File name:

2025-06-21_be08828d68ccf7d54a2dc9ca7dfbe78a_amadey_elex_smoke-loader_stop

Full analysis: https://app.any.run/tasks/64d483fd-5f6b-4d2a-928d-04debebe7f64
Verdict: Malicious activity
Analysis date: June 21, 2025, 06:20:03
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

BE08828D68CCF7D54A2DC9CA7DFBE78A

SHA1:

EB8BB14AC71D7BDEC3A30EA9EA79AF39DCF9AAC2

SHA256:

CBC2BD1094E97C7277F20A35BBF71466EF25631CD0A9DCC39D21864855373304

SSDEEP:

98304:vKOlBcIt0ML1CXN0RqfaSfS25uBWO7thGjLK/cVYRrs47iZEcF2W7rxLyDzsRncH:1oxjraHZ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Application launched itself

      • 2025-06-21_be08828d68ccf7d54a2dc9ca7dfbe78a_amadey_elex_smoke-loader_stop.exe (PID: 1560)
      • uixnhbfter.exe (PID: 2952)
      • rjhsderuro.exe (PID: 864)
      • uazlnnntmj.exe (PID: 5168)
      • whnndnwxhv.exe (PID: 1332)
      • bqwitkcdoj.exe (PID: 3608)
      • bxtokbfziq.exe (PID: 6356)
      • mftdqqxwzv.exe (PID: 620)
      • rknhexrhjn.exe (PID: 5908)
      • bzanfypvoa.exe (PID: 6408)
      • rgmbxpqckz.exe (PID: 4104)
      • yautgreoru.exe (PID: 2280)
      • yplejheunr.exe (PID: 6304)
      • ylfhgmwsig.exe (PID: 7076)
      • jwinqrtdww.exe (PID: 6836)
      • wndvbwgnua.exe (PID: 1604)
      • gqnkqqzvvu.exe (PID: 2808)
      • gnzlwknsfy.exe (PID: 7152)
      • iuaxqyjfml.exe (PID: 6732)
      • terabbsint.exe (PID: 5600)
      • gvwbxdfyxx.exe (PID: 4804)
      • nwsyjhqdzi.exe (PID: 6756)
      • tuzmdcfova.exe (PID: 4576)
      • idukpgquxs.exe (PID: 4708)
      • yhedhgconq.exe (PID: 6508)
      • dylqabjiri.exe (PID: 3900)
      • dciguaulhm.exe (PID: 7004)
      • tztkgmqwlc.exe (PID: 2612)
      • qmycbjerak.exe (PID: 760)
      • dwfgdmicng.exe (PID: 1944)
      • nvtacttjle.exe (PID: 3048)
      • dabwxkuwdb.exe (PID: 4476)
      • fkdkdbjdtt.exe (PID: 5848)
      • xnsarszkim.exe (PID: 6512)
      • ktxzblsfbm.exe (PID: 6524)
      • dawbhbhjrs.exe (PID: 5504)
      • arszlrwhnm.exe (PID: 2848)
      • fwlufdgurt.exe (PID: 5124)
      • hkbxfshdwg.exe (PID: 2356)
      • mjogjxkpdr.exe (PID: 6292)
      • mfsqpzymnw.exe (PID: 1964)
      • shvmlszbzk.exe (PID: 3780)
      • sayxcmmbca.exe (PID: 2460)
      • athnwoxelu.exe (PID: 2664)
      • sttyhbgjos.exe (PID: 2320)
      • hqdwznxlpk.exe (PID: 5780)
      • cespfpwdpm.exe (PID: 4680)
      • ameuhwzvge.exe (PID: 3160)
      • pkwaeakznn.exe (PID: 5244)
      • zkwmevrytj.exe (PID: 4824)
      • knlbbbvnxt.exe (PID: 7000)
      • emofamevkp.exe (PID: 2144)
      • ebpnrxujhw.exe (PID: 6264)
      • zsswalcdkq.exe (PID: 6768)
      • hpehprubgf.exe (PID: 3048)
      • cpfsjfpgms.exe (PID: 5616)
      • gmykmweacm.exe (PID: 5900)
      • wvxtxccxhn.exe (PID: 4648)
      • wdhztzhbnl.exe (PID: 2064)
      • jpolijtgyu.exe (PID: 2076)
      • mxpxcpxtep.exe (PID: 1056)
      • biwirxgstm.exe (PID: 1720)
      • wdcddyuhbu.exe (PID: 5020)
      • yoczivojzv.exe (PID: 4372)
      • ebjcxgaamj.exe (PID: 1028)
      • otoxlupdkr.exe (PID: 2716)
      • wxidfkayio.exe (PID: 6504)
      • jdmcpdtlio.exe (PID: 3932)
      • qhldhurbsu.exe (PID: 1964)
      • loopvljayf.exe (PID: 424)
      • vndyxmdzbm.exe (PID: 6292)
      • yyeybwkufa.exe (PID: 7116)
      • ixsbzphcoi.exe (PID: 4808)
      • ygomxtpzly.exe (PID: 6612)
      • goxgwetsxb.exe (PID: 1760)
      • tbdscgfeis.exe (PID: 4832)
      • jkcbomdcns.exe (PID: 760)
      • lmdomutidk.exe (PID: 2468)
      • dbnfoynjzp.exe (PID: 5008)
      • vjylsvkonn.exe (PID: 1604)
      • lvnvwgcark.exe (PID: 6492)
      • ffatfjauci.exe (PID: 6840)
      • fgmxeenufy.exe (PID: 1932)
      • iinscudaui.exe (PID: 6352)
      • taobgekdzw.exe (PID: 6636)
      • prxynfetjr.exe (PID: 2228)
      • iktfdtetpp.exe (PID: 6472)
      • kaazppvwsx.exe (PID: 6348)
      • nldyztrhfv.exe (PID: 4984)
      • pdncnmxkst.exe (PID: 7164)
      • hgslfhhuuo.exe (PID: 5476)
      • svhkdpirwy.exe (PID: 1496)
      • krqwjnmpvt.exe (PID: 3972)
      • nfllgyzcye.exe (PID: 4052)
      • pntkfjbqvc.exe (PID: 4320)
      • ptkcrnfvgx.exe (PID: 3720)
      • pfenedoqzs.exe (PID: 2792)
      • hcozdjsngg.exe (PID: 4236)
      • hugegyardp.exe (PID: 2460)
      • hzoxzzytwj.exe (PID: 2532)
      • cyrbzlitjx.exe (PID: 2140)
      • cuvcfmwytc.exe (PID: 3888)
      • ebromibvzz.exe (PID: 1816)
      • hefsuabtmx.exe (PID: 7120)
      • jonhczjmie.exe (PID: 4892)
      • hfstzowcyx.exe (PID: 6704)
      • oirvrftrie.exe (PID: 6868)
      • hmswerogbo.exe (PID: 5952)
      • wyavfzdxsj.exe (PID: 6512)
      • bpolhvgvcx.exe (PID: 1132)
      • lpdtqosvgm.exe (PID: 5284)
      • rywhebbkdw.exe (PID: 2728)
      • gohkhnpehn.exe (PID: 3948)
      • tjibyoowgm.exe (PID: 4920)
      • rghnayzpqv.exe (PID: 4664)
      • gwcorecjve.exe (PID: 3672)
      • lgtqkvkhja.exe (PID: 3884)
      • rwrxtfxiyk.exe (PID: 3644)
      • dvdgmreinf.exe (PID: 724)
      • jbluwobqgm.exe (PID: 5240)
      • ybwumwoqdy.exe (PID: 2160)
      • lpziijcrlh.exe (PID: 5768)
      • tlllfwmphw.exe (PID: 7104)
      • gvbuviuijs.exe (PID: 4828)
      • bbuhvnmqgl.exe (PID: 432)

