File name:

2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader

Full analysis: https://app.any.run/tasks/44c45c24-fd96-4384-ae77-e6c11ddb9144
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Malware Trends Tracker     >>>
Analysis date: May 18, 2025, 20:38:30
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
ransomware
birele
neconyd
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections
MD5:

A72D8DE78B35A6C5526E583EE50D0577

SHA1:

2FA7D2E3ABF6D67FE78A387D356533EA67F09F98

SHA256:

13208CA81110922DC4151D6E82EBCDAB51B4D51307F7616900A24FA58008BF6E

SSDEEP:

3072:5R65qaR6CRp/5y03CwJ3/HxMqMdA33M5tC1isyPFCALzv4mlkVVXV9daR:5mqaRRRZ/MnA3cQYFCOzv3AVXVa

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Connects to the CnC server

      • omsecor.exe (PID: 7808)
      • omsecor.exe (PID: 2392)

    • BIRELE has been detected (SURICATA)

      • omsecor.exe (PID: 7808)
      • omsecor.exe (PID: 2392)

    • Neconyd has been detected

      • omsecor.exe (PID: 2392)
      • omsecor.exe (PID: 7808)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • 2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7708)

    • Application launched itself

      • 2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7688)
      • omsecor.exe (PID: 7736)
      • omsecor.exe (PID: 1116)
      • omsecor.exe (PID: 7808)

    • Executes application which crashes

      • omsecor.exe (PID: 7736)
      • 2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7688)
      • omsecor.exe (PID: 1116)

    • Reads security settings of Internet Explorer

      • omsecor.exe (PID: 7808)
      • omsecor.exe (PID: 2392)

    • Contacting a server suspected of hosting an CnC

      • omsecor.exe (PID: 7808)
      • omsecor.exe (PID: 2392)

  • INFO

    • Checks supported languages

      • omsecor.exe (PID: 7808)
      • 2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7708)
      • omsecor.exe (PID: 7736)
      • 2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7688)
      • omsecor.exe (PID: 2392)
      • omsecor.exe (PID: 1116)

    • Creates files or folders in the user directory

      • 2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7708)
      • WerFault.exe (PID: 7896)
      • WerFault.exe (PID: 7912)
      • WerFault.exe (PID: 5204)

    • The sample compiled with english language support

      • 2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7688)

    • Reads the computer name

      • omsecor.exe (PID: 7808)
      • omsecor.exe (PID: 2392)

    • Checks proxy server information

      • omsecor.exe (PID: 7808)
      • omsecor.exe (PID: 2392)
      • slui.exe (PID: 4180)

    • Failed to create an executable file in Windows directory

      • omsecor.exe (PID: 7808)
      • omsecor.exe (PID: 2392)

    • Reads the software policy settings

      • slui.exe (PID: 4180)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:11:23 10:48:23+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit, No debug
PEType: PE32
LinkerVersion: 8
CodeSize: 28672
InitializedDataSize: 98304
UninitializedDataSize: -
EntryPoint: 0x18b6
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1
ProductVersionNumber: 2.1.0.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Comments
FileVersion: 0, 1, 2, 0
InternalName: CompanyName
LegalCopyright: LegalTrademarks
OriginalFileName: Build private
ProductName: Movie name
ProductVersion: 0, 0, 0, 0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
137
Monitored processes
11
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe 2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe omsecor.exe #BIRELE omsecor.exe werfault.exe no specs werfault.exe no specs slui.exe omsecor.exe #BIRELE omsecor.exe werfault.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
1116C:\Users\admin\AppData\Roaming\omsecor.exe /nomoveC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2392C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
4180C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5204C:\WINDOWS\SysWOW64\WerFault.exe -u -p 1116 -s 340C:\Windows\SysWOW64\WerFault.exeomsecor.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
7688"C:\Users\admin\Desktop\2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe" C:\Users\admin\Desktop\2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\desktop\2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7708C:\Users\admin\Desktop\2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exeC:\Users\admin\Desktop\2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe
2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
0
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\desktop\2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
7736C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7808C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
0
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
7896C:\WINDOWS\SysWOW64\WerFault.exe -u -p 7736 -s 340C:\Windows\SysWOW64\WerFault.exeomsecor.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
Total events
9 217
Read events
9 211
Write events
6
Delete events
0

