File name:

2025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader

Full analysis: https://app.any.run/tasks/f1ea00c7-7d3c-4f63-b753-baca1a5e0fd0
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Malware Trends Tracker     >>>
Analysis date: May 18, 2025, 11:02:01
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
ransomware
birele
neconyd
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections
MD5:

F5BA99F2355E0502C85A1146C2842EF0

SHA1:

56C9C563D1997EB431A59132EAB593D9B2692658

SHA256:

B0CDA2FBA6EE7295DC58E635D8D252B90B059B11413A10EBC408E2BFB78AD1E9

SSDEEP:

3072:SR65qaR6CRp/5y03CwJ3/HxMqMdA33M5tC1isyPFCALzv4mlkVVXV9da:SmqaRRRZ/MnA3cQYFCOzv3AVXV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • BIRELE has been detected (SURICATA)

      • omsecor.exe (PID: 7728)
      • omsecor.exe (PID: 2108)

    • Neconyd has been detected

      • omsecor.exe (PID: 7728)
      • omsecor.exe (PID: 2108)

    • Connects to the CnC server

      • omsecor.exe (PID: 7728)
      • omsecor.exe (PID: 2108)

  • SUSPICIOUS

    • Application launched itself

      • 2025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7568)
      • omsecor.exe (PID: 7660)
      • omsecor.exe (PID: 7728)
      • omsecor.exe (PID: 4620)

    • Executable content was dropped or overwritten

      • 2025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7588)

    • Executes application which crashes

      • omsecor.exe (PID: 7660)
      • 2025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7568)
      • omsecor.exe (PID: 4620)

    • Reads security settings of Internet Explorer

      • omsecor.exe (PID: 7728)
      • omsecor.exe (PID: 2108)

    • Contacting a server suspected of hosting an CnC

      • omsecor.exe (PID: 7728)
      • omsecor.exe (PID: 2108)

  • INFO

    • Checks supported languages

      • 2025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7568)
      • 2025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7588)
      • omsecor.exe (PID: 7660)
      • omsecor.exe (PID: 7728)
      • omsecor.exe (PID: 4620)
      • omsecor.exe (PID: 2108)

    • The sample compiled with english language support

      • 2025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7568)

    • Reads the computer name

      • omsecor.exe (PID: 7728)
      • omsecor.exe (PID: 2108)

    • Checks proxy server information

      • omsecor.exe (PID: 7728)
      • slui.exe (PID: 7192)
      • omsecor.exe (PID: 2108)

    • Creates files or folders in the user directory

      • 2025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7588)
      • WerFault.exe (PID: 7840)
      • WerFault.exe (PID: 7824)
      • WerFault.exe (PID: 6388)

    • Failed to create an executable file in Windows directory

      • omsecor.exe (PID: 7728)
      • omsecor.exe (PID: 2108)

    • Reads the software policy settings

      • slui.exe (PID: 7192)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:11:23 06:58:06+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit, No debug
PEType: PE32
LinkerVersion: 8
CodeSize: 28672
InitializedDataSize: 98304
UninitializedDataSize: -
EntryPoint: 0x18b6
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1
ProductVersionNumber: 2.1.0.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Comments
FileVersion: 0, 1, 2, 0
InternalName: CompanyName
LegalCopyright: LegalTrademarks
OriginalFileName: Build private
ProductName: Movie name
ProductVersion: 0, 0, 0, 0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
139
Monitored processes
11
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 2025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader.exe 2025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader.exe omsecor.exe #BIRELE omsecor.exe werfault.exe no specs werfault.exe no specs slui.exe omsecor.exe #BIRELE omsecor.exe werfault.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
2108C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
4620C:\Users\admin\AppData\Roaming\omsecor.exe /nomoveC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6388C:\WINDOWS\SysWOW64\WerFault.exe -u -p 4620 -s 340C:\Windows\SysWOW64\WerFault.exeomsecor.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
7192C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7568"C:\Users\admin\Desktop\2025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader.exe" C:\Users\admin\Desktop\2025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\desktop\2025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7588C:\Users\admin\Desktop\2025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader.exeC:\Users\admin\Desktop\2025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader.exe
2025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
0
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\desktop\2025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
7660C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
2025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7728C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
0
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
7824C:\WINDOWS\SysWOW64\WerFault.exe -u -p 7660 -s 340C:\Windows\SysWOW64\WerFault.exeomsecor.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
Total events
9 217
Read events
9 211
Write events
6
Delete events
0