    • Executable content was dropped or overwritten

      • 2025-06-21_be08828d68ccf7d54a2dc9ca7dfbe78a_amadey_elex_smoke-loader_stop.exe (PID: 5644)
      • uixnhbfter.exe (PID: 5884)
      • rjhsderuro.exe (PID: 2492)
      • uazlnnntmj.exe (PID: 5424)
      • whnndnwxhv.exe (PID: 4844)
      • bqwitkcdoj.exe (PID: 2228)
      • bxtokbfziq.exe (PID: 6380)
      • rknhexrhjn.exe (PID: 5904)
      • 2025-06-21_be08828d68ccf7d54a2dc9ca7dfbe78a_amadey_elex_smoke-loader_stop.exe (PID: 1560)
      • bzanfypvoa.exe (PID: 5532)
      • mftdqqxwzv.exe (PID: 6180)
      • rgmbxpqckz.exe (PID: 4012)
      • yautgreoru.exe (PID: 4084)
      • ylfhgmwsig.exe (PID: 6868)
      • yplejheunr.exe (PID: 4760)
      • jwinqrtdww.exe (PID: 3640)
      • wndvbwgnua.exe (PID: 6532)
      • gnzlwknsfy.exe (PID: 5884)
      • gqnkqqzvvu.exe (PID: 4888)
      • iuaxqyjfml.exe (PID: 4832)
      • gvwbxdfyxx.exe (PID: 2792)
      • terabbsint.exe (PID: 2368)
      • nwsyjhqdzi.exe (PID: 3908)
      • tuzmdcfova.exe (PID: 984)
      • idukpgquxs.exe (PID: 3564)
      • yhedhgconq.exe (PID: 3652)
      • dciguaulhm.exe (PID: 2320)
      • dylqabjiri.exe (PID: 5168)
      • tztkgmqwlc.exe (PID: 5532)
      • qmycbjerak.exe (PID: 5780)
      • nvtacttjle.exe (PID: 6876)
      • dwfgdmicng.exe (PID: 6404)
      • dabwxkuwdb.exe (PID: 5908)
      • xnsarszkim.exe (PID: 2492)
      • fkdkdbjdtt.exe (PID: 620)
      • dawbhbhjrs.exe (PID: 640)
      • ktxzblsfbm.exe (PID: 6768)
      • fwlufdgurt.exe (PID: 2280)
      • hkbxfshdwg.exe (PID: 5616)
      • arszlrwhnm.exe (PID: 6492)
      • mfsqpzymnw.exe (PID: 6128)
      • shvmlszbzk.exe (PID: 6584)
      • mjogjxkpdr.exe (PID: 6852)
      • sayxcmmbca.exe (PID: 1296)
      • athnwoxelu.exe (PID: 6896)
      • sttyhbgjos.exe (PID: 4804)
      • hqdwznxlpk.exe (PID: 5628)
      • ameuhwzvge.exe (PID: 3628)
      • pkwaeakznn.exe (PID: 6508)
      • cespfpwdpm.exe (PID: 6200)
      • knlbbbvnxt.exe (PID: 2804)
      • zkwmevrytj.exe (PID: 3640)
      • emofamevkp.exe (PID: 2140)
      • ebpnrxujhw.exe (PID: 760)
      • hpehprubgf.exe (PID: 6492)
      • zsswalcdkq.exe (PID: 4748)
      • gmykmweacm.exe (PID: 4476)
      • wvxtxccxhn.exe (PID: 6472)
      • cpfsjfpgms.exe (PID: 4844)
      • jpolijtgyu.exe (PID: 6636)
      • mxpxcpxtep.exe (PID: 728)
      • wdhztzhbnl.exe (PID: 6584)
      • biwirxgstm.exe (PID: 7008)
      • yoczivojzv.exe (PID: 4084)
      • wdcddyuhbu.exe (PID: 4888)
      • otoxlupdkr.exe (PID: 2296)
      • wxidfkayio.exe (PID: 7052)
      • ebjcxgaamj.exe (PID: 6152)
      • qhldhurbsu.exe (PID: 7128)
      • loopvljayf.exe (PID: 6380)
      • jdmcpdtlio.exe (PID: 1812)
      • vndyxmdzbm.exe (PID: 3900)
      • yyeybwkufa.exe (PID: 4552)
      • ygomxtpzly.exe (PID: 6376)
      • ixsbzphcoi.exe (PID: 6172)
      • tbdscgfeis.exe (PID: 2368)
      • goxgwetsxb.exe (PID: 5232)
      • jkcbomdcns.exe (PID: 1816)
      • lmdomutidk.exe (PID: 4680)
      • dbnfoynjzp.exe (PID: 6620)
      • lvnvwgcark.exe (PID: 6036)
      • vjylsvkonn.exe (PID: 5952)
      • fgmxeenufy.exe (PID: 236)
      • ffatfjauci.exe (PID: 6408)
      • iinscudaui.exe (PID: 2144)
      • prxynfetjr.exe (PID: 7140)
      • taobgekdzw.exe (PID: 6264)
      • kaazppvwsx.exe (PID: 6936)
      • nldyztrhfv.exe (PID: 4804)
      • iktfdtetpp.exe (PID: 5012)
      • pdncnmxkst.exe (PID: 2076)
      • hgslfhhuuo.exe (PID: 3000)
      • svhkdpirwy.exe (PID: 2348)
      • krqwjnmpvt.exe (PID: 2648)
      • nfllgyzcye.exe (PID: 5896)
      • ptkcrnfvgx.exe (PID: 5716)
      • pfenedoqzs.exe (PID: 2664)
      • pntkfjbqvc.exe (PID: 6896)
      • hugegyardp.exe (PID: 3640)
      • hzoxzzytwj.exe (PID: 2072)
      • hcozdjsngg.exe (PID: 2952)
      • cuvcfmwytc.exe (PID: 1328)
      • cyrbzlitjx.exe (PID: 4552)
      • ebromibvzz.exe (PID: 2132)
      • jonhczjmie.exe (PID: 1652)
      • hefsuabtmx.exe (PID: 472)
      • oirvrftrie.exe (PID: 6532)
      • hmswerogbo.exe (PID: 4832)
      • hfstzowcyx.exe (PID: 6036)
      • wyavfzdxsj.exe (PID: 1828)
      • bpolhvgvcx.exe (PID: 5116)
      • lpdtqosvgm.exe (PID: 7056)
      • gohkhnpehn.exe (PID: 4932)
      • rywhebbkdw.exe (PID: 3852)
      • rghnayzpqv.exe (PID: 7000)
      • tjibyoowgm.exe (PID: 5848)
      • gwcorecjve.exe (PID: 5960)
      • rwrxtfxiyk.exe (PID: 4968)
      • dvdgmreinf.exe (PID: 3460)
      • lgtqkvkhja.exe (PID: 5620)
      • jbluwobqgm.exe (PID: 1580)
      • ybwumwoqdy.exe (PID: 7052)
      • lpziijcrlh.exe (PID: 6348)
      • gvbuviuijs.exe (PID: 5140)
      • tlllfwmphw.exe (PID: 3788)
      • bbuhvnmqgl.exe (PID: 4192)

    • Starts itself from another location

      • 2025-06-21_be08828d68ccf7d54a2dc9ca7dfbe78a_amadey_elex_smoke-loader_stop.exe (PID: 1560)
      • uixnhbfter.exe (PID: 2952)
      • uazlnnntmj.exe (PID: 5168)
      • rjhsderuro.exe (PID: 864)
      • whnndnwxhv.exe (PID: 1332)
      • bqwitkcdoj.exe (PID: 3608)
      • bxtokbfziq.exe (PID: 6356)
      • rknhexrhjn.exe (PID: 5908)
      • bzanfypvoa.exe (PID: 6408)
      • mftdqqxwzv.exe (PID: 620)
      • rgmbxpqckz.exe (PID: 4104)
      • yautgreoru.exe (PID: 2280)
      • yplejheunr.exe (PID: 6304)
      • ylfhgmwsig.exe (PID: 7076)
      • wndvbwgnua.exe (PID: 1604)
      • jwinqrtdww.exe (PID: 6836)
      • gnzlwknsfy.exe (PID: 7152)
      • gqnkqqzvvu.exe (PID: 2808)
      • iuaxqyjfml.exe (PID: 6732)
      • terabbsint.exe (PID: 5600)
      • gvwbxdfyxx.exe (PID: 4804)
      • nwsyjhqdzi.exe (PID: 6756)
      • tuzmdcfova.exe (PID: 4576)
      • idukpgquxs.exe (PID: 4708)
      • yhedhgconq.exe (PID: 6508)
      • dylqabjiri.exe (PID: 3900)
      • dciguaulhm.exe (PID: 7004)
      • tztkgmqwlc.exe (PID: 2612)
      • nvtacttjle.exe (PID: 3048)
      • qmycbjerak.exe (PID: 760)
      • dabwxkuwdb.exe (PID: 4476)
      • dwfgdmicng.exe (PID: 1944)
      • fkdkdbjdtt.exe (PID: 5848)
      • xnsarszkim.exe (PID: 6512)
      • dawbhbhjrs.exe (PID: 5504)
      • fwlufdgurt.exe (PID: 5124)
      • ktxzblsfbm.exe (PID: 6524)
      • hkbxfshdwg.exe (PID: 2356)
      • arszlrwhnm.exe (PID: 2848)
      • mfsqpzymnw.exe (PID: 1964)
      • shvmlszbzk.exe (PID: 3780)
      • mjogjxkpdr.exe (PID: 6292)
      • sayxcmmbca.exe (PID: 2460)
      • athnwoxelu.exe (PID: 2664)
      • sttyhbgjos.exe (PID: 2320)
      • hqdwznxlpk.exe (PID: 5780)
      • ameuhwzvge.exe (PID: 3160)
      • pkwaeakznn.exe (PID: 5244)
      • cespfpwdpm.exe (PID: 4680)
      • knlbbbvnxt.exe (PID: 7000)
      • emofamevkp.exe (PID: 2144)
      • zkwmevrytj.exe (PID: 4824)
      • ebpnrxujhw.exe (PID: 6264)
      • hpehprubgf.exe (PID: 3048)
      • zsswalcdkq.exe (PID: 6768)
      • gmykmweacm.exe (PID: 5900)
      • wvxtxccxhn.exe (PID: 4648)
      • cpfsjfpgms.exe (PID: 5616)
      • jpolijtgyu.exe (PID: 2076)
      • mxpxcpxtep.exe (PID: 1056)
      • wdhztzhbnl.exe (PID: 2064)
      • biwirxgstm.exe (PID: 1720)
      • yoczivojzv.exe (PID: 4372)
      • wdcddyuhbu.exe (PID: 5020)
      • otoxlupdkr.exe (PID: 2716)
      • ebjcxgaamj.exe (PID: 1028)
      • wxidfkayio.exe (PID: 6504)
      • qhldhurbsu.exe (PID: 1964)
      • jdmcpdtlio.exe (PID: 3932)
      • loopvljayf.exe (PID: 424)
      • vndyxmdzbm.exe (PID: 6292)
      • yyeybwkufa.exe (PID: 7116)
      • ygomxtpzly.exe (PID: 6612)
      • ixsbzphcoi.exe (PID: 4808)
      • tbdscgfeis.exe (PID: 4832)
      • goxgwetsxb.exe (PID: 1760)
      • jkcbomdcns.exe (PID: 760)
      • lmdomutidk.exe (PID: 2468)
      • dbnfoynjzp.exe (PID: 5008)
      • lvnvwgcark.exe (PID: 6492)
      • vjylsvkonn.exe (PID: 1604)
      • fgmxeenufy.exe (PID: 1932)
      • ffatfjauci.exe (PID: 6840)
      • iinscudaui.exe (PID: 6352)
      • taobgekdzw.exe (PID: 6636)
      • prxynfetjr.exe (PID: 2228)
      • kaazppvwsx.exe (PID: 6348)
      • nldyztrhfv.exe (PID: 4984)
      • iktfdtetpp.exe (PID: 6472)
      • hgslfhhuuo.exe (PID: 5476)
      • pdncnmxkst.exe (PID: 7164)
      • svhkdpirwy.exe (PID: 1496)
      • krqwjnmpvt.exe (PID: 3972)
      • nfllgyzcye.exe (PID: 4052)
      • ptkcrnfvgx.exe (PID: 3720)
      • pfenedoqzs.exe (PID: 2792)
      • pntkfjbqvc.exe (PID: 4320)
      • hugegyardp.exe (PID: 2460)
      • hzoxzzytwj.exe (PID: 2532)
      • hcozdjsngg.exe (PID: 4236)
      • cuvcfmwytc.exe (PID: 3888)
      • ebromibvzz.exe (PID: 1816)
      • cyrbzlitjx.exe (PID: 2140)
      • jonhczjmie.exe (PID: 4892)
      • oirvrftrie.exe (PID: 6868)
      • hefsuabtmx.exe (PID: 7120)
      • hmswerogbo.exe (PID: 5952)
      • hfstzowcyx.exe (PID: 6704)
      • wyavfzdxsj.exe (PID: 6512)
      • bpolhvgvcx.exe (PID: 1132)
      • lpdtqosvgm.exe (PID: 5284)
      • gohkhnpehn.exe (PID: 3948)
      • rywhebbkdw.exe (PID: 2728)
      • rghnayzpqv.exe (PID: 4664)
      • tjibyoowgm.exe (PID: 4920)
      • rwrxtfxiyk.exe (PID: 3644)
      • gwcorecjve.exe (PID: 3672)
      • dvdgmreinf.exe (PID: 724)
      • lgtqkvkhja.exe (PID: 3884)
      • ybwumwoqdy.exe (PID: 2160)
      • lpziijcrlh.exe (PID: 5768)
      • jbluwobqgm.exe (PID: 5240)
      • tlllfwmphw.exe (PID: 7104)
      • bbuhvnmqgl.exe (PID: 432)
      • gvbuviuijs.exe (PID: 4828)