Modification events

(PID) Process:(7808) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7808) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7808) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2392) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2392) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2392) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
1
Suspicious files
9
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
7896WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_7f7829c4e9b6204098ca734d5391b0bc91d249dc_d5be643a_80c48d02-eac5-4adb-aab1-d364af1f4610\Report.wer
MD5:
SHA256:
7912WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_2025-05-18_a72d8_5860968f686726cf9eb0eccd725a805119f528b_c79bb6df_45e8bcb8-5f46-436b-8e4f-8459ef65914b\Report.wer
MD5:
SHA256:
5204WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_7f7829c4e9b6204098ca734d5391b0bc91d249dc_d5be643a_47461a5a-afe4-4380-b9bb-b676eacbccbf\Report.wer
MD5:
SHA256:
7896WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC324.tmp.WERInternalMetadata.xmlbinary
MD5:5C8BF093C809449794EE185B0DE6D143
SHA256:86E5F8CA05B55F4A43A273C156D3ABC24AC7A84D069A2E4920B2B24F1EA3B4CB
7896WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC373.tmp.xmlxml
MD5:9927DF52787E5EED3437C5FCC881B36B
SHA256:56B91C1B6CDB9E5AF4AB5985688553A898D314BCD3CC805D16298BEEA6E2BB9B
7912WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC333.tmp.WERInternalMetadata.xmlbinary
MD5:B23647EB1B9073F1CAA76FD028D4BBC1
SHA256:10B430FA2754B528AE8C12F99F41324D4E134C6A51433DE088F7F0A5E828186A
7912WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe.7688.dmpbinary
MD5:DB2FE6125347BA857DEC8F401DD8600F
SHA256:565601BFBB0E568C6B8D6484B9164224B95E596509DCD979F6EE3948EB1BCF97
7896WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\omsecor.exe.7736.dmpbinary
MD5:2C42532BE889B82221AF00BC2B0AA1CD
SHA256:4CB750371F08A262377A29D45B7545A730B68C874EA12EE7F713A9D67CD8738A
5204WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER1641.tmp.xmlxml
MD5:08E8F3FAC1193153447D827E8CDDA036
SHA256:DBEF98C549658245676202DC398E808DCD1D61E2EA6D417CE7FCCF769CADA769
7912WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC2E4.tmp.dmpbinary
MD5:A00090859B046C500CDC34711FCA1395
SHA256:09F6F6C173F71B81057507CE1BFCF9D2B430028291FACD71605765455150368B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
22
TCP/UDP connections
57
DNS requests
17
Threats
14

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7808
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/33/805.html
unknown
malicious
7808
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/756/121.html
unknown
malicious
7808
omsecor.exe
GET
403
75.2.18.233:80
http://mkkuei4kdsz.com/441/378.html
unknown
malicious
6876
SIHClient.exe
GET
200
2.16.106.8:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6876
SIHClient.exe
GET
200
2.16.106.8:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
6876
SIHClient.exe
GET
200
2.16.106.8:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
6876
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
6876
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6876
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
6876
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
7808
omsecor.exe
193.166.255.171:80
lousta.net
Tieteen tietotekniikan keskus Oy
FI
malicious
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
7808
omsecor.exe
75.2.18.233:80
mkkuei4kdsz.com
AMAZON-02
US
malicious
6876
SIHClient.exe
20.12.23.50:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6876
SIHClient.exe
2.16.106.8:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6876
SIHClient.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6876
SIHClient.exe
40.69.42.241:443
fe3cr.delivery.mp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
google.com
  • 142.250.185.142
whitelisted
lousta.net
  • 193.166.255.171
malicious
client.wns.windows.com
  • 172.211.123.250
whitelisted
mkkuei4kdsz.com
  • 75.2.18.233
malicious
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
crl.microsoft.com
  • 2.16.106.8
  • 2.16.106.24
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 40.69.42.241
whitelisted
ow5dirasuek.com
  • 44.247.155.67
malicious

Threats

PID
Process
Class
Message
7808
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7808
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7808
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7808
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7808
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7808
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7808
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7808
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
2392
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
2392
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader