe (PID: 2604)
      • xxfazestuh.exe (PID: 3864)
      • uggcmgveht.exe (PID: 5124)
      • kotghgcbyb.exe (PID: 3948)
      • mkgdzzqlad.exe (PID: 6360)
      • toffrqobjk.exe (PID: 4760)
      • uggcmgveht.exe (PID: 4552)
      • mkgdzzqlad.exe (PID: 420)
      • twajshbgys.exe (PID: 1896)
      • gfviefoqww.exe (PID: 2632)
      • gfviefoqww.exe (PID: 1932)
      • twajshbgys.exe (PID: 5724)
      • llczudnhvx.exe (PID: 5552)
      • ruufiqwerq.exe (PID: 7072)
      • zdtitzkoci.exe (PID: 4832)
      • llczudnhvx.exe (PID: 6292)
      • oozbqhcorn.exe (PID: 5692)
      • zdtitzkoci.exe (PID: 6128)
      • ruufiqwerq.exe (PID: 5744)
      • rcdppeqtih.exe (PID: 6836)
      • oozbqhcorn.exe (PID: 3624)
      • omyvqpfdsj.exe (PID: 7004)
      • rcdppeqtih.exe (PID: 6164)
      • omyvqpfdsj.exe (PID: 1484)
      • qwziwfusia.exe (PID: 6368)
      • qwziwfusia.exe (PID: 724)
      • vqrbsxhgqy.exe (PID: 2380)
      • vqrbsxhgqy.exe (PID: 2040)
      • gtvzwwoaki.exe (PID: 320)
      • wqvmjzuguo.exe (PID: 2120)
      • bpnvcooabp.exe (PID: 3740)
      • wqvmjzuguo.exe (PID: 1604)
      • gtvzwwoaki.exe (PID: 2188)
      • bpnvcooabp.exe (PID: 4120)
      • oskrqecuux.exe (PID: 5020)
      • bptynykkeq.exe (PID: 6504)
      • epukheoxkc.exe (PID: 1096)
      • oskrqecuux.exe (PID: 2532)
      • bptynykkeq.exe (PID: 5240)
      • epukheoxkc.exe (PID: 5012)
      • lbpdntojly.exe (PID: 2664)
      • digftsdnbe.exe (PID: 2792)
      • lbpdntojly.exe (PID: 6420)
      • digftsdnbe.exe (PID: 6688)
      • ghirnygair.exe (PID: 1136)
      • oefxjyeyhg.exe (PID: 2220)
      • npfhnixsql.exe (PID: 6620)
      • ghirnygair.exe (PID: 1068)
      • oefxjyeyhg.exe (PID: 1128)
      • xmsvlipqso.exe (PID: 4752)
      • npfhnixsql.exe (PID: 1560)
      • ilvfekuckl.exe (PID: 1180)
      • iwseptwtxv.exe (PID: 2168)
      • xmsvlipqso.exe (PID: 2272)
      • ilvfekuckl.exe (PID: 5528)
      • iwseptwtxv.exe (PID: 1644)
      • abcqvrbreq.exe (PID: 5952)
      • ldjnkfmfaz.exe (PID: 3160)
      • abcqvrbreq.exe (PID: 3704)
      • slzjgljdws.exe (PID: 868)
      • ldjnkfmfaz.exe (PID: 5968)
      • ksqltkyzfy.exe (PID: 188)
      • qgwpbvsqzu.exe (PID: 2612)
      • slzjgljdws.exe (PID: 1688)
      • ksqltkyzfy.exe (PID: 5564)
      • qgwpbvsqzu.exe (PID: 6264)
      • pvdvrpzfmu.exe (PID: 3668)
      • fwfnioffbo.exe (PID: 3732)
      • pvdvrpzfmu.exe (PID: 5708)
      • fwfnioffbo.exe (PID: 5252)
      • dflwabhypy.exe (PID: 3388)
      • xsajfpwlls.exe (PID: 2648)
      • dflwabhypy.exe (PID: 4528)
      • ufxujmsyaz.exe (PID: 3976)
      • xsajfpwlls.exe (PID: 5264)
      • cvvfbixaxg.exe (PID: 6748)
      • ufxujmsyaz.exe (PID: 4372)
      • kctqsfjbcm.exe (PID: 3752)
      • cvvfbixaxg.exe (PID: 6160)
      • kvegsmbaqq.exe (PID: 2468)
      • kctqsfjbcm.exe (PID: 5960)
      • kvegsmbaqq.exe (PID: 5724)
      • fvoxyacwrb.exe (PID: 4576)
      • eggzjcwybg.exe (PID: 6292)
      • eggzjcwybg.exe (PID: 3112)
      • fvoxyacwrb.exe (PID: 536)
      • ullwubngft.exe (PID: 7140)
      • mdmbjjyoub.exe (PID: 2296)
      • sjuptpvwvb.exe (PID: 620)