  • INFO

    • The sample compiled with chinese language support

      • 2025-06-21_be08828d68ccf7d54a2dc9ca7dfbe78a_amadey_elex_smoke-loader_stop.exe (PID: 1560)
      • 2025-06-21_be08828d68ccf7d54a2dc9ca7dfbe78a_amadey_elex_smoke-loader_stop.exe (PID: 5644)
      • uixnhbfter.exe (PID: 5884)
      • rjhsderuro.exe (PID: 2492)
      • uazlnnntmj.exe (PID: 5424)
      • whnndnwxhv.exe (PID: 4844)
      • bqwitkcdoj.exe (PID: 2228)
      • rknhexrhjn.exe (PID: 5904)
      • bxtokbfziq.exe (PID: 6380)
      • mftdqqxwzv.exe (PID: 6180)
      • bzanfypvoa.exe (PID: 5532)
      • rgmbxpqckz.exe (PID: 4012)
      • yautgreoru.exe (PID: 4084)
      • yplejheunr.exe (PID: 4760)
      • ylfhgmwsig.exe (PID: 6868)
      • wndvbwgnua.exe (PID: 6532)
      • jwinqrtdww.exe (PID: 3640)
      • gnzlwknsfy.exe (PID: 5884)
      • iuaxqyjfml.exe (PID: 4832)
      • gqnkqqzvvu.exe (PID: 4888)
      • terabbsint.exe (PID: 2368)
      • gvwbxdfyxx.exe (PID: 2792)
      • nwsyjhqdzi.exe (PID: 3908)
      • tuzmdcfova.exe (PID: 984)
      • idukpgquxs.exe (PID: 3564)
      • yhedhgconq.exe (PID: 3652)
      • dylqabjiri.exe (PID: 5168)
      • dciguaulhm.exe (PID: 2320)
      • tztkgmqwlc.exe (PID: 5532)
      • qmycbjerak.exe (PID: 5780)
      • nvtacttjle.exe (PID: 6876)
      • dabwxkuwdb.exe (PID: 5908)
      • dwfgdmicng.exe (PID: 6404)
      • fkdkdbjdtt.exe (PID: 620)
      • xnsarszkim.exe (PID: 2492)
      • ktxzblsfbm.exe (PID: 6768)
      • fwlufdgurt.exe (PID: 2280)
      • hkbxfshdwg.exe (PID: 5616)
      • arszlrwhnm.exe (PID: 6492)
      • mfsqpzymnw.exe (PID: 6128)
      • shvmlszbzk.exe (PID: 6584)
      • mjogjxkpdr.exe (PID: 6852)
      • sayxcmmbca.exe (PID: 1296)
      • athnwoxelu.exe (PID: 6896)
      • hqdwznxlpk.exe (PID: 5628)
      • sttyhbgjos.exe (PID: 4804)
      • ameuhwzvge.exe (PID: 3628)
      • pkwaeakznn.exe (PID: 6508)
      • cespfpwdpm.exe (PID: 6200)
      • knlbbbvnxt.exe (PID: 2804)
      • emofamevkp.exe (PID: 2140)
      • zkwmevrytj.exe (PID: 3640)
      • ebpnrxujhw.exe (PID: 760)
      • hpehprubgf.exe (PID: 6492)
      • zsswalcdkq.exe (PID: 4748)
      • gmykmweacm.exe (PID: 4476)
      • wvxtxccxhn.exe (PID: 6472)
      • cpfsjfpgms.exe (PID: 4844)
      • jpolijtgyu.exe (PID: 6636)
      • mxpxcpxtep.exe (PID: 728)
      • wdhztzhbnl.exe (PID: 6584)
      • biwirxgstm.exe (PID: 7008)
      • wdcddyuhbu.exe (PID: 4888)
      • yoczivojzv.exe (PID: 4084)
      • otoxlupdkr.exe (PID: 2296)
      • wxidfkayio.exe (PID: 7052)
      • ebjcxgaamj.exe (PID: 6152)
      • qhldhurbsu.exe (PID: 7128)
      • jdmcpdtlio.exe (PID: 1812)
      • vndyxmdzbm.exe (PID: 3900)
      • loopvljayf.exe (PID: 6380)
      • yyeybwkufa.exe (PID: 4552)
      • ygomxtpzly.exe (PID: 6376)
      • ixsbzphcoi.exe (PID: 6172)
      • tbdscgfeis.exe (PID: 2368)
      • goxgwetsxb.exe (PID: 5232)
      • jkcbomdcns.exe (PID: 1816)
      • dbnfoynjzp.exe (PID: 6620)
      • lmdomutidk.exe (PID: 4680)
      • lvnvwgcark.exe (PID: 6036)
      • vjylsvkonn.exe (PID: 5952)
      • fgmxeenufy.exe (PID: 236)
      • ffatfjauci.exe (PID: 6408)
      • iinscudaui.exe (PID: 2144)
      • prxynfetjr.exe (PID: 7140)
      • taobgekdzw.exe (PID: 6264)
      • kaazppvwsx.exe (PID: 6936)
      • nldyztrhfv.exe (PID: 4804)
      • iktfdtetpp.exe (PID: 5012)
      • hgslfhhuuo.exe (PID: 3000)
      • pdncnmxkst.exe (PID: 2076)
      • svhkdpirwy.exe (PID: 2348)
      • krqwjnmpvt.exe (PID: 2648)
      • nfllgyzcye.exe (PID: 5896)
      • ptkcrnfvgx.exe (PID: 5716)
      • pfenedoqzs.exe (PID: 2664)
      • pntkfjbqvc.exe (PID: 6896)
      • hugegyardp.exe (PID: 3640)
      • hzoxzzytwj.exe (PID: 2072)
      • hcozdjsngg.exe (PID: 2952)
      • cuvcfmwytc.exe (PID: 1328)
      • ebromibvzz.exe (PID: 2132)
      • cyrbzlitjx.exe (PID: 4552)
      • jonhczjmie.exe (PID: 1652)
      • oirvrftrie.exe (PID: 6532)
      • hefsuabtmx.exe (PID: 472)
      • hfstzowcyx.exe (PID: 6036)
      • hmswerogbo.exe (PID: 4832)
      • wyavfzdxsj.exe (PID: 1828)
      • bpolhvgvcx.exe (PID: 5116)
      • lpdtqosvgm.exe (PID: 7056)
      • gohkhnpehn.exe (PID: 4932)
      • rywhebbkdw.exe (PID: 3852)
      • rghnayzpqv.exe (PID: 7000)
      • gwcorecjve.exe (PID: 5960)
      • tjibyoowgm.exe (PID: 5848)
      • rwrxtfxiyk.exe (PID: 4968)
      • dvdgmreinf.exe (PID: 3460)
      • lgtqkvkhja.exe (PID: 5620)
      • ybwumwoqdy.exe (PID: 7052)
      • lpziijcrlh.exe (PID: 6348)
      • jbluwobqgm.exe (PID: 1580)
      • tlllfwmphw.exe (PID: 3788)
      • bbuhvnmqgl.exe (PID: 4192)
      • gvbuviuijs.exe (PID: 5140)