Modification events

(PID) Process:(7728) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7728) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7728) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2108) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2108) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2108) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
1
Suspicious files
9
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
7840WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_2025-05-18_f5ba9_f973155330a273a1a7a5dc9e17ea656dca34_2a1a647a_ccdc1ae1-d6fd-4e6f-b65e-f61ad3c65258\Report.wer
MD5:
SHA256:
7824WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_51baef496c853eb4b159c51a9bc1c46a9c434ca_aea46fb6_0d87b797-6803-4c11-8f1f-c1276829312d\Report.wer
MD5:
SHA256:
6388WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_51baef496c853eb4b159c51a9bc1c46a9c434ca_aea46fb6_c9686edc-5195-4008-bcd8-50d7690129d7\Report.wer
MD5:
SHA256:
7840WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC6ED.tmp.WERInternalMetadata.xmlbinary
MD5:1FD2FE33381A18A45306C3BFF90AAF52
SHA256:FED5E15C6AA5A513FB72F513CBC881A7F7AB2FE0AC20E4EE0667D1AF3C1B6ACE
7840WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC601.tmp.dmpbinary
MD5:72B4C26372A0D2C15A46B4CD982C62D9
SHA256:BB64E014E17028E3FF2D468E87A83894138F59FD965EBBDE74B5F79FE459C2A0
75882025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader.exeC:\Users\admin\AppData\Roaming\omsecor.exeexecutable
MD5:52C21F74356989157BD9F72C999C3DD0
SHA256:4E6E70735959628DBC23B6FA0836D41C94F09C8CD0F3D8BB299A6E51283F9478
6388WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER18A2.tmp.WERInternalMetadata.xmlbinary
MD5:66BF6F8624ACBB24BA45B7617F527B9E
SHA256:CA6846323212137312F92AF670A24CBF4B5EA0720DA83F0B0E51B3E270DFFF1A
6388WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\omsecor.exe.4620.dmpbinary
MD5:D8FFFC11A3756E7A8158C228C39BA93A
SHA256:EC96E7F303C968B1ADC5A2F0BE8753D2E8728F4891EB2ED90B35F9049E84BC7E
7824WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC75B.tmp.WERInternalMetadata.xmlbinary
MD5:20073B56CB24AE90AAC13FB66D0B8215
SHA256:80D21565F7D6648C807EBC7CB1BCEA7A7DFB893216F320B544566E89ACB74AB8
7840WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC72C.tmp.xmlxml
MD5:729F4749E00EDD43E0B106A8CFA3B7F3
SHA256:27AF16D08ACAB912A2ABD5C15A49EADC724DA616FBE3ED7EDCC97562F3F640A0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
23
TCP/UDP connections
66
DNS requests
21
Threats
14

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7728
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/389/372.html
unknown
malicious
2104
svchost.exe
GET
200
23.216.77.30:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7728
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/921/232.html
unknown
malicious
7728
omsecor.exe
GET
403
75.2.18.233:80
http://mkkuei4kdsz.com/891/755.html
unknown
malicious
2136
SIHClient.exe
GET
200
23.216.77.15:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
2136
SIHClient.exe
GET
200
23.216.77.15:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
2136
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
2136
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2136
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
7728
omsecor.exe
193.166.255.171:80
lousta.net
Tieteen tietotekniikan keskus Oy
FI
malicious
2104
svchost.exe
23.216.77.30:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.160.65:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
google.com
  • 142.250.184.238
whitelisted
lousta.net
  • 193.166.255.171
malicious
crl.microsoft.com
  • 23.216.77.30
  • 23.216.77.8
  • 23.216.77.41
  • 23.216.77.39
  • 23.216.77.11
  • 23.216.77.43
  • 23.216.77.38
  • 23.216.77.31
  • 23.216.77.42
  • 23.216.77.15
  • 23.216.77.18
  • 23.216.77.21
  • 23.216.77.6
  • 23.216.77.19
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 20.190.160.65
  • 40.126.32.133
  • 20.190.160.66
  • 40.126.32.68
  • 20.190.160.17
  • 20.190.160.14
  • 20.190.160.3
  • 20.190.160.132
whitelisted
mkkuei4kdsz.com
  • 75.2.18.233
malicious
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 40.69.42.241
whitelisted

Threats

PID
Process
Class
Message
7728
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7728
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7728
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7728
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7728
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7728
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7728
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7728
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
2108
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
2108
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-05-18_f5ba99f2355e0502c85a1146c2842ef0_amadey_elex_rhadamanthys_smoke-loader