      • ullwubngft.exe (PID: 1056)
      • mdmbjjyoub.exe (PID: 4860)
      • sjuptpvwvb.exe (PID: 1132)
      • kbsvxjbapj.exe (PID: 3644)
      • epxvgstiyd.exe (PID: 1740)
      • epxvgstiyd.exe (PID: 6260)
      • efpkzotpjt.exe (PID: 2696)
      • exgbjdusmm.exe (PID: 6268)
      • kbsvxjbapj.exe (PID: 5620)
      • jhzdvfgday.exe (PID: 6124)
      • efpkzotpjt.exe (PID: 6504)
      • zpwotroswp.exe (PID: 6876)
      • exgbjdusmm.exe (PID: 6796)
      • zwdryuhxhf.exe (PID: 3820)
      • zpwotroswp.exe (PID: 4224)
      • jhzdvfgday.exe (PID: 2528)
      • zwdryuhxhf.exe (PID: 2188)
      • mdjadykbfq.exe (PID: 6828)
      • rxqmduasqx.exe (PID: 5480)
      • wohdcqxzxi.exe (PID: 504)
      • mdjadykbfq.exe (PID: 7096)
      • rxqmduasqx.exe (PID: 2580)
      • wohdcqxzxi.exe (PID: 5220)
      • btdbbusqsb.exe (PID: 4984)
      • yvxhcehidv.exe (PID: 6344)
      • btdbbusqsb.exe (PID: 3716)
      • bbnpfqpvyz.exe (PID: 5772)
      • yvxhcehidv.exe (PID: 4088)
      • osbveticcu.exe (PID: 1216)
      • osbveticcu.exe (PID: 3908)
      • bbnpfqpvyz.exe (PID: 6004)
      • tfxovkpttz.exe (PID: 1852)
      • qvgmbdkjvc.exe (PID: 3672)
      • tfxovkpttz.exe (PID: 1028)
      • dbjxawgmtv.exe (PID: 188)
      • tzsqrcocrk.exe (PID: 1036)
      • dbjxawgmtv.exe (PID: 5504)
      • qvgmbdkjvc.exe (PID: 1180)
      • tzsqrcocrk.exe (PID: 2864)
      • yikmseuncy.exe (PID: 1896)
      • wcflrkxmat.exe (PID: 1440)
      • yfkkouattb.exe (PID: 3864)
      • wcflrkxmat.exe (PID: 1816)
      • yfkkouattb.exe (PID: 728)
      • yikmseuncy.exe (PID: 1352)
      • wsqvkrwgqi.exe (PID: 4684)
      • yvdzsbvmdg.exe (PID: 6232)
      • qffipfllmb.exe (PID: 3572)
      • wsqvkrwgqi.exe (PID: 3388)
      • fvaphaqauk.exe (PID: 4760)
      • qffipfllmb.exe (PID: 5248)

    • Reads the computer name

      • 2025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop.exe (PID: 4644)
      • ryhqscxais.exe (PID: 2280)
      • rrqjuohiwd.exe (PID: 2596)
      • rcdhuaruyn.exe (PID: 6220)
      • rccbismcdp.exe (PID: 1180)
      • 2025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop.exe (PID: 1356)
      • wpxoncwcsw.exe (PID: 3908)
      • ryhqscxais.exe (PID: 4868)
      • rrqjuohiwd.exe (PID: 3752)
      • mfjcftxqou.exe (PID: 6584)
      • rccbismcdp.exe (PID: 4768)
      • hzmusayftu.exe (PID: 5616)
      • wpxoncwcsw.exe (PID: 2120)
      • hzmusayftu.exe (PID: 2976)
      • juqcyakxpf.exe (PID: 1644)
      • mfjcftxqou.exe (PID: 3740)
      • rcdhuaruyn.exe (PID: 6540)
      • juqcyakxpf.exe (PID: 504)
      • mjgszzjley.exe (PID: 6980)
      • zhaynchxhs.exe (PID: 684)
      • mjgszzjley.exe (PID: 5764)
      • wthoczabzg.exe (PID: 4116)
      • zhaynchxhs.exe (PID: 2620)
      • gxgkvlprpj.exe (PID: 5708)
      • wthoczabzg.exe (PID: 7008)
      • iluqqfrrmm.exe (PID: 5552)
      • gxgkvlprpj.exe (PID: 5612)
      • ojcjuaddkd.exe (PID: 5348)
      • iluqqfrrmm.exe (PID: 6772)
      • bmtcfhumbt.exe (PID: 3148)
      • odyctbhclp.exe (PID: 6380)
      • bmtcfhumbt.exe (PID: 1480)
      • ojcjuaddkd.exe (PID: 5240)
      • odyctbhclp.exe (PID: 4984)
