File name:

Ransomware.7ev3n.zip

Full analysis: https://app.any.run/tasks/2e2cdf2b-6396-4192-98c9-abd4e15bb518
Verdict: Malicious activity
Analysis date: June 25, 2025, 18:24:23
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-exec
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=AES Encrypted
MD5:

71F4666373DB57958635DE89EDB58A65

SHA1:

71B4504062E2C0C08B03E39387633FB068705DA7

SHA256:

72810CDF913169DF2B42ABAF2D34840CA04B91D640B778CA2580F744BE1DAA1D

SSDEEP:

6144:4CXgeVc8YG8ekHKb4s1pNLAsqbzZFRWqe:4CXgeVc8DjkHDKpusqRFRWqe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 5980)

    • Application was injected by another process

      • explorer.exe (PID: 4772)

    • Runs injected code in another process

      • uac.exe (PID: 2692)
      • uac.exe (PID: 1128)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 5980)
      • Ransomware.7ev3n.exe (PID: 3704)
      • uac.exe (PID: 2692)
      • uac.exe (PID: 1128)

    • The process creates files with name similar to system file names

      • Ransomware.7ev3n.exe (PID: 3704)

    • Executable content was dropped or overwritten

      • Ransomware.7ev3n.exe (PID: 3704)
      • system.exe (PID: 3572)
      • uac.exe (PID: 2692)
      • dllhost.exe (PID: 1336)
      • uac.exe (PID: 1128)
      • dllhost.exe (PID: 5468)

    • Starts itself from another location

      • Ransomware.7ev3n.exe (PID: 3704)

    • Executing commands from a ".bat" file

      • system.exe (PID: 3572)
      • Ransomware.7ev3n.exe (PID: 5020)

    • Starts CMD.EXE for commands execution

      • system.exe (PID: 3572)
      • Ransomware.7ev3n.exe (PID: 5020)

    • The executable file from the user directory is run by the CMD process

      • uac.exe (PID: 2692)
      • uac.exe (PID: 1128)

    • Reads the date of Windows installation

      • uac.exe (PID: 2692)
      • uac.exe (PID: 1128)

  • INFO

    • Creates files or folders in the user directory

      • Ransomware.7ev3n.exe (PID: 3704)
      • system.exe (PID: 3572)
      • mmc.exe (PID: 4920)

    • Reads the machine GUID from the registry

      • Ransomware.7ev3n.exe (PID: 3704)
      • system.exe (PID: 3572)
      • Ransomware.7ev3n.exe (PID: 5020)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 5980)

    • Reads the computer name

      • Ransomware.7ev3n.exe (PID: 3704)
      • system.exe (PID: 3572)
      • uac.exe (PID: 2692)
      • Ransomware.7ev3n.exe (PID: 5020)
      • uac.exe (PID: 1128)

    • Checks supported languages

      • Ransomware.7ev3n.exe (PID: 3704)
      • system.exe (PID: 3572)
      • uac.exe (PID: 2692)
      • Ransomware.7ev3n.exe (PID: 5020)
      • uac.exe (PID: 1128)

    • Checks proxy server information

      • Ransomware.7ev3n.exe (PID: 3704)

    • Reads the software policy settings

      • Ransomware.7ev3n.exe (PID: 3704)
      • mmc.exe (PID: 4920)
      • mmc.exe (PID: 5920)

    • The sample compiled with english language support

      • system.exe (PID: 3572)
      • uac.exe (PID: 2692)
      • dllhost.exe (PID: 1336)
      • uac.exe (PID: 1128)
      • dllhost.exe (PID: 5468)

    • Create files in a temporary directory

      • uac.exe (PID: 2692)
      • uac.exe (PID: 1128)

    • Reads security settings of Internet Explorer

      • dllhost.exe (PID: 1336)
      • dllhost.exe (PID: 5468)
      • mmc.exe (PID: 4920)
      • explorer.exe (PID: 4772)
      • mmc.exe (PID: 5920)

    • Checks transactions between databases Windows and Oracle

      • explorer.exe (PID: 4772)

    • Process checks computer location settings

      • uac.exe (PID: 2692)
      • uac.exe (PID: 1128)

