File name:

2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader

Full analysis: https://app.any.run/tasks/ce92d7c3-d0cf-438f-862d-aa817a3fb89d
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Malware Trends Tracker     >>>
Analysis date: April 29, 2025, 01:53:30
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
neconyd
ransomware
birele
sinkhole
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections
MD5:

CD58069ADBE8CC57B4B4D97B03F6EA5F

SHA1:

C96D39A08B139C2B111B9F4B9422A9212FA14214

SHA256:

CFDB459180958D13392A7EB4790E5F3F564F4F4B398BAD6443063C14BBD69323

SSDEEP:

3072:lR65qaR6CRp/5y03CwJ3/HxMqMdA33M5tC1isyPFCALzv4mlkVVXV9da:lmqaRRRZ/MnA3cQYFCOzv3AVXV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • BIRELE has been detected (SURICATA)

      • omsecor.exe (PID: 7472)
      • omsecor.exe (PID: 1188)

    • Neconyd has been detected

      • omsecor.exe (PID: 7472)
      • omsecor.exe (PID: 1188)

    • Connects to the CnC server

      • omsecor.exe (PID: 7472)
      • omsecor.exe (PID: 1188)

  • SUSPICIOUS

    • Application launched itself

      • 2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7364)
      • omsecor.exe (PID: 7412)
      • omsecor.exe (PID: 7472)
      • omsecor.exe (PID: 5164)

    • Executable content was dropped or overwritten

      • 2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7384)

    • Reads security settings of Internet Explorer

      • omsecor.exe (PID: 7472)
      • omsecor.exe (PID: 1188)

    • Executes application which crashes

      • 2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7364)
      • omsecor.exe (PID: 5164)
      • omsecor.exe (PID: 7412)

    • Contacting a server suspected of hosting an CnC

      • omsecor.exe (PID: 7472)
      • omsecor.exe (PID: 1188)

  • INFO

    • The sample compiled with english language support

      • 2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7364)

    • Checks supported languages

      • 2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7364)
      • omsecor.exe (PID: 7412)
      • 2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7384)
      • omsecor.exe (PID: 7472)
      • omsecor.exe (PID: 5164)
      • omsecor.exe (PID: 1188)

    • Creates files or folders in the user directory

      • 2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7384)
      • WerFault.exe (PID: 7572)
      • WerFault.exe (PID: 7592)
      • WerFault.exe (PID: 6744)

    • Reads the computer name

      • omsecor.exe (PID: 7472)
      • omsecor.exe (PID: 1188)

    • Checks proxy server information

      • omsecor.exe (PID: 7472)
      • omsecor.exe (PID: 1188)
      • slui.exe (PID: 864)

    • Failed to create an executable file in Windows directory

      • omsecor.exe (PID: 7472)
      • omsecor.exe (PID: 1188)

    • Reads the software policy settings

      • slui.exe (PID: 864)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:11:25 19:05:47+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit, No debug
PEType: PE32
LinkerVersion: 8
CodeSize: 28672
InitializedDataSize: 98304
UninitializedDataSize: -
EntryPoint: 0x18b6
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1
ProductVersionNumber: 2.1.0.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Comments
FileVersion: 0, 1, 2, 0
InternalName: CompanyName
LegalCopyright: LegalTrademarks
OriginalFileName: Build private
ProductName: Movie name
ProductVersion: 0, 0, 0, 0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
142
Monitored processes
11
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader.exe 2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader.exe omsecor.exe #BIRELE omsecor.exe werfault.exe no specs werfault.exe no specs slui.exe omsecor.exe #BIRELE omsecor.exe werfault.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
864C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1188C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
5164C:\Users\admin\AppData\Roaming\omsecor.exe /nomoveC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6744C:\WINDOWS\SysWOW64\WerFault.exe -u -p 5164 -s 340C:\Windows\SysWOW64\WerFault.exeomsecor.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
7364"C:\Users\admin\Desktop\2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader.exe" C:\Users\admin\Desktop\2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\desktop\2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7384C:\Users\admin\Desktop\2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader.exeC:\Users\admin\Desktop\2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader.exe
2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
0
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\desktop\2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
7412C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7472C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
0
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
7572C:\WINDOWS\SysWOW64\WerFault.exe -u -p 7412 -s 352C:\Windows\SysWOW64\WerFault.exeomsecor.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
Total events
9 219
Read events
9 213
Write events
6
Delete events
0