    • Reads the machine GUID from the registry

      • 2025-06-21_be08828d68ccf7d54a2dc9ca7dfbe78a_amadey_elex_smoke-loader_stop.exe (PID: 5644)
      • uixnhbfter.exe (PID: 5884)
      • rjhsderuro.exe (PID: 2492)
      • uazlnnntmj.exe (PID: 5424)
      • uixnhbfter.exe (PID: 2952)
      • rjhsderuro.exe (PID: 864)
      • bqwitkcdoj.exe (PID: 2228)
      • uazlnnntmj.exe (PID: 5168)
      • whnndnwxhv.exe (PID: 4844)
      • 2025-06-21_be08828d68ccf7d54a2dc9ca7dfbe78a_amadey_elex_smoke-loader_stop.exe (PID: 1560)
      • bxtokbfziq.exe (PID: 6380)
      • whnndnwxhv.exe (PID: 1332)
      • mftdqqxwzv.exe (PID: 6180)
      • bxtokbfziq.exe (PID: 6356)
      • rknhexrhjn.exe (PID: 5904)
      • bqwitkcdoj.exe (PID: 3608)
      • bzanfypvoa.exe (PID: 5532)
      • rknhexrhjn.exe (PID: 5908)
      • rgmbxpqckz.exe (PID: 4012)
      • mftdqqxwzv.exe (PID: 620)
      • yautgreoru.exe (PID: 4084)
      • bzanfypvoa.exe (PID: 6408)
      • rgmbxpqckz.exe (PID: 4104)
      • yplejheunr.exe (PID: 4760)
      • yautgreoru.exe (PID: 2280)
      • ylfhgmwsig.exe (PID: 6868)
      • wndvbwgnua.exe (PID: 6532)
      • ylfhgmwsig.exe (PID: 7076)
      • jwinqrtdww.exe (PID: 3640)
      • yplejheunr.exe (PID: 6304)
      • wndvbwgnua.exe (PID: 1604)
      • gnzlwknsfy.exe (PID: 5884)
      • jwinqrtdww.exe (PID: 6836)
      • gqnkqqzvvu.exe (PID: 4888)
      • gnzlwknsfy.exe (PID: 7152)
      • iuaxqyjfml.exe (PID: 4832)
      • gqnkqqzvvu.exe (PID: 2808)
      • iuaxqyjfml.exe (PID: 6732)
      • gvwbxdfyxx.exe (PID: 2792)
      • terabbsint.exe (PID: 5600)
      • terabbsint.exe (PID: 2368)
      • gvwbxdfyxx.exe (PID: 4804)
      • tuzmdcfova.exe (PID: 984)
      • nwsyjhqdzi.exe (PID: 3908)
      • nwsyjhqdzi.exe (PID: 6756)
      • idukpgquxs.exe (PID: 3564)
      • tuzmdcfova.exe (PID: 4576)
      • yhedhgconq.exe (PID: 3652)
      • idukpgquxs.exe (PID: 4708)
      • yhedhgconq.exe (PID: 6508)
      • dylqabjiri.exe (PID: 3900)
      • dylqabjiri.exe (PID: 5168)
      • dciguaulhm.exe (PID: 2320)
      • tztkgmqwlc.exe (PID: 5532)
      • dciguaulhm.exe (PID: 7004)
      • qmycbjerak.exe (PID: 5780)
      • qmycbjerak.exe (PID: 760)
      • dwfgdmicng.exe (PID: 6404)
      • tztkgmqwlc.exe (PID: 2612)
      • nvtacttjle.exe (PID: 6876)
      • nvtacttjle.exe (PID: 3048)
      • dabwxkuwdb.exe (PID: 5908)
      • dwfgdmicng.exe (PID: 1944)
      • dabwxkuwdb.exe (PID: 4476)
      • xnsarszkim.exe (PID: 2492)
      • fkdkdbjdtt.exe (PID: 620)
      • dawbhbhjrs.exe (PID: 640)
      • xnsarszkim.exe (PID: 6512)
      • ktxzblsfbm.exe (PID: 6768)
      • fkdkdbjdtt.exe (PID: 5848)
      • ktxzblsfbm.exe (PID: 6524)
      • arszlrwhnm.exe (PID: 6492)
      • dawbhbhjrs.exe (PID: 5504)
      • fwlufdgurt.exe (PID: 2280)
      • fwlufdgurt.exe (PID: 5124)
      • arszlrwhnm.exe (PID: 2848)
      • hkbxfshdwg.exe (PID: 5616)
      • mfsqpzymnw.exe (PID: 6128)
      • mjogjxkpdr.exe (PID: 6852)
      • hkbxfshdwg.exe (PID: 2356)
      • shvmlszbzk.exe (PID: 6584)
      • mjogjxkpdr.exe (PID: 6292)
      • mfsqpzymnw.exe (PID: 1964)
      • sayxcmmbca.exe (PID: 1296)
      • shvmlszbzk.exe (PID: 3780)
      • athnwoxelu.exe (PID: 6896)
      • athnwoxelu.exe (PID: 2664)
      • hqdwznxlpk.exe (PID: 5628)
      • sayxcmmbca.exe (PID: 2460)
      • sttyhbgjos.exe (PID: 4804)
      • ameuhwzvge.exe (PID: 3628)
      • hqdwznxlpk.exe (PID: 5780)
      • sttyhbgjos.exe (PID: 2320)
      • pkwaeakznn.exe (PID: 6508)
      • cespfpwdpm.exe (PID: 4680)
      • cespfpwdpm.exe (PID: 6200)
      • ameuhwzvge.exe (PID: 3160)
      • knlbbbvnxt.exe (PID: 2804)
      • zkwmevrytj.exe (PID: 3640)
      • pkwaeakznn.exe (PID: 5244)
      • emofamevkp.exe (PID: 2140)
      • knlbbbvnxt.exe (PID: 7000)
      • emofamevkp.exe (PID: 2144)
      • zsswalcdkq.exe (PID: 4748)
      • zkwmevrytj.exe (PID: 4824)
      • ebpnrxujhw.exe (PID: 760)
      • hpehprubgf.exe (PID: 6492)
      • ebpnrxujhw.exe (PID: 6264)
      • hpehprubgf.exe (PID: 3048)
      • zsswalcdkq.exe (PID: 6768)
      • gmykmweacm.exe (PID: 4476)
      • cpfsjfpgms.exe (PID: 4844)
      • wvxtxccxhn.exe (PID: 6472)
      • cpfsjfpgms.exe (PID: 5616)
      • gmykmweacm.exe (PID: 5900)
      • wdhztzhbnl.exe (PID: 6584)
      • wvxtxccxhn.exe (PID: 4648)
      • jpolijtgyu.exe (PID: 6636)
      • jpolijtgyu.exe (PID: 2076)
      • mxpxcpxtep.exe (PID: 728)
      • mxpxcpxtep.exe (PID: 1056)
      • wdhztzhbnl.exe (PID: 2064)
      • biwirxgstm.exe (PID: 7008)
      • biwirxgstm.exe (PID: 1720)
      • yoczivojzv.exe (PID: 4084)
      • wdcddyuhbu.exe (PID: 4888)
      • yoczivojzv.exe (PID: 4372)
      • wdcddyuhbu.exe (PID: 5020)
      • otoxlupdkr.exe (PID: 2296)
      • wxidfkayio.exe (PID: 7052)
      • ebjcxgaamj.exe (PID: 6152)
      • otoxlupdkr.exe (PID: 2716)
      • wxidfkayio.exe (PID: 6504)
      • ebjcxgaamj.exe (PID: 1028)
      • qhldhurbsu.exe (PID: 7128)
      • qhldhurbsu.exe (PID: 1964)
      • loopvljayf.exe (PID: 6380)
      • jdmcpdtlio.exe (PID: 1812)
      • loopvljayf.exe (PID: 424)
      • jdmcpdtlio.exe (PID: 3932)
      • vndyxmdzbm.exe (PID: 3900)
      • vndyxmdzbm.exe (PID: 6292)
      • yyeybwkufa.exe (PID: 4552)
      • ixsbzphcoi.exe (PID: 6172)
      • yyeybwkufa.exe (PID: 7116)
      • ygomxtpzly.exe (PID: 6376)
      • tbdscgfeis.exe (PID: 2368)
      • ygomxtpzly.exe (PID: 6612)
      • ixsbzphcoi.exe (PID: 4808)
      • tbdscgfeis.exe (PID: 4832)
      • goxgwetsxb.exe (PID: 5232)
      • jkcbomdcns.exe (PID: 1816)
      • goxgwetsxb.exe (PID: 1760)
      • lmdomutidk.exe (PID: 4680)
      • dbnfoynjzp.exe (PID: 6620)
      • jkcbomdcns.exe (PID: 760)
      • lmdomutidk.exe (PID: 2468)
      • lvnvwgcark.exe (PID: 6036)
      • lvnvwgcark.exe (PID: 6492)
      • ffatfjauci.exe (PID: 6408)
      • dbnfoynjzp.exe (PID: 5008)
      • vjylsvkonn.exe (PID: 5952)
      • fgmxeenufy.exe (PID: 236)
      • vjylsvkonn.exe (PID: 1604)
      • taobgekdzw.exe (PID: 6264)
      • ffatfjauci.exe (PID: 6840)
      • iinscudaui.exe (PID: 2144)
      • fgmxeenufy.exe (PID: 1932)
      • prxynfetjr.exe (PID: 7140)
      • taobgekdzw.exe (PID: 6636)
      • iinscudaui.exe (PID: 6352)
      • prxynfetjr.exe (PID: 2228)
      • iktfdtetpp.exe (PID: 5012)
      • kaazppvwsx.exe (PID: 6936)
      • nldyztrhfv.exe (PID: 4804)
      • kaazppvwsx.exe (PID: 6348)
      • iktfdtetpp.exe (PID: 6472)
      • nldyztrhfv.exe (PID: 4984)
      • pdncnmxkst.exe (PID: 2076)
      • hgslfhhuuo.exe (PID: 3000)
      • svhkdpirwy.exe (PID: 2348)
      • pdncnmxkst.exe (PID: 7164)
      • nfllgyzcye.exe (PID: 5896)
      • hgslfhhuuo.exe (PID: 5476)
      • svhkdpirwy.exe (PID: 1496)
      • krqwjnmpvt.exe (PID: 2648)
      • ptkcrnfvgx.exe (PID: 5716)
      • krqwjnmpvt.exe (PID: 3972)
      • nfllgyzcye.exe (PID: 4052)
      • ptkcrnfvgx.exe (PID: 3720)
      • pfenedoqzs.exe (PID: 2664)
      • pntkfjbqvc.exe (PID: 6896)
      • hugegyardp.exe (PID: 3640)
      • pfenedoqzs.exe (PID: 2792)
      • pntkfjbqvc.exe (PID: 4320)
      • hcozdjsngg.exe (PID: 2952)
      • hugegyardp.exe (PID: 2460)
      • hzoxzzytwj.exe (PID: 2072)
      • hzoxzzytwj.exe (PID: 2532)
      • hcozdjsngg.exe (PID: 4236)
      • cuvcfmwytc.exe (PID: 1328)
      • ebromibvzz.exe (PID: 2132)
      • cyrbzlitjx.exe (PID: 2140)
      • cyrbzlitjx.exe (PID: 4552)
      • cuvcfmwytc.exe (PID: 3888)
      • ebromibvzz.exe (PID: 1816)
      • hefsuabtmx.exe (PID: 472)
      • jonhczjmie.exe (PID: 1652)
      • jonhczjmie.exe (PID: 4892)
      • oirvrftrie.exe (PID: 6532)
      • hefsuabtmx.exe (PID: 7120)
      • oirvrftrie.exe (PID: 6868)
      • hmswerogbo.exe (PID: 4832)
      • hfstzowcyx.exe (PID: 6704)
      • hfstzowcyx.exe (PID: 6036)
      • wyavfzdxsj.exe (PID: 1828)
      • hmswerogbo.exe (PID: 5952)
      • bpolhvgvcx.exe (PID: 5116)
      • wyavfzdxsj.exe (PID: 6512)
      • lpdtqosvgm.exe (PID: 7056)
      • bpolhvgvcx.exe (PID: 1132)
      • lpdtqosvgm.exe (PID: 5284)
      • gohkhnpehn.exe (PID: 4932)
      • rywhebbkdw.exe (PID: 3852)
      • gohkhnpehn.exe (PID: 3948)
      • rywhebbkdw.exe (PID: 2728)
      • rghnayzpqv.exe (PID: 7000)
      • tjibyoowgm.exe (PID: 5848)
      • rghnayzpqv.exe (PID: 4664)
      • gwcorecjve.exe (PID: 5960)
      • tjibyoowgm.exe (PID: 4920)
      • gwcorecjve.exe (PID: 3672)
      • lgtqkvkhja.exe (PID: 5620)
      • rwrxtfxiyk.exe (PID: 4968)
      • dvdgmreinf.exe (PID: 3460)
      • lgtqkvkhja.exe (PID: 3884)
      • rwrxtfxiyk.exe (PID: 3644)
      • ybwumwoqdy.exe (PID: 7052)
      • dvdgmreinf.exe (PID: 724)
      • jbluwobqgm.exe (PID: 1580)
      • lpziijcrlh.exe (PID: 6348)
      • ybwumwoqdy.exe (PID: 2160)
      • gvbuviuijs.exe (PID: 5140)
      • jbluwobqgm.exe (PID: 5240)
      • tlllfwmphw.exe (PID: 3788)
      • lpziijcrlh.exe (PID: 5768)
      • bbuhvnmqgl.exe (PID: 4192)
      • tlllfwmphw.exe (PID: 7104)