    • Creates files in the program directory

      • mmc.exe (PID: 4920)
      • mmc.exe (PID: 5920)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0009
ZipCompression: Unknown (99)
ZipModifyDate: 2019:10:10 18:33:38
ZipCRC: 0xfaa96043
ZipCompressedSize: 146680
ZipUncompressedSize: 322560
ZipFileName: Ransomware.7ev3n.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
163
Monitored processes
22
Malicious processes
3
Suspicious processes
6

Behavior graph

Click at the process to see the details
start winrar.exe ransomware.7ev3n.exe system.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs uac.exe Copy/Move/Rename/Delete/Link Object mmc.exe no specs mmc.exe ransomware.7ev3n.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs uac.exe Copy/Move/Rename/Delete/Link Object mmc.exe no specs mmc.exe slui.exe no specs explorer.exe

Process information

PID
CMD
Path
Indicators
Parent process
1128C:\Users\admin\AppData\Local\uac.exe 64 C:\Users\admin\AppData\Local\system.exeC:\Users\admin\AppData\Local\uac.exe
cmd.exe
User:
admin
Company:
UG North
Integrity Level:
MEDIUM
Description:
UACMe main module
Exit code:
0
Version:
1.9.0.0
Modules
Images
c:\users\admin\appdata\local\uac.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shell32.dll
1336C:\WINDOWS\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}C:\Windows\System32\dllhost.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
1936"C:\Windows\System32\mmc.exe" eventvwr.mscC:\Windows\System32\mmc.exeuac.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Management Console
Exit code:
3221226540
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\mmc.exe
c:\windows\system32\ntdll.dll
1948cmd.exe /c C:\Users\admin\AppData\Local\uac.exe 64 C:\Users\admin\AppData\Local\system.exeC:\Windows\SysWOW64\cmd.exeRansomware.7ev3n.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
2076C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2192\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2692C:\Users\admin\AppData\Local\uac.exe 64 C:\Users\admin\AppData\Local\system.exeC:\Users\admin\AppData\Local\uac.exe
cmd.exe
User:
admin
Company:
UG North
Integrity Level:
MEDIUM
Description:
UACMe main module
Exit code:
0
Version:
1.9.0.0
Modules
Images
c:\users\admin\appdata\local\uac.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
3148\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3196\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3572"C:\Users\admin\AppData\Local\system.exe"C:\Users\admin\AppData\Local\system.exe
Ransomware.7ev3n.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\system.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
17 394
Read events
17 340
Write events
50
Delete events
4

Modification events

(PID) Process:(5980) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(5980) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(5980) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(5980) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Ransomware.7ev3n.zip
(PID) Process:(5980) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(5980) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(5980) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(5980) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(4772) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000702E4
Operation:writeName:VirtualDesktop
Value:
10000000303044563096AFED4A643448A750FA41CFC7F708
(PID) Process:(5980) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
Executable files
8
Suspicious files
3
Text files
5
Unknown types
2