      • gvvidqvpje.exe (PID: 436)
      • ttfimxowgi.exe (PID: 2368)
      • oowgpspksg.exe (PID: 6672)
      • ttfimxowgi.exe (PID: 4708)
      • gvvidqvpje.exe (PID: 6016)
      • oowgpspksg.exe (PID: 4816)
      • vmzpgykmfg.exe (PID: 5968)
      • ohfejtaojz.exe (PID: 4196)
      • ohfejtaojz.exe (PID: 4088)
      • dfafbzwioa.exe (PID: 5564)
      • vmzpgykmfg.exe (PID: 3704)
      • qofgxcrypw.exe (PID: 5456)
      • dfafbzwioa.exe (PID: 5124)
      • nxzlqmyqay.exe (PID: 1816)
      • qofgxcrypw.exe (PID: 1100)
      • vumonsqowf.exe (PID: 5896)
      • nxzlqmyqay.exe (PID: 6868)
      • qamcnxaxty.exe (PID: 6656)
      • vumonsqowf.exe (PID: 3196)
      • ateffhjivg.exe (PID: 6148)
      • qamcnxaxty.exe (PID: 3640)
      • cksadagqeo.exe (PID: 6980)
      • ateffhjivg.exe (PID: 3736)
      • iukornhfih.exe (PID: 6180)
      • cksadagqeo.exe (PID: 2716)
      • amwekfdrxa.exe (PID: 6892)
      • iukornhfih.exe (PID: 684)
      • fkeppapvnr.exe (PID: 5060)
      • amwekfdrxa.exe (PID: 5720)
      • foafjhbxdv.exe (PID: 728)
      • fkeppapvnr.exe (PID: 2524)
      • auttjmlfan.exe (PID: 5744)
      • snfjcegjph.exe (PID: 2512)
      • auttjmlfan.exe (PID: 2468)
      • snqmbgtrsp.exe (PID: 7056)
      • foafjhbxdv.exe (PID: 2972)
      • snqmbgtrsp.exe (PID: 2160)
      • fxxqvjpugm.exe (PID: 3540)
      • snfjcegjph.exe (PID: 2120)
      • vmgvwkcwwu.exe (PID: 2952)
      • sdympzdpvv.exe (PID: 1872)
      • vmgvwkcwwu.exe (PID: 3740)
      • sdympzdpvv.exe (PID: 2116)
      • fxxqvjpugm.exe (PID: 2696)
      • hmucvyydlz.exe (PID: 2680)
      • hmucvyydlz.exe (PID: 4808)
      • hfidamsmxz.exe (PID: 6304)
      • vodcmkfwod.exe (PID: 2280)
      • hfidamsmxz.exe (PID: 1636)
      • vodcmkfwod.exe (PID: 1560)
      • clzlokfdst.exe (PID: 4172)
      • clzlokfdst.exe (PID: 2780)
      • xgyjrfyrmj.exe (PID: 4836)
      • fgmghrpnjl.exe (PID: 4580)
      • cxepzhigqm.exe (PID: 1096)
      • xgyjrfyrmj.exe (PID: 5504)
      • fgmghrpnjl.exe (PID: 1036)
      • cxepzhigqm.exe (PID: 3876)
      • mpdwoukock.exe (PID: 1136)
      • kqfnticczf.exe (PID: 1068)
      • zvxtcfisxf.exe (PID: 6016)
      • mpdwoukock.exe (PID: 2368)
      • mxockrqlij.exe (PID: 5896)
      • kqfnticczf.exe (PID: 4412)
      • zvxtcfisxf.exe (PID: 1816)
      • mxockrqlij.exe (PID: 6012)
      • rzyvgqdzqo.exe (PID: 3488)
      • kotghgcbyb.exe (PID: 3704)
      • rzyvgqdzqo.exe (PID: 4036)
      • xxfazestuh.exe (PID: 3864)
      • xxfazestuh.exe (PID: 1644)
      • uggcmgveht.exe (PID: 5124)
      • kotghgcbyb.exe (PID: 3948)
      • toffrqobjk.exe (PID: 2604)
      • uggcmgveht.exe (PID: 4552)
      • mkgdzzqlad.exe (PID: 6360)
      • toffrqobjk.exe (PID: 4760)
      • twajshbgys.exe (PID: 1896)
      • gfviefoqww.exe (PID: 1932)
      • mkgdzzqlad.exe (PID: 420)
      • twajshbgys.exe (PID: 5724)
      • gfviefoqww.exe (PID: 2632)
      • llczudnhvx.exe (PID: 5552)
      • ruufiqwerq.exe (PID: 7072)
      • llczudnhvx.exe (PID: 6292)
      • zdtitzkoci.exe (PID: 4832)
      • zdtitzkoci.exe (PID: 6128)
      • ruufiqwerq.exe (PID: 5744)
      • oozbqhcorn.exe (PID: 5692)