    • Checks supported languages

      • 2025-06-21_be08828d68ccf7d54a2dc9ca7dfbe78a_amadey_elex_smoke-loader_stop.exe (PID: 5644)
      • 2025-06-21_be08828d68ccf7d54a2dc9ca7dfbe78a_amadey_elex_smoke-loader_stop.exe (PID: 1560)
      • uixnhbfter.exe (PID: 2952)
      • uixnhbfter.exe (PID: 5884)
      • rjhsderuro.exe (PID: 864)
      • rjhsderuro.exe (PID: 2492)
      • uazlnnntmj.exe (PID: 5168)
      • uazlnnntmj.exe (PID: 5424)
      • whnndnwxhv.exe (PID: 1332)
      • bqwitkcdoj.exe (PID: 3608)
      • bqwitkcdoj.exe (PID: 2228)
      • whnndnwxhv.exe (PID: 4844)
      • bxtokbfziq.exe (PID: 6356)
      • bxtokbfziq.exe (PID: 6380)
      • mftdqqxwzv.exe (PID: 6180)
      • rknhexrhjn.exe (PID: 5904)
      • rknhexrhjn.exe (PID: 5908)
      • mftdqqxwzv.exe (PID: 620)
      • rgmbxpqckz.exe (PID: 4104)
      • bzanfypvoa.exe (PID: 6408)
      • bzanfypvoa.exe (PID: 5532)
      • rgmbxpqckz.exe (PID: 4012)
      • yautgreoru.exe (PID: 2280)
      • yautgreoru.exe (PID: 4084)
      • yplejheunr.exe (PID: 6304)
      • yplejheunr.exe (PID: 4760)
      • ylfhgmwsig.exe (PID: 6868)
      • ylfhgmwsig.exe (PID: 7076)
      • wndvbwgnua.exe (PID: 6532)
      • jwinqrtdww.exe (PID: 6836)
      • jwinqrtdww.exe (PID: 3640)
      • wndvbwgnua.exe (PID: 1604)
      • gnzlwknsfy.exe (PID: 5884)
      • gqnkqqzvvu.exe (PID: 4888)
      • gnzlwknsfy.exe (PID: 7152)
      • gqnkqqzvvu.exe (PID: 2808)
      • iuaxqyjfml.exe (PID: 6732)
      • iuaxqyjfml.exe (PID: 4832)
      • terabbsint.exe (PID: 2368)
      • terabbsint.exe (PID: 5600)
      • gvwbxdfyxx.exe (PID: 4804)
      • nwsyjhqdzi.exe (PID: 6756)
      • nwsyjhqdzi.exe (PID: 3908)
      • gvwbxdfyxx.exe (PID: 2792)
      • tuzmdcfova.exe (PID: 4576)
      • tuzmdcfova.exe (PID: 984)
      • idukpgquxs.exe (PID: 4708)
      • idukpgquxs.exe (PID: 3564)
      • yhedhgconq.exe (PID: 6508)
      • yhedhgconq.exe (PID: 3652)
      • dylqabjiri.exe (PID: 3900)
      • dylqabjiri.exe (PID: 5168)
      • dciguaulhm.exe (PID: 7004)
      • dciguaulhm.exe (PID: 2320)
      • tztkgmqwlc.exe (PID: 2612)
      • tztkgmqwlc.exe (PID: 5532)
      • qmycbjerak.exe (PID: 5780)
      • qmycbjerak.exe (PID: 760)
      • dwfgdmicng.exe (PID: 1944)
      • dwfgdmicng.exe (PID: 6404)
      • nvtacttjle.exe (PID: 3048)
      • nvtacttjle.exe (PID: 6876)
      • dabwxkuwdb.exe (PID: 5908)
      • dabwxkuwdb.exe (PID: 4476)
      • fkdkdbjdtt.exe (PID: 5848)
      • xnsarszkim.exe (PID: 2492)
      • fkdkdbjdtt.exe (PID: 620)
      • xnsarszkim.exe (PID: 6512)
      • dawbhbhjrs.exe (PID: 640)
      • ktxzblsfbm.exe (PID: 6524)
      • ktxzblsfbm.exe (PID: 6768)
      • dawbhbhjrs.exe (PID: 5504)
      • fwlufdgurt.exe (PID: 2280)
      • arszlrwhnm.exe (PID: 2848)
      • fwlufdgurt.exe (PID: 5124)
      • hkbxfshdwg.exe (PID: 2356)
      • hkbxfshdwg.exe (PID: 5616)
      • mfsqpzymnw.exe (PID: 1964)
      • arszlrwhnm.exe (PID: 6492)
      • mjogjxkpdr.exe (PID: 6292)
      • mjogjxkpdr.exe (PID: 6852)
      • mfsqpzymnw.exe (PID: 6128)
      • shvmlszbzk.exe (PID: 6584)
      • sayxcmmbca.exe (PID: 2460)
      • sayxcmmbca.exe (PID: 1296)
      • shvmlszbzk.exe (PID: 3780)
      • athnwoxelu.exe (PID: 2664)
      • sttyhbgjos.exe (PID: 2320)
      • sttyhbgjos.exe (PID: 4804)
      • athnwoxelu.exe (PID: 6896)
      • hqdwznxlpk.exe (PID: 5780)
      • hqdwznxlpk.exe (PID: 5628)
      • cespfpwdpm.exe (PID: 4680)
      • cespfpwdpm.exe (PID: 6200)
      • ameuhwzvge.exe (PID: 3160)
      • ameuhwzvge.exe (PID: 3628)
      • pkwaeakznn.exe (PID: 5244)
      • pkwaeakznn.exe (PID: 6508)
      • knlbbbvnxt.exe (PID: 7000)
      • zkwmevrytj.exe (PID: 4824)
      • zkwmevrytj.exe (PID: 3640)
      • knlbbbvnxt.exe (PID: 2804)
      • emofamevkp.exe (PID: 2140)
      • ebpnrxujhw.exe (PID: 6264)
      • emofamevkp.exe (PID: 2144)
      • zsswalcdkq.exe (PID: 4748)
      • ebpnrxujhw.exe (PID: 760)
      • zsswalcdkq.exe (PID: 6768)
      • hpehprubgf.exe (PID: 6492)
      • hpehprubgf.exe (PID: 3048)
      • gmykmweacm.exe (PID: 5900)
      • gmykmweacm.exe (PID: 4476)
      • cpfsjfpgms.exe (PID: 4844)
      • cpfsjfpgms.exe (PID: 5616)
      • jpolijtgyu.exe (PID: 2076)
      • wvxtxccxhn.exe (PID: 4648)
      • wvxtxccxhn.exe (PID: 6472)
      • wdhztzhbnl.exe (PID: 2064)
      • wdhztzhbnl.exe (PID: 6584)
      • jpolijtgyu.exe (PID: 6636)
      • mxpxcpxtep.exe (PID: 728)
      • biwirxgstm.exe (PID: 1720)
      • mxpxcpxtep.exe (PID: 1056)
      • wdcddyuhbu.exe (PID: 5020)
      • wdcddyuhbu.exe (PID: 4888)
      • biwirxgstm.exe (PID: 7008)
      • yoczivojzv.exe (PID: 4084)
      • yoczivojzv.exe (PID: 4372)
      • ebjcxgaamj.exe (PID: 1028)
      • ebjcxgaamj.exe (PID: 6152)
      • otoxlupdkr.exe (PID: 2716)
      • otoxlupdkr.exe (PID: 2296)
      • wxidfkayio.exe (PID: 6504)
      • wxidfkayio.exe (PID: 7052)
      • jdmcpdtlio.exe (PID: 3932)
      • jdmcpdtlio.exe (PID: 1812)
      • qhldhurbsu.exe (PID: 1964)
      • qhldhurbsu.exe (PID: 7128)
      • loopvljayf.exe (PID: 6380)
      • loopvljayf.exe (PID: 424)
      • yyeybwkufa.exe (PID: 7116)
      • vndyxmdzbm.exe (PID: 6292)
      • vndyxmdzbm.exe (PID: 3900)
      • ixsbzphcoi.exe (PID: 4808)
      • ixsbzphcoi.exe (PID: 6172)
      • yyeybwkufa.exe (PID: 4552)
      • ygomxtpzly.exe (PID: 6612)
      • ygomxtpzly.exe (PID: 6376)
      • goxgwetsxb.exe (PID: 1760)
      • tbdscgfeis.exe (PID: 4832)
      • tbdscgfeis.exe (PID: 2368)
      • jkcbomdcns.exe (PID: 760)
      • jkcbomdcns.exe (PID: 1816)
      • goxgwetsxb.exe (PID: 5232)
      • lmdomutidk.exe (PID: 4680)
      • lmdomutidk.exe (PID: 2468)
      • dbnfoynjzp.exe (PID: 5008)
      • dbnfoynjzp.exe (PID: 6620)
      • vjylsvkonn.exe (PID: 1604)
      • lvnvwgcark.exe (PID: 6492)
      • lvnvwgcark.exe (PID: 6036)
      • ffatfjauci.exe (PID: 6408)
      • vjylsvkonn.exe (PID: 5952)
      • ffatfjauci.exe (PID: 6840)
      • iinscudaui.exe (PID: 6352)
      • fgmxeenufy.exe (PID: 1932)
      • fgmxeenufy.exe (PID: 236)
      • taobgekdzw.exe (PID: 6636)
      • taobgekdzw.exe (PID: 6264)
      • iinscudaui.exe (PID: 2144)
      • prxynfetjr.exe (PID: 7140)
      • kaazppvwsx.exe (PID: 6348)
      • prxynfetjr.exe (PID: 2228)
      • iktfdtetpp.exe (PID: 6472)
      • iktfdtetpp.exe (PID: 5012)
      • kaazppvwsx.exe (PID: 6936)
      • nldyztrhfv.exe (PID: 4804)
      • nldyztrhfv.exe (PID: 4984)
      • hgslfhhuuo.exe (PID: 5476)
      • pdncnmxkst.exe (PID: 7164)
      • pdncnmxkst.exe (PID: 2076)
      • svhkdpirwy.exe (PID: 1496)
      • hgslfhhuuo.exe (PID: 3000)
      • nfllgyzcye.exe (PID: 4052)
      • nfllgyzcye.exe (PID: 5896)
      • svhkdpirwy.exe (PID: 2348)
      • krqwjnmpvt.exe (PID: 3972)
      • krqwjnmpvt.exe (PID: 2648)
      • ptkcrnfvgx.exe (PID: 5716)
      • pntkfjbqvc.exe (PID: 4320)
      • pntkfjbqvc.exe (PID: 6896)
      • ptkcrnfvgx.exe (PID: 3720)
      • pfenedoqzs.exe (PID: 2664)
      • hugegyardp.exe (PID: 2460)
      • pfenedoqzs.exe (PID: 2792)
      • hcozdjsngg.exe (PID: 4236)
      • hcozdjsngg.exe (PID: 2952)
      • hugegyardp.exe (PID: 3640)
      • hzoxzzytwj.exe (PID: 2072)
      • hzoxzzytwj.exe (PID: 2532)
      • cyrbzlitjx.exe (PID: 4552)
      • cuvcfmwytc.exe (PID: 3888)
      • cuvcfmwytc.exe (PID: 1328)
      • cyrbzlitjx.exe (PID: 2140)
      • ebromibvzz.exe (PID: 2132)
      • ebromibvzz.exe (PID: 1816)
      • jonhczjmie.exe (PID: 4892)
      • hefsuabtmx.exe (PID: 7120)
      • hefsuabtmx.exe (PID: 472)
      • jonhczjmie.exe (PID: 1652)
      • hfstzowcyx.exe (PID: 6704)
      • oirvrftrie.exe (PID: 6868)
      • oirvrftrie.exe (PID: 6532)
      • hmswerogbo.exe (PID: 5952)
      • hmswerogbo.exe (PID: 4832)
      • hfstzowcyx.exe (PID: 6036)
      • wyavfzdxsj.exe (PID: 1828)
      • bpolhvgvcx.exe (PID: 5116)
      • wyavfzdxsj.exe (PID: 6512)
      • bpolhvgvcx.exe (PID: 1132)
      • lpdtqosvgm.exe (PID: 5284)
      • lpdtqosvgm.exe (PID: 7056)
      • rywhebbkdw.exe (PID: 2728)
      • gohkhnpehn.exe (PID: 4932)
      • rghnayzpqv.exe (PID: 4664)
      • rywhebbkdw.exe (PID: 3852)
      • gohkhnpehn.exe (PID: 3948)
      • rghnayzpqv.exe (PID: 7000)
      • tjibyoowgm.exe (PID: 4920)
      • gwcorecjve.exe (PID: 5960)
      • tjibyoowgm.exe (PID: 5848)
      • gwcorecjve.exe (PID: 3672)
      • lgtqkvkhja.exe (PID: 3884)
      • lgtqkvkhja.exe (PID: 5620)
      • rwrxtfxiyk.exe (PID: 3644)
      • rwrxtfxiyk.exe (PID: 4968)
      • dvdgmreinf.exe (PID: 3460)
      • ybwumwoqdy.exe (PID: 2160)
      • dvdgmreinf.exe (PID: 724)
      • jbluwobqgm.exe (PID: 5240)
      • jbluwobqgm.exe (PID: 1580)
      • ybwumwoqdy.exe (PID: 7052)
      • lpziijcrlh.exe (PID: 6348)
      • tlllfwmphw.exe (PID: 7104)
      • tlllfwmphw.exe (PID: 3788)
      • lpziijcrlh.exe (PID: 5768)
      • gvbuviuijs.exe (PID: 4828)
      • gvbuviuijs.exe (PID: 5140)
      • vakiqzuvjq.exe (PID: 1192)
      • bbuhvnmqgl.exe (PID: 432)
      • bbuhvnmqgl.exe (PID: 4192)

    • Reads the computer name

      • 2025-06-21_be08828d68ccf7d54a2dc9ca7dfbe78a_amadey_elex_smoke-loader_stop.exe (PID: 5644)
      • uixnhbfter.exe (PID: 5884)
      • rjhsderuro.exe (PID: 2492)
      • uazlnnntmj.exe (PID: 5424)
      • uazlnnntmj.exe (PID: 5168)
      • bqwitkcdoj.exe (PID: 2228)
      • 2025-06-21_be08828d68ccf7d54a2dc9ca7dfbe78a_amadey_elex_smoke-loader_stop.exe (PID: 1560)
      • uixnhbfter.exe (PID: 2952)
      • rjhsderuro.exe (PID: 864)
      • whnndnwxhv.exe (PID: 4844)
      • whnndnwxhv.exe (PID: 1332)
      • bxtokbfziq.exe (PID: 6380)
      • bxtokbfziq.exe (PID: 6356)
      • mftdqqxwzv.exe (PID: 6180)
      • bqwitkcdoj.exe (PID: 3608)
      • rknhexrhjn.exe (PID: 5904)
      • bzanfypvoa.exe (PID: 5532)
      • rknhexrhjn.exe (PID: 5908)
      • rgmbxpqckz.exe (PID: 4012)
      • mftdqqxwzv.exe (PID: 620)
      • yautgreoru.exe (PID: 4084)
      • bzanfypvoa.exe (PID: 6408)
      • rgmbxpqckz.exe (PID: 4104)
      • yplejheunr.exe (PID: 4760)
      • yautgreoru.exe (PID: 2280)
      • ylfhgmwsig.exe (PID: 6868)
      • wndvbwgnua.exe (PID: 6532)
      • ylfhgmwsig.exe (PID: 7076)
      • jwinqrtdww.exe (PID: 3640)
      • yplejheunr.exe (PID: 6304)
      • wndvbwgnua.exe (PID: 1604)
      • jwinqrtdww.exe (PID: 6836)
      • gqnkqqzvvu.exe (PID: 4888)
      • gnzlwknsfy.exe (PID: 5884)
      • iuaxqyjfml.exe (PID: 4832)
      • gnzlwknsfy.exe (PID: 7152)
      • gqnkqqzvvu.exe (PID: 2808)
      • iuaxqyjfml.exe (PID: 6732)
      • gvwbxdfyxx.exe (PID: 2792)
      • terabbsint.exe (PID: 2368)
      • nwsyjhqdzi.exe (PID: 3908)
      • gvwbxdfyxx.exe (PID: 4804)
      • tuzmdcfova.exe (PID: 984)
      • nwsyjhqdzi.exe (PID: 6756)
      • terabbsint.exe (PID: 5600)
      • idukpgquxs.exe (PID: 3564)
      • tuzmdcfova.exe (PID: 4576)
      • yhedhgconq.exe (PID: 3652)
      • idukpgquxs.exe (PID: 4708)
      • dylqabjiri.exe (PID: 5168)
      • dciguaulhm.exe (PID: 2320)
      • yhedhgconq.exe (PID: 6508)
      • dylqabjiri.exe (PID: 3900)
      • dciguaulhm.exe (PID: 7004)
      • qmycbjerak.exe (PID: 5780)
      • tztkgmqwlc.exe (PID: 5532)
      • nvtacttjle.exe (PID: 6876)
      • qmycbjerak.exe (PID: 760)
      • dwfgdmicng.exe (PID: 6404)
      • tztkgmqwlc.exe (PID: 2612)
      • dabwxkuwdb.exe (PID: 5908)
      • dwfgdmicng.exe (PID: 1944)
      • nvtacttjle.exe (PID: 3048)
      • dabwxkuwdb.exe (PID: 4476)
      • xnsarszkim.exe (PID: 2492)
      • fkdkdbjdtt.exe (PID: 620)
      • xnsarszkim.exe (PID: 6512)
      • fkdkdbjdtt.exe (PID: 5848)
      • dawbhbhjrs.exe (PID: 640)
      • ktxzblsfbm.exe (PID: 6768)
      • fwlufdgurt.exe (PID: 2280)
      • ktxzblsfbm.exe (PID: 6524)
      • dawbhbhjrs.exe (PID: 5504)
      • fwlufdgurt.exe (PID: 5124)
      • arszlrwhnm.exe (PID: 6492)
      • hkbxfshdwg.exe (PID: 5616)
      • hkbxfshdwg.exe (PID: 2356)
      • mjogjxkpdr.exe (PID: 6852)
      • arszlrwhnm.exe (PID: 2848)
      • mfsqpzymnw.exe (PID: 6128)
      • mfsqpzymnw.exe (PID: 1964)
      • mjogjxkpdr.exe (PID: 6292)
      • sayxcmmbca.exe (PID: 1296)
      • shvmlszbzk.exe (PID: 6584)
      • shvmlszbzk.exe (PID: 3780)
      • athnwoxelu.exe (PID: 6896)
      • athnwoxelu.exe (PID: 2664)
      • sayxcmmbca.exe (PID: 2460)
      • sttyhbgjos.exe (PID: 4804)
      • hqdwznxlpk.exe (PID: 5628)
      • sttyhbgjos.exe (PID: 2320)
      • hqdwznxlpk.exe (PID: 5780)
      • ameuhwzvge.exe (PID: 3628)
      • ameuhwzvge.exe (PID: 3160)
      • pkwaeakznn.exe (PID: 6508)
      • cespfpwdpm.exe (PID: 6200)
      • pkwaeakznn.exe (PID: 5244)
      • cespfpwdpm.exe (PID: 4680)
      • knlbbbvnxt.exe (PID: 2804)
      • emofamevkp.exe (PID: 2140)
      • zkwmevrytj.exe (PID: 3640)
      • knlbbbvnxt.exe (PID: 7000)
      • zsswalcdkq.exe (PID: 4748)
      • emofamevkp.exe (PID: 2144)
      • zkwmevrytj.exe (PID: 4824)
      • ebpnrxujhw.exe (PID: 760)
      • hpehprubgf.exe (PID: 6492)
      • zsswalcdkq.exe (PID: 6768)
      • ebpnrxujhw.exe (PID: 6264)
      • hpehprubgf.exe (PID: 3048)
      • gmykmweacm.exe (PID: 4476)
      • cpfsjfpgms.exe (PID: 4844)
      • wvxtxccxhn.exe (PID: 6472)
      • gmykmweacm.exe (PID: 5900)
      • wvxtxccxhn.exe (PID: 4648)
      • wdhztzhbnl.exe (PID: 6584)
      • cpfsjfpgms.exe (PID: 5616)
      • jpolijtgyu.exe (PID: 6636)
      • mxpxcpxtep.exe (PID: 728)
      • jpolijtgyu.exe (PID: 2076)
      • mxpxcpxtep.exe (PID: 1056)
      • wdcddyuhbu.exe (PID: 4888)
      • wdhztzhbnl.exe (PID: 2064)
      • biwirxgstm.exe (PID: 7008)
      • yoczivojzv.exe (PID: 4084)
      • biwirxgstm.exe (PID: 1720)
      • yoczivojzv.exe (PID: 4372)
      • wdcddyuhbu.exe (PID: 5020)
      • otoxlupdkr.exe (PID: 2296)
      • otoxlupdkr.exe (PID: 2716)
      • wxidfkayio.exe (PID: 7052)
      • ebjcxgaamj.exe (PID: 6152)
      • wxidfkayio.exe (PID: 6504)
      • ebjcxgaamj.exe (PID: 1028)
      • qhldhurbsu.exe (PID: 7128)
      • qhldhurbsu.exe (PID: 1964)
      • loopvljayf.exe (PID: 6380)
      • jdmcpdtlio.exe (PID: 1812)
      • jdmcpdtlio.exe (PID: 3932)
      • vndyxmdzbm.exe (PID: 3900)
      • loopvljayf.exe (PID: 424)
      • yyeybwkufa.exe (PID: 4552)
      • vndyxmdzbm.exe (PID: 6292)
      • ygomxtpzly.exe (PID: 6376)
      • ixsbzphcoi.exe (PID: 6172)
      • yyeybwkufa.exe (PID: 7116)
      • ixsbzphcoi.exe (PID: 4808)
      • tbdscgfeis.exe (PID: 2368)
      • ygomxtpzly.exe (PID: 6612)
      • goxgwetsxb.exe (PID: 5232)
      • tbdscgfeis.exe (PID: 4832)
      • lmdomutidk.exe (PID: 4680)
      • jkcbomdcns.exe (PID: 1816)
      • goxgwetsxb.exe (PID: 1760)
      • jkcbomdcns.exe (PID: 760)
      • dbnfoynjzp.exe (PID: 6620)
      • lmdomutidk.exe (PID: 2468)
      • lvnvwgcark.exe (PID: 6036)
      • lvnvwgcark.exe (PID: 6492)
      • ffatfjauci.exe (PID: 6408)
      • dbnfoynjzp.exe (PID: 5008)
      • vjylsvkonn.exe (PID: 5952)
      • fgmxeenufy.exe (PID: 236)
      • ffatfjauci.exe (PID: 6840)
      • vjylsvkonn.exe (PID: 1604)
      • fgmxeenufy.exe (PID: 1932)
      • taobgekdzw.exe (PID: 6264)
      • iinscudaui.exe (PID: 2144)
      • iinscudaui.exe (PID: 6352)
      • prxynfetjr.exe (PID: 7140)
      • iktfdtetpp.exe (PID: 5012)
      • taobgekdzw.exe (PID: 6636)
      • kaazppvwsx.exe (PID: 6936)
      • prxynfetjr.exe (PID: 2228)
      • nldyztrhfv.exe (PID: 4804)
      • iktfdtetpp.exe (PID: 6472)
      • kaazppvwsx.exe (PID: 6348)
      • pdncnmxkst.exe (PID: 2076)
      • hgslfhhuuo.exe (PID: 3000)
      • nldyztrhfv.exe (PID: 4984)
      • pdncnmxkst.exe (PID: 7164)
      • nfllgyzcye.exe (PID: 5896)
      • hgslfhhuuo.exe (PID: 5476)
      • svhkdpirwy.exe (PID: 2348)
      • svhkdpirwy.exe (PID: 1496)
      • krqwjnmpvt.exe (PID: 2648)
      • ptkcrnfvgx.exe (PID: 5716)
      • krqwjnmpvt.exe (PID: 3972)
      • nfllgyzcye.exe (PID: 4052)
      • ptkcrnfvgx.exe (PID: 3720)
      • pfenedoqzs.exe (PID: 2664)
      • pntkfjbqvc.exe (PID: 6896)
      • pfenedoqzs.exe (PID: 2792)
      • pntkfjbqvc.exe (PID: 4320)
      • hugegyardp.exe (PID: 3640)
      • hugegyardp.exe (PID: 2460)
      • hzoxzzytwj.exe (PID: 2072)
      • hcozdjsngg.exe (PID: 2952)
      • cuvcfmwytc.exe (PID: 1328)
      • hzoxzzytwj.exe (PID: 2532)
      • hcozdjsngg.exe (PID: 4236)
      • cuvcfmwytc.exe (PID: 3888)
      • ebromibvzz.exe (PID: 2132)
      • cyrbzlitjx.exe (PID: 2140)
      • cyrbzlitjx.exe (PID: 4552)
      • jonhczjmie.exe (PID: 1652)
      • ebromibvzz.exe (PID: 1816)
      • hefsuabtmx.exe (PID: 472)
      • jonhczjmie.exe (PID: 4892)
      • hefsuabtmx.exe (PID: 7120)
      • oirvrftrie.exe (PID: 6532)
      • hmswerogbo.exe (PID: 4832)
      • oirvrftrie.exe (PID: 6868)
      • hfstzowcyx.exe (PID: 6704)
      • hfstzowcyx.exe (PID: 6036)
      • wyavfzdxsj.exe (PID: 1828)
      • bpolhvgvcx.exe (PID: 5116)
      • hmswerogbo.exe (PID: 5952)
      • wyavfzdxsj.exe (PID: 6512)
      • lpdtqosvgm.exe (PID: 7056)
      • bpolhvgvcx.exe (PID: 1132)
      • rywhebbkdw.exe (PID: 3852)
      • gohkhnpehn.exe (PID: 4932)
      • lpdtqosvgm.exe (PID: 5284)
      • gohkhnpehn.exe (PID: 3948)
      • tjibyoowgm.exe (PID: 5848)
      • rywhebbkdw.exe (PID: 2728)
      • rghnayzpqv.exe (PID: 7000)
      • rghnayzpqv.exe (PID: 4664)
      • gwcorecjve.exe (PID: 5960)
      • tjibyoowgm.exe (PID: 4920)
      • rwrxtfxiyk.exe (PID: 4968)
      • gwcorecjve.exe (PID: 3672)
      • dvdgmreinf.exe (PID: 3460)
      • lgtqkvkhja.exe (PID: 5620)
      • rwrxtfxiyk.exe (PID: 3644)
      • dvdgmreinf.exe (PID: 724)
      • lgtqkvkhja.exe (PID: 3884)
      • ybwumwoqdy.exe (PID: 7052)
      • jbluwobqgm.exe (PID: 1580)
      • lpziijcrlh.exe (PID: 6348)
      • ybwumwoqdy.exe (PID: 2160)
      • gvbuviuijs.exe (PID: 5140)
      • lpziijcrlh.exe (PID: 5768)
      • jbluwobqgm.exe (PID: 5240)
      • tlllfwmphw.exe (PID: 3788)
      • bbuhvnmqgl.exe (PID: 4192)
      • tlllfwmphw.exe (PID: 7104)

    • Reads the software policy settings

      • slui.exe (PID: 2520)

    • Checks proxy server information

      • slui.exe (PID: 2520)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (64.4)
.dll | Win32 Dynamic Link Library (generic) (13.5)
.exe | Win32 Executable (generic) (9.3)
.exe | Win16/32 Executable Delphi generic (4.2)
.exe | Generic Win/DOS Executable (4.1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:07:15 17:54:42+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 1421312
InitializedDataSize: 536576
UninitializedDataSize: -
EntryPoint: 0x87f838
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: Unicode
FileVersion: 1.0.0.0
FileDescription: 固定打怪,新手村任务,门派任务
ProductName: 千年3_新手任务
ProductVersion: 1.0.0.0
CompanyName: QQ:6365272
LegalCopyright: QQ:6365272
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
387
Monitored processes
253
Malicious processes
28
Suspicious processes
81

Behavior graph

Click at the process to see the details
start 2025-06-21_be08828d68ccf7d54a2dc9ca7dfbe78a_amadey_elex_smoke-loader_stop.exe 2025-06-21_be08828d68ccf7d54a2dc9ca7dfbe78a_amadey_elex_smoke-loader_stop.exe uixnhbfter.exe no specs uixnhbfter.exe rjhsderuro.exe no specs rjhsderuro.exe uazlnnntmj.exe no specs uazlnnntmj.exe whnndnwxhv.exe no specs whnndnwxhv.exe bqwitkcdoj.exe no specs bqwitkcdoj.exe bxtokbfziq.exe no specs bxtokbfziq.exe rknhexrhjn.exe no specs rknhexrhjn.exe mftdqqxwzv.exe no specs mftdqqxwzv.exe bzanfypvoa.exe no specs bzanfypvoa.exe rgmbxpqckz.exe no specs rgmbxpqckz.exe yautgreoru.exe no specs yautgreoru.exe yplejheunr.exe no specs yplejheunr.exe ylfhgmwsig.exe no specs ylfhgmwsig.exe wndvbwgnua.exe no specs wndvbwgnua.exe jwinqrtdww.exe no specs jwinqrtdww.exe gnzlwknsfy.exe no specs gnzlwknsfy.exe gqnkqqzvvu.exe no specs gqnkqqzvvu.exe iuaxqyjfml.exe no specs iuaxqyjfml.exe terabbsint.exe no specs terabbsint.exe gvwbxdfyxx.exe no specs gvwbxdfyxx.exe nwsyjhqdzi.exe no specs nwsyjhqdzi.exe tuzmdcfova.exe no specs tuzmdcfova.exe idukpgquxs.exe no specs idukpgquxs.exe yhedhgconq.exe no specs yhedhgconq.exe dylqabjiri.exe no specs dylqabjiri.exe dciguaulhm.exe no specs dciguaulhm.exe tztkgmqwlc.exe no specs tztkgmqwlc.exe qmycbjerak.exe no specs qmycbjerak.exe nvtacttjle.exe no specs nvtacttjle.exe dwfgdmicng.exe no specs dwfgdmicng.exe dabwxkuwdb.exe no specs dabwxkuwdb.exe fkdkdbjdtt.exe no specs fkdkdbjdtt.exe xnsarszkim.exe no specs xnsarszkim.exe dawbhbhjrs.exe no specs dawbhbhjrs.exe ktxzblsfbm.exe no specs ktxzblsfbm.exe fwlufdgurt.exe no specs fwlufdgurt.exe arszlrwhnm.exe no specs arszlrwhnm.exe hkbxfshdwg.exe no specs hkbxfshdwg.exe mfsqpzymnw.exe no specs mfsqpzymnw.exe mjogjxkpdr.exe no specs mjogjxkpdr.exe shvmlszbzk.exe no specs shvmlszbzk.exe sayxcmmbca.exe no specs sayxcmmbca.exe athnwoxelu.exe no specs athnwoxelu.exe sttyhbgjos.exe no specs slui.exe sttyhbgjos.exe hqdwznxlpk.exe no specs hqdwznxlpk.exe ameuhwzvge.exe no specs ameuhwzvge.exe cespfpwdpm.exe no specs cespfpwdpm.exe pkwaeakznn.exe no specs pkwaeakznn.exe knlbbbvnxt.exe no specs knlbbbvnxt.exe zkwmevrytj.exe no specs zkwmevrytj.exe emofamevkp.exe no specs emofamevkp.exe ebpnrxujhw.exe no specs ebpnrxujhw.exe zsswalcdkq.exe no specs zsswalcdkq.exe hpehprubgf.exe no specs hpehprubgf.exe gmykmweacm.exe no specs gmykmweacm.exe cpfsjfpgms.exe no specs cpfsjfpgms.exe wvxtxccxhn.exe no specs wvxtxccxhn.exe jpolijtgyu.exe no specs jpolijtgyu.exe wdhztzhbnl.exe no specs wdhztzhbnl.exe mxpxcpxtep.exe no specs mxpxcpxtep.exe biwirxgstm.exe no specs biwirxgstm.exe wdcddyuhbu.exe no specs wdcddyuhbu.exe yoczivojzv.exe no specs yoczivojzv.exe otoxlupdkr.exe no specs otoxlupdkr.exe ebjcxgaamj.exe no specs ebjcxgaamj.exe wxidfkayio.exe no specs wxidfkayio.exe qhldhurbsu.exe no specs qhldhurbsu.exe jdmcpdtlio.exe no specs jdmcpdtlio.exe loopvljayf.exe no specs loopvljayf.exe vndyxmdzbm.exe no specs vndyxmdzbm.exe yyeybwkufa.exe no specs yyeybwkufa.exe ixsbzphcoi.exe no specs ixsbzphcoi.exe ygomxtpzly.exe no specs ygomxtpzly.exe tbdscgfeis.exe no specs tbdscgfeis.exe goxgwetsxb.exe no specs goxgwetsxb.exe jkcbomdcns.exe no specs jkcbomdcns.exe lmdomutidk.exe no specs lmdomutidk.exe dbnfoynjzp.exe no specs dbnfoynjzp.exe lvnvwgcark.exe no specs lvnvwgcark.exe vjylsvkonn.exe no specs vjylsvkonn.exe ffatfjauci.exe no specs ffatfjauci.exe fgmxeenufy.exe no specs fgmxeenufy.exe iinscudaui.exe no specs iinscudaui.exe taobgekdzw.exe no specs taobgekdzw.exe prxynfetjr.exe no specs prxynfetjr.exe kaazppvwsx.exe no specs kaazppvwsx.exe iktfdtetpp.exe no specs iktfdtetpp.exe nldyztrhfv.exe no specs nldyztrhfv.exe hgslfhhuuo.exe no specs hgslfhhuuo.exe pdncnmxkst.exe no specs pdncnmxkst.exe svhkdpirwy.exe no specs svhkdpirwy.exe nfllgyzcye.exe no specs nfllgyzcye.exe krqwjnmpvt.exe no specs krqwjnmpvt.exe ptkcrnfvgx.exe no specs ptkcrnfvgx.exe pntkfjbqvc.exe no specs pntkfjbqvc.exe pfenedoqzs.exe no specs pfenedoqzs.exe hugegyardp.exe no specs hugegyardp.exe hcozdjsngg.exe no specs hcozdjsngg.exe hzoxzzytwj.exe no specs hzoxzzytwj.exe cuvcfmwytc.exe no specs cuvcfmwytc.exe cyrbzlitjx.exe no specs cyrbzlitjx.exe ebromibvzz.exe no specs ebromibvzz.exe jonhczjmie.exe no specs jonhczjmie.exe hefsuabtmx.exe no specs hefsuabtmx.exe oirvrftrie.exe no specs oirvrftrie.exe hfstzowcyx.exe no specs hfstzowcyx.exe hmswerogbo.exe no specs hmswerogbo.exe wyavfzdxsj.exe no specs wyavfzdxsj.exe bpolhvgvcx.exe no specs bpolhvgvcx.exe lpdtqosvgm.exe no specs lpdtqosvgm.exe rywhebbkdw.exe no specs rywhebbkdw.exe gohkhnpehn.exe no specs gohkhnpehn.exe rghnayzpqv.exe no specs rghnayzpqv.exe tjibyoowgm.exe no specs tjibyoowgm.exe gwcorecjve.exe no specs gwcorecjve.exe rwrxtfxiyk.exe no specs rwrxtfxiyk.exe lgtqkvkhja.exe no specs lgtqkvkhja.exe dvdgmreinf.exe no specs dvdgmreinf.exe ybwumwoqdy.exe no specs ybwumwoqdy.exe jbluwobqgm.exe no specs jbluwobqgm.exe lpziijcrlh.exe no specs lpziijcrlh.exe tlllfwmphw.exe no specs tlllfwmphw.exe gvbuviuijs.exe no specs gvbuviuijs.exe bbuhvnmqgl.exe no specs bbuhvnmqgl.exe vakiqzuvjq.exe no specs 2025-06-21_be08828d68ccf7d54a2dc9ca7dfbe78a_amadey_elex_smoke-loader_stop.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
236C:\Users\admin\Desktop\fgmxeenufy.exe update iinscudaui.exeC:\Users\admin\Desktop\fgmxeenufy.exe