Modification events

(PID) Process:(7472) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7472) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7472) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1188) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1188) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1188) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
1
Suspicious files
9
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
7592WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_2025-04-29_cd580_a9203bb0c32aa8e47bed34d28335f9bf4ade86_90541f22_361c09a9-25c5-4cc8-ab93-abe4f3bf8d45\Report.wer
MD5:
SHA256:
7572WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_65863f1427ffeb4b1991ae67a389bce01ea938_3f9a6242_aa6f69f9-bbf8-415a-ae71-9235e1e29cea\Report.wer
MD5:
SHA256:
6744WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_65863f1427ffeb4b1991ae67a389bce01ea938_3f9a6242_d46d6037-d548-4207-894e-a37431e9ff9d\Report.wer
MD5:
SHA256:
7592WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC238.tmp.dmpbinary
MD5:0D1DE18E924C60FC574972BCAF84582E
SHA256:1A67F1CB79FE3EC41FD35210F4EE6CC0B7AFD0600C29CE4167781C1946BEBC9C
7592WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader.exe.7364.dmpbinary
MD5:FFA0769AE5F0D3B39105EA0BAC4AE7FA
SHA256:E083CC586E573A0DA44E6A27A2156B0E2D56398C09DFA08B354CFDF6BAB6C7A8
7572WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC3E1.tmp.xmlxml
MD5:70931D0D77D79848B294E2C8E04EE80F
SHA256:94691CFECAA4C4F07E6F97451D2F38AA02F9576C56CBAB65C338E77E3F84C3DB
6744WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER16BE.tmp.xmlxml
MD5:FF28B0D8A57FC30EAB47BE3DDCB9CC85
SHA256:5197CFE7AE1910C7F0B47CBDBE7F1B40BABE3C9D8FC3B6D1F08A635ABC22D7DD
7572WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC3C1.tmp.WERInternalMetadata.xmlbinary
MD5:92F688A6F22DBC316FF5212A064E80A8
SHA256:124B0ED0AEE716ADE79AA710108D9E55EE28EEDB8C98587395AC1421EF4FE764
7572WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC258.tmp.dmpbinary
MD5:FC8D98DA7B5B3F8797F947D8097BF8C3
SHA256:DD5735DBDF76C5B809027BFFA260FEB54F562C216152BB177F52E6875FCD3160
6744WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER165F.tmp.dmpbinary
MD5:FB599897864A30E252B1CAABA8138A66
SHA256:9E1BCC6340D0D605B0EAD6CE701DC936E0EF04AE718F1A5E257B294D8D6752DC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
46
TCP/UDP connections
62
DNS requests
25
Threats
15

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2104
svchost.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7472
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/625/742.html
unknown
malicious
7472
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/502/946.html
unknown
malicious
GET
304
4.245.163.56:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
8080
SIHClient.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
8080
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
GET
200
20.3.187.198:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
8080
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
POST
400
20.190.160.17:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4024
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
7472
omsecor.exe
193.166.255.171:80
lousta.net
Tieteen tietotekniikan keskus Oy
FI
malicious
2104
svchost.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
2104
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6544
svchost.exe
40.126.32.134:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
google.com
  • 142.250.184.238
whitelisted
lousta.net
  • 193.166.255.171
malicious
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
  • 2.16.164.49
  • 2.16.164.120
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 2.23.246.101
whitelisted
login.live.com
  • 40.126.32.134
  • 20.190.160.67
  • 20.190.160.17
  • 20.190.160.2
  • 20.190.160.66
  • 40.126.32.133
  • 20.190.160.22
  • 20.190.160.3
whitelisted
mkkuei4kdsz.com
  • 75.2.18.233
malicious
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted

Threats

PID
Process
Class
Message
7472
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7472
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7472
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7472
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7472
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7472
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7472
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7472
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
1188
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
1188
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-04-29_cd58069adbe8cc57b4b4d97b03f6ea5f_amadey_elex_rhadamanthys_smoke-loader