      • oozbqhcorn.exe (PID: 3624)
      • omyvqpfdsj.exe (PID: 7004)
      • rcdppeqtih.exe (PID: 6164)
      • rcdppeqtih.exe (PID: 6836)
      • qwziwfusia.exe (PID: 724)
      • omyvqpfdsj.exe (PID: 1484)
      • vqrbsxhgqy.exe (PID: 2380)
      • qwziwfusia.exe (PID: 6368)
      • wqvmjzuguo.exe (PID: 2120)
      • vqrbsxhgqy.exe (PID: 2040)
      • gtvzwwoaki.exe (PID: 320)
      • gtvzwwoaki.exe (PID: 2188)
      • bpnvcooabp.exe (PID: 3740)
      • wqvmjzuguo.exe (PID: 1604)
      • bpnvcooabp.exe (PID: 4120)
      • bptynykkeq.exe (PID: 6504)
      • oskrqecuux.exe (PID: 5020)
      • epukheoxkc.exe (PID: 1096)
      • oskrqecuux.exe (PID: 2532)
      • bptynykkeq.exe (PID: 5240)
      • epukheoxkc.exe (PID: 5012)
      • digftsdnbe.exe (PID: 2792)
      • lbpdntojly.exe (PID: 2664)
      • ghirnygair.exe (PID: 1136)
      • lbpdntojly.exe (PID: 6420)
      • digftsdnbe.exe (PID: 6688)
      • oefxjyeyhg.exe (PID: 2220)
      • ghirnygair.exe (PID: 1068)
      • npfhnixsql.exe (PID: 6620)
      • ilvfekuckl.exe (PID: 1180)
      • xmsvlipqso.exe (PID: 4752)
      • npfhnixsql.exe (PID: 1560)
      • oefxjyeyhg.exe (PID: 1128)
      • xmsvlipqso.exe (PID: 2272)
      • ldjnkfmfaz.exe (PID: 3160)
      • ilvfekuckl.exe (PID: 5528)
      • iwseptwtxv.exe (PID: 2168)
      • iwseptwtxv.exe (PID: 1644)
      • abcqvrbreq.exe (PID: 5952)
      • ksqltkyzfy.exe (PID: 188)
      • abcqvrbreq.exe (PID: 3704)
      • slzjgljdws.exe (PID: 868)
      • ldjnkfmfaz.exe (PID: 5968)
      • qgwpbvsqzu.exe (PID: 2612)
      • slzjgljdws.exe (PID: 1688)
      • ksqltkyzfy.exe (PID: 5564)
      • qgwpbvsqzu.exe (PID: 6264)
      • pvdvrpzfmu.exe (PID: 3668)
      • fwfnioffbo.exe (PID: 3732)
      • dflwabhypy.exe (PID: 3388)
      • fwfnioffbo.exe (PID: 5252)
      • pvdvrpzfmu.exe (PID: 5708)
      • dflwabhypy.exe (PID: 4528)
      • ufxujmsyaz.exe (PID: 3976)
      • xsajfpwlls.exe (PID: 5264)
      • xsajfpwlls.exe (PID: 2648)
      • cvvfbixaxg.exe (PID: 6748)
      • ufxujmsyaz.exe (PID: 4372)
      • cvvfbixaxg.exe (PID: 6160)
      • kctqsfjbcm.exe (PID: 5960)
      • eggzjcwybg.exe (PID: 3112)
      • kctqsfjbcm.exe (PID: 3752)
      • kvegsmbaqq.exe (PID: 2468)
      • kvegsmbaqq.exe (PID: 5724)
      • fvoxyacwrb.exe (PID: 4576)
      • eggzjcwybg.exe (PID: 6292)
      • mdmbjjyoub.exe (PID: 2296)
      • fvoxyacwrb.exe (PID: 536)
      • ullwubngft.exe (PID: 7140)
      • mdmbjjyoub.exe (PID: 4860)
      • sjuptpvwvb.exe (PID: 620)
      • ullwubngft.exe (PID: 1056)
      • epxvgstiyd.exe (PID: 1740)
      • epxvgstiyd.exe (PID: 6260)
      • sjuptpvwvb.exe (PID: 1132)
      • kbsvxjbapj.exe (PID: 3644)
      • exgbjdusmm.exe (PID: 6268)
      • kbsvxjbapj.exe (PID: 5620)
      • efpkzotpjt.exe (PID: 2696)
      • efpkzotpjt.exe (PID: 6504)
      • exgbjdusmm.exe (PID: 6796)
      • jhzdvfgday.exe (PID: 6124)
      • jhzdvfgday.exe (PID: 2528)
      • zwdryuhxhf.exe (PID: 3820)
      • zpwotroswp.exe (PID: 4224)
      • zpwotroswp.exe (PID: 6876)
      • rxqmduasqx.exe (PID: 5480)
      • zwdryuhxhf.exe (PID: 2188)
      • mdjadykbfq.exe (PID: 6828)