Dropped files

PID
Process
Filename
Type
3704Ransomware.7ev3n.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97Cder
MD5:DF57E40E8F20D3FB38F9EE66C563DBB1
SHA256:EE4E705944312BFBEDE0056BEA1EA3160BA7B5C0FF353156138327B680CF40D9
4772explorer.exeC:\Users\admin\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.datbinary
MD5:E49C56350AEDF784BFE00E444B879672
SHA256:A8BD235303668981563DFB5AAE338CB802817C4060E2C199B7C84901D57B7E1E
4920mmc.exeC:\Users\admin\AppData\Roaming\Microsoft\MMC\eventvwrxml
MD5:63DCE8A52A05893DD084985AD91ABC9D
SHA256:6089F4A51515D2A8F1A2AAC9E7A3586EE7530296B1F2721D45B1A6CFC815D4EF
3704Ransomware.7ev3n.exeC:\Users\admin\AppData\Local\system.exeexecutable
MD5:9F8BC96C96D43ECB69F883388D228754
SHA256:7D373CCB96D1DBB1856EF31AFA87C2112A0C1795A796AB01CB154700288AFEC5
3572system.exeC:\Users\admin\AppData\Local\uac.exeexecutable
MD5:4DD04EDC3E27B9AEAC8D6395BD416809
SHA256:3B81DF4220DD3DF6C475997B59D4DE9FA1AB6A2BA33C6396097337378B03DC4E
2692uac.exeC:\Users\admin\AppData\Local\Temp\elsext.dllexecutable
MD5:63378F143DF2BFD0080A02DAF249BF84
SHA256:13052876487FBEBC38F71FC156B6B6C8A11B6231D6B36AFA6A40E099043D7462
3704Ransomware.7ev3n.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\api[1].htmhtml
MD5:6F26003065D6BA261356329F7F535D2F
SHA256:6465D2E82C208E71BDA77AB6B3060ACE5855B89C53DE79E144490A4356F96807
4920mmc.exeC:\Users\admin\AppData\Local\Microsoft\Event Viewer\Settings.Xmltext
MD5:884320A9B8F018F309F5A96107133F89
SHA256:50FD9D76D1C43BB16B166DE02AAF8ADEC09EB5BC4CEFDCA9D1AF2E0F7B1D8F64
1336dllhost.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-msbinary
MD5:A8CFBD3DBF73223B49D76F6EC6740B44
SHA256:E50E4F8F585CD13B4069806913EA058C1A4C6BD6C607B5640C8D6308E4AA9DF1
5980WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb5980.20210\Ransomware.7ev3n.exeexecutable
MD5:9F8BC96C96D43ECB69F883388D228754
SHA256:7D373CCB96D1DBB1856EF31AFA87C2112A0C1795A796AB01CB154700288AFEC5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
25
DNS requests
19
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3704
Ransomware.7ev3n.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAhflMAthXvozBT%2FU%2B2iPio%3D
unknown
whitelisted
3944
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6224
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6224
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1268
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4888
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1268
svchost.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
3944
svchost.exe
40.126.31.131:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3944
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.124.78.146
  • 51.104.136.2
whitelisted
google.com
  • 172.217.18.14
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
login.live.com
  • 40.126.31.131
  • 20.190.159.73
  • 40.126.31.128
  • 40.126.31.67
  • 20.190.159.75
  • 40.126.31.130
  • 40.126.31.3
  • 20.190.159.129
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
blockchain.info
  • 104.16.118.55
  • 104.16.117.55
whitelisted
www.blockchain.com
  • 104.17.173.30
  • 104.17.172.30
unknown
client.wns.windows.com
  • 172.211.123.250
whitelisted
nexusrules.officeapps.live.com
  • 52.111.229.43
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
Potentially Bad Traffic
ET USER_AGENTS User-Agent (Internet Explorer)
Potentially Bad Traffic
ET USER_AGENTS User-Agent (Internet Explorer)
Potentially Bad Traffic
ET USER_AGENTS User-Agent (Internet Explorer)
Potentially Bad Traffic
ET USER_AGENTS User-Agent (Internet Explorer)
Potentially Bad Traffic
ET USER_AGENTS User-Agent (Internet Explorer)
Process
Message
uac.exe
[UCM] Dll dropped successfully
mmc.exe
ViewerViewsFolderPath = 'C:\ProgramData\Microsoft\Event Viewer\Views': Microsoft.Windows.ManagementUI.CombinedControls.EventsNode
mmc.exe
ViewerExternalLogsPath = 'C:\ProgramData\Microsoft\Event Viewer\ExternalLogs': Microsoft.Windows.ManagementUI.CombinedControls.EventsNode
mmc.exe
ViewerAdminViewsPath = 'C:\ProgramData\Microsoft\Event Viewer\Views\ApplicationViewsRootNode': Microsoft.Windows.ManagementUI.CombinedControls.EventsNode
mmc.exe
ViewerConfigPath = 'C:\ProgramData\Microsoft\Event Viewer': Microsoft.Windows.ManagementUI.CombinedControls.EventsNode
mmc.exe
Failed to get ChannelConfigOwningPublisher -122-The data area passed to a system call is too small
mmc.exe
Getting next publisher from enum failed-259-No more data is available
mmc.exe
Failed to get ChannelConfigOwningPublisher -122-The data area passed to a system call is too small
mmc.exe
ExpandNode:After EventsNode:InsertChildren CountOfChildren = 5
mmc.exe
PublisherMetadataKeywordName failed for not providing enough memory. Trying with the correct memory -122-The data area passed to a system call is too small
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Ransomware.7ev3n.zip