In late 2024, a new variant of the SLOW#TEMPEST malware campaign was discovered, employing sophisticated obfuscation techniques. The malware is distributed as an ISO file containing multiple files, including a malicious loader DLL and a payload embedded in another DLL. The loader uses DLL side-loading and advanced anti-analysis methods such as Control Flow Graph (CFG) obfuscation with dynamic jumps and obfuscated function calls. These techniques make static and dynamic analysis challenging, hindering the creation of effective detection rules. The article details the process of de-obfuscating the code using emulation and patching techniques, revealing the malware's core functionality, including an anti-sandbox check based on system memory.