      • mdjadykbfq.exe (PID: 7096)
      • rxqmduasqx.exe (PID: 2580)
      • wohdcqxzxi.exe (PID: 504)
      • wohdcqxzxi.exe (PID: 5220)
      • yvxhcehidv.exe (PID: 6344)
      • btdbbusqsb.exe (PID: 4984)
      • btdbbusqsb.exe (PID: 3716)
      • bbnpfqpvyz.exe (PID: 5772)
      • yvxhcehidv.exe (PID: 4088)
      • osbveticcu.exe (PID: 1216)
      • osbveticcu.exe (PID: 3908)
      • bbnpfqpvyz.exe (PID: 6004)
      • tfxovkpttz.exe (PID: 1852)
      • dbjxawgmtv.exe (PID: 188)
      • qvgmbdkjvc.exe (PID: 3672)
      • tfxovkpttz.exe (PID: 1028)
      • dbjxawgmtv.exe (PID: 5504)
      • qvgmbdkjvc.exe (PID: 1180)
      • tzsqrcocrk.exe (PID: 1036)
      • tzsqrcocrk.exe (PID: 2864)
      • yikmseuncy.exe (PID: 1896)
      • wcflrkxmat.exe (PID: 1440)
      • wcflrkxmat.exe (PID: 1816)
      • yfkkouattb.exe (PID: 3864)
      • yikmseuncy.exe (PID: 1352)
      • wsqvkrwgqi.exe (PID: 4684)
      • yfkkouattb.exe (PID: 728)
      • yvdzsbvmdg.exe (PID: 6232)
      • qffipfllmb.exe (PID: 3572)
      • wsqvkrwgqi.exe (PID: 3388)
      • qffipfllmb.exe (PID: 5248)
      • fvaphaqauk.exe (PID: 4760)

    • Checks proxy server information

      • slui.exe (PID: 1232)

    • Reads the software policy settings

      • slui.exe (PID: 1232)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (64.4)
.dll | Win32 Dynamic Link Library (generic) (13.5)
.exe | Win32 Executable (generic) (9.3)
.exe | Win16/32 Executable Delphi generic (4.2)
.exe | Generic Win/DOS Executable (4.1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:07:15 17:54:42+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 1421312
InitializedDataSize: 536576
UninitializedDataSize: -
EntryPoint: 0x87f838
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: Unicode
FileVersion: 1.0.0.0
FileDescription: 固定打怪,新手村任务,门派任务
ProductName: 千年3_新手任务
ProductVersion: 1.0.0.0
CompanyName: QQ:6365272
LegalCopyright: QQ:6365272
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
381
Monitored processes
249
Malicious processes
41
Suspicious processes
60

Behavior graph

Click at the process to see the details
start #BLACKMOON 2025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop.exe 2025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop.exe ryhqscxais.exe no specs ryhqscxais.exe rrqjuohiwd.exe no specs rrqjuohiwd.exe rccbismcdp.exe no specs rccbismcdp.exe rcdhuaruyn.exe no specs rcdhuaruyn.exe wpxoncwcsw.exe no specs wpxoncwcsw.exe hzmusayftu.exe no specs hzmusayftu.exe mfjcftxqou.exe no specs mfjcftxqou.exe juqcyakxpf.exe no specs juqcyakxpf.exe mjgszzjley.exe no specs mjgszzjley.exe zhaynchxhs.exe no specs zhaynchxhs.exe wthoczabzg.exe no specs wthoczabzg.exe gxgkvlprpj.exe no specs gxgkvlprpj.exe iluqqfrrmm.exe no specs iluqqfrrmm.exe ojcjuaddkd.exe no specs ojcjuaddkd.exe bmtcfhumbt.exe no specs bmtcfhumbt.exe odyctbhclp.exe no specs odyctbhclp.exe ttfimxowgi.exe no specs ttfimxowgi.exe gvvidqvpje.exe no specs gvvidqvpje.exe oowgpspksg.exe no specs oowgpspksg.exe ohfejtaojz.exe no specs ohfejtaojz.exe vmzpgykmfg.exe no specs vmzpgykmfg.exe dfafbzwioa.exe no specs