fgmxeenufy.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\fgmxeenufy.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
424C:\Users\admin\Desktop\loopvljayf.exeC:\Users\admin\Desktop\loopvljayf.exejdmcpdtlio.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\loopvljayf.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
432C:\Users\admin\Desktop\bbuhvnmqgl.exeC:\Users\admin\Desktop\bbuhvnmqgl.exegvbuviuijs.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\bbuhvnmqgl.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
472C:\Users\admin\Desktop\hefsuabtmx.exe update oirvrftrie.exeC:\Users\admin\Desktop\hefsuabtmx.exe
hefsuabtmx.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\hefsuabtmx.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
620C:\Users\admin\Desktop\mftdqqxwzv.exeC:\Users\admin\Desktop\mftdqqxwzv.exerknhexrhjn.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\mftdqqxwzv.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
620C:\Users\admin\Desktop\fkdkdbjdtt.exe update xnsarszkim.exeC:\Users\admin\Desktop\fkdkdbjdtt.exe
fkdkdbjdtt.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\fkdkdbjdtt.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
640C:\Users\admin\Desktop\dawbhbhjrs.exe update ktxzblsfbm.exeC:\Users\admin\Desktop\dawbhbhjrs.exe
dawbhbhjrs.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\dawbhbhjrs.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
724C:\Users\admin\Desktop\dvdgmreinf.exeC:\Users\admin\Desktop\dvdgmreinf.exelgtqkvkhja.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\dvdgmreinf.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
728C:\Users\admin\Desktop\mxpxcpxtep.exe update biwirxgstm.exeC:\Users\admin\Desktop\mxpxcpxtep.exe
mxpxcpxtep.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\mxpxcpxtep.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
760C:\Users\admin\Desktop\qmycbjerak.exeC:\Users\admin\Desktop\qmycbjerak.exetztkgmqwlc.exe
User:
admin
Company:
QQ:6365272
Integrity Level:
HIGH
Description:
固定打怪,新手村任务,门派任务
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\qmycbjerak.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
47 125
Read events
47 125
Write events
0
Delete events
0

Modification events

No data
Executable files
126
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
56442025-06-21_be08828d68ccf7d54a2dc9ca7dfbe78a_amadey_elex_smoke-loader_stop.exeC:\Users\admin\Desktop\uixnhbfter.exeexecutable
MD5:318F54DE258AEA4189FCFE4EE94E9138
SHA256:A6B64D588F3E41E6ADF8AC1D9DB70551B2D86AE547B44099CCF3C57478A5B15A
2492rjhsderuro.exeC:\Users\admin\Desktop\uazlnnntmj.exeexecutable
MD5:3B6BE2220BD2E587855BCBE91EA4BB86
SHA256:C41F4DA6497C4BFB10C4E8B84878446682168FE42CB7C022AD9942E53FB4DF76
6380bxtokbfziq.exeC:\Users\admin\Desktop\rknhexrhjn.exeexecutable
MD5:22EB0DEFB484FC8BF5CC0935543A0834
SHA256:D1F0AC860F9D909D84DF0E929B2B587DC6E9B9A707E822380D9ECF2594088981
2228bqwitkcdoj.exeC:\Users\admin\Desktop\bxtokbfziq.exeexecutable
MD5:BB87F91E8230D37FFBA27B24A0B84C75
SHA256:5FCBC88B0C8DCAF60557C9EABDD6B36F809238E28BDA99270F33E27234FC8462
5424uazlnnntmj.exeC:\Users\admin\Desktop\whnndnwxhv.exeexecutable
MD5:9BCE8EC9AB34E0632D31623B93528E7E
SHA256:E1365EF41816701EDC326C914B4AF5E4D50EDF5CD42F73AF6744568E43706549
5884uixnhbfter.exeC:\Users\admin\Desktop\rjhsderuro.exeexecutable
MD5:851C74E17170486251693AFA5DC7D08A
SHA256:4153EDC78F59CB1365077C304BA8E5C5137E212FE3EC2C496FC90A6E8EAC2EEF
4844whnndnwxhv.exeC:\Users\admin\Desktop\bqwitkcdoj.exeexecutable
MD5:734FF47BFD5F841D4CB5B52F943E0ADE
SHA256:9E55F56DEAA006848E3539B80BC8E6C19F246FA236093359EE6D3D8CB6F8E4AF
15602025-06-21_be08828d68ccf7d54a2dc9ca7dfbe78a_amadey_elex_smoke-loader_stop.exeC:\Users\admin\Desktop\update.exeexecutable
MD5:2C84E1961C653525CAEE0FFC5B8AFA6C
SHA256:6506DADD8B1ACAFA30EABE2947EBD981E6DE7ACD00962B8337BE9341E4D4921E
6180mftdqqxwzv.exeC:\Users\admin\Desktop\bzanfypvoa.exeexecutable
MD5:A4AA8050091BBA0DBD76023F1092E0A7
SHA256:9C6CD291566A39C5A4F96C14F6AC428F9F3A058C6D66C51D54BBE62801641960
5532bzanfypvoa.exeC:\Users\admin\Desktop\rgmbxpqckz.exeexecutable
MD5:1FFF0163223E607CB4B400FCBB25A799
SHA256:4527C2A39D40CC2CDC25E0312667251EFA6983C790DAFB76539F02C81AAE8E3C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
31
TCP/UDP connections
44
DNS requests
21
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
2.19.11.105:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
2.19.11.105:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1644
RUXIMICS.exe
GET
200
2.19.11.105:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
200
40.126.32.136:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
POST
200
40.126.32.74:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
POST
200
40.126.32.74:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
16.7 Kb
whitelisted
POST
200
20.190.160.17:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
POST
200
20.190.160.130:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1268
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1644
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
2.19.11.105:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
5944
MoUsoCoreWorker.exe
2.19.11.105:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
1644
RUXIMICS.exe
2.19.11.105:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
3676
svchost.exe
20.190.160.5:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2336
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
  • 4.231.128.59
whitelisted
google.com
  • 142.250.186.78
whitelisted
crl.microsoft.com
  • 2.19.11.105
  • 2.19.11.120
  • 184.24.77.37
  • 184.24.77.12
  • 184.24.77.6
  • 184.24.77.35
whitelisted
login.live.com
  • 20.190.160.5
  • 20.190.160.132
  • 20.190.160.64
  • 20.190.160.67
  • 40.126.32.74
  • 20.190.160.20
  • 40.126.32.76
  • 40.126.32.133
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
www.microsoft.com
  • 95.101.149.131
  • 184.30.21.171
whitelisted
nexusrules.officeapps.live.com
  • 52.111.236.22
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 40.69.42.241
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
  • 20.83.72.98
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-06-21_be08828d68ccf7d54a2dc9ca7dfbe78a_amadey_elex_smoke-loader_stop