dfafbzwioa.exe qofgxcrypw.exe no specs qofgxcrypw.exe nxzlqmyqay.exe no specs nxzlqmyqay.exe vumonsqowf.exe no specs vumonsqowf.exe qamcnxaxty.exe no specs qamcnxaxty.exe ateffhjivg.exe no specs ateffhjivg.exe cksadagqeo.exe no specs cksadagqeo.exe iukornhfih.exe no specs iukornhfih.exe amwekfdrxa.exe no specs amwekfdrxa.exe fkeppapvnr.exe no specs fkeppapvnr.exe foafjhbxdv.exe no specs foafjhbxdv.exe auttjmlfan.exe no specs auttjmlfan.exe snfjcegjph.exe no specs snfjcegjph.exe snqmbgtrsp.exe no specs snqmbgtrsp.exe vmgvwkcwwu.exe no specs vmgvwkcwwu.exe fxxqvjpugm.exe no specs fxxqvjpugm.exe sdympzdpvv.exe no specs sdympzdpvv.exe hmucvyydlz.exe no specs hmucvyydlz.exe vodcmkfwod.exe no specs vodcmkfwod.exe hfidamsmxz.exe no specs hfidamsmxz.exe clzlokfdst.exe no specs clzlokfdst.exe slui.exe fgmghrpnjl.exe no specs fgmghrpnjl.exe xgyjrfyrmj.exe no specs xgyjrfyrmj.exe cxepzhigqm.exe no specs cxepzhigqm.exe kqfnticczf.exe no specs kqfnticczf.exe mpdwoukock.exe no specs mpdwoukock.exe zvxtcfisxf.exe no specs zvxtcfisxf.exe mxockrqlij.exe no specs mxockrqlij.exe rzyvgqdzqo.exe no specs rzyvgqdzqo.exe xxfazestuh.exe no specs xxfazestuh.exe kotghgcbyb.exe no specs kotghgcbyb.exe uggcmgveht.exe no specs uggcmgveht.exe toffrqobjk.exe no specs toffrqobjk.exe mkgdzzqlad.exe no specs mkgdzzqlad.exe gfviefoqww.exe no specs gfviefoqww.exe twajshbgys.exe no specs twajshbgys.exe llczudnhvx.exe no specs llczudnhvx.exe ruufiqwerq.exe no specs ruufiqwerq.exe zdtitzkoci.exe no specs zdtitzkoci.exe oozbqhcorn.exe no specs oozbqhcorn.exe rcdppeqtih.exe no specs rcdppeqtih.exe omyvqpfdsj.exe no specs omyvqpfdsj.exe qwziwfusia.exe no specs qwziwfusia.exe vqrbsxhgqy.exe no specs vqrbsxhgqy.exe wqvmjzuguo.exe no specs wqvmjzuguo.exe gtvzwwoaki.exe no specs gtvzwwoaki.exe bpnvcooabp.exe no specs bpnvcooabp.exe bptynykkeq.exe no specs bptynykkeq.exe oskrqecuux.exe no specs oskrqecuux.exe epukheoxkc.exe no specs epukheoxkc.exe digftsdnbe.exe no specs digftsdnbe.exe lbpdntojly.exe no specs lbpdntojly.exe ghirnygair.exe no specs ghirnygair.exe npfhnixsql.exe no specs npfhnixsql.exe oefxjyeyhg.exe no specs oefxjyeyhg.exe ilvfekuckl.exe no specs ilvfekuckl.exe xmsvlipqso.exe no specs xmsvlipqso.exe iwseptwtxv.exe no specs iwseptwtxv.exe ldjnkfmfaz.exe no specs ldjnkfmfaz.exe abcqvrbreq.exe no specs abcqvrbreq.exe ksqltkyzfy.exe no specs ksqltkyzfy.exe slzjgljdws.exe no specs slzjgljdws.exe qgwpbvsqzu.exe no specs qgwpbvsqzu.exe fwfnioffbo.exe no specs fwfnioffbo.exe pvdvrpzfmu.exe no specs pvdvrpzfmu.exe dflwabhypy.exe no specs dflwabhypy.exe xsajfpwlls.exe no specs xsajfpwlls.exe #BLACKMOON ufxujmsyaz.exe no specs ufxujmsyaz.exe cvvfbixaxg.exe no specs cvvfbixaxg.exe kctqsfjbcm.exe no specs kctqsfjbcm.exe kvegsmbaqq.exe no specs kvegsmbaqq.exe eggzjcwybg.exe no specs eggzjcwybg.exe fvoxyacwrb.exe no specs fvoxyacwrb.exe mdmbjjyoub.exe no specs mdmbjjyoub.exe ullwubngft.exe no specs ullwubngft.exe sjuptpvwvb.exe no specs sjuptpvwvb.exe epxvgstiyd.exe no specs epxvgstiyd.exe kbsvxjbapj.exe no specs kbsvxjbapj.exe exgbjdusmm.exe no specs exgbjdusmm.exe efpkzotpjt.exe no specs efpkzotpjt.exe jhzdvfgday.exe no specs jhzdvfgday.exe zpwotroswp.exe no specs zpwotroswp.exe zwdryuhxhf.exe no specs zwdryuhxhf.exe rxqmduasqx.exe no specs rxqmduasqx.exe mdjadykbfq.exe no specs mdjadykbfq.exe wohdcqxzxi.exe no specs wohdcqxzxi.exe btdbbusqsb.exe no specs btdbbusqsb.exe yvxhcehidv.exe no specs yvxhcehidv.exe bbnpfqpvyz.exe no specs bbnpfqpvyz.exe osbveticcu.exe no specs osbveticcu.exe tfxovkpttz.exe no specs tfxovkpttz.exe qvgmbdkjvc.exe no specs qvgmbdkjvc.exe dbjxawgmtv.exe no specs dbjxawgmtv.exe tzsqrcocrk.exe no specs tzsqrcocrk.exe wcflrkxmat.exe no specs wcflrkxmat.exe yikmseuncy.exe no specs yikmseuncy.exe yfkkouattb.exe no specs yfkkouattb.exe wsqvkrwgqi.exe no specs wsqvkrwgqi.exe qffipfllmb.exe no specs qffipfllmb.exe yvdzsbvmdg.exe no specs yvdzsbvmdg.exe fvaphaqauk.exe no specs fvaphaqauk.exe ykbfjvcbqp.exe no specs 2025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
188C:\Users\admin\Desktop\ksqltkyzfy.exe update slzjgljdws.exeC:\Users\admin\Desktop\ksqltkyzfy.exe
ksqltkyzfy.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\ksqltkyzfy.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
188C:\Users\admin\Desktop\dbjxawgmtv.exe update tzsqrcocrk.exeC:\Users\admin\Desktop\dbjxawgmtv.exe
dbjxawgmtv.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\dbjxawgmtv.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
320C:\Users\admin\Desktop\gtvzwwoaki.exe update bpnvcooabp.exeC:\Users\admin\Desktop\gtvzwwoaki.exe
gtvzwwoaki.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\gtvzwwoaki.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
420C:\Users\admin\Desktop\mkgdzzqlad.exeC:\Users\admin\Desktop\mkgdzzqlad.exetoffrqobjk.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\mkgdzzqlad.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
436C:\Users\admin\Desktop\gvvidqvpje.exe update oowgpspksg.exeC:\Users\admin\Desktop\gvvidqvpje.exe
gvvidqvpje.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\gvvidqvpje.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
504C:\Users\admin\Desktop\juqcyakxpf.exeC:\Users\admin\Desktop\juqcyakxpf.exemfjcftxqou.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\juqcyakxpf.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
504C:\Users\admin\Desktop\wohdcqxzxi.exe update btdbbusqsb.exeC:\Users\admin\Desktop\wohdcqxzxi.exe
wohdcqxzxi.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\wohdcqxzxi.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
536C:\Users\admin\Desktop\fvoxyacwrb.exeC:\Users\admin\Desktop\fvoxyacwrb.exeeggzjcwybg.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\fvoxyacwrb.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
620C:\Users\admin\Desktop\sjuptpvwvb.exe update epxvgstiyd.exeC:\Users\admin\Desktop\sjuptpvwvb.exe
sjuptpvwvb.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\sjuptpvwvb.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
684C:\Users\admin\Desktop\zhaynchxhs.exe update wthoczabzg.exeC:\Users\admin\Desktop\zhaynchxhs.exe
zhaynchxhs.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\zhaynchxhs.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
46 442
Read events
46 442
Write events
0
Delete events
0

Modification events

No data
Executable files
124
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2596rrqjuohiwd.exeC:\Users\admin\Desktop\rccbismcdp.exeexecutable
MD5:4BBF9D971785182F0F8B04A65D518697
SHA256:D906CC5047E01F5B78C49F2835E44AABF9AD1A0782D4C74F2DA6F43938B1275C
6980mjgszzjley.exeC:\Users\admin\Desktop\zhaynchxhs.exeexecutable
MD5:74F1289D87A51105EFDEACF34E4CB796
SHA256:7408C48E7652F3A436DCA9DE052002D2AE731A03A5EAB7A203D56457FFCABE62
1180rccbismcdp.exeC:\Users\admin\Desktop\rcdhuaruyn.exeexecutable
MD5:AE363DBED45784D8D3763BF69BDA09C0
SHA256:5E69045133F5289E4C293FF220C7485B7AF7074E65F85592C1638BB56326BB7D
5616hzmusayftu.exeC:\Users\admin\Desktop\mfjcftxqou.exeexecutable
MD5:7AD05308463F128BB664B9CA117CC9DC
SHA256:A50A785D8222B92D27F2F902A8E1931565494F344C2C2F7BF7174DADF26931D3
6584mfjcftxqou.exeC:\Users\admin\Desktop\juqcyakxpf.exeexecutable
MD5:64912B06A4C3C1922ACC113E3BFEFADA
SHA256:F9914812461044478FB252035BFBCB0F2BA0B2B052BAF5E33385319FA5EA8ABF
4116wthoczabzg.exeC:\Users\admin\Desktop\gxgkvlprpj.exeexecutable
MD5:952B046402B6D0E43C8A1DFA25E6098B
SHA256:AB530326CCCC737A45A8B0EBB01A53967DBE944205D1AE8D6E3615ADFCC00D2B
5708gxgkvlprpj.exeC:\Users\admin\Desktop\iluqqfrrmm.exeexecutable
MD5:4B20F0E5D800D40687A803E0525CDBCA
SHA256:02EFC1EB829AAA12D5CE7D6091E304C625531A94D741E3EA9487AAF85B800CB8
13562025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop.exeC:\Users\admin\Desktop\update.exeexecutable
MD5:22C473A29E1684BBD8D8B7BC68A3D7E1
SHA256:CB0E404A5D41AA05A78B63B208E55E5EDAC6FA146B1C1F3AC7165FC42D8059B5
46442025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop.exeC:\Users\admin\Desktop\ryhqscxais.exeexecutable
MD5:D124342DD7235CEA5F3DF6ABDC5E2947
SHA256:06DE31FDAEBF6AC71548AF3A943A49A6901D2113FCD757494BBFCDFDCDACE74C
5552iluqqfrrmm.exeC:\Users\admin\Desktop\ojcjuaddkd.exeexecutable
MD5:2D07F630B4164202407341FCC4B4A35F
SHA256:ECE0FFEBAE585F3B5ECB2EA7546D7F982C1914C71C79120FD55F3FF88741A66D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
22
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5904
RUXIMICS.exe
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5904
RUXIMICS.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
500
20.83.72.98:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
POST
500
20.83.72.98:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5904
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
23.53.40.176:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
23.53.40.176:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5904
RUXIMICS.exe
23.53.40.176:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5944
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.110
whitelisted
crl.microsoft.com
  • 23.53.40.176
  • 23.53.40.178
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
  • 40.91.76.224
whitelisted
self.events.data.microsoft.com
  • 52.168.117.171
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-06-21_d2e3f0fec1a2b27806b413cbf3b1e8ea_amadey_elex_smoke-loader_stop