File name:

2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader

Full analysis: https://app.any.run/tasks/3d1b2086-68c1-444b-adfb-40c893d56a85
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Malware Trends Tracker     >>>
Analysis date: May 17, 2025, 01:52:03
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
neconyd
ransomware
birele
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections
MD5:

4C8674ACD1F7CE78E3700E7C8F6F2546

SHA1:

F60A36EBC7EEE3DCC403EAD9E1D0FE64395F6BCF

SHA256:

D3C892DB0D21162D2DE1FD8C69CEFC26171D1EC96EA2516D34DBD3805167A956

SSDEEP:

3072:1R65qaR6CRp/5y03CwJ3/HxMqMdA33M5tC1isyPFCALzv4mlkVVXV9daP:1mqaRRRZ/MnA3cQYFCOzv3AVXVs

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Neconyd has been detected

      • omsecor.exe (PID: 536)
      • omsecor.exe (PID: 1328)

    • Connects to the CnC server

      • omsecor.exe (PID: 536)
      • omsecor.exe (PID: 1328)

    • BIRELE has been detected (SURICATA)

      • omsecor.exe (PID: 536)
      • omsecor.exe (PID: 1328)

  • SUSPICIOUS

    • Application launched itself

      • 2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 1324)
      • omsecor.exe (PID: 2108)
      • omsecor.exe (PID: 536)
      • omsecor.exe (PID: 3268)

    • Executable content was dropped or overwritten

      • 2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 5640)

    • Reads security settings of Internet Explorer

      • omsecor.exe (PID: 536)
      • omsecor.exe (PID: 1328)

    • Executes application which crashes

      • omsecor.exe (PID: 2108)
      • 2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 1324)
      • omsecor.exe (PID: 3268)

    • Contacting a server suspected of hosting an CnC

      • omsecor.exe (PID: 536)
      • omsecor.exe (PID: 1328)

  • INFO

    • Checks supported languages

      • 2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 5640)
      • omsecor.exe (PID: 2108)
      • 2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 1324)
      • omsecor.exe (PID: 536)
      • omsecor.exe (PID: 3268)
      • omsecor.exe (PID: 1328)

    • The sample compiled with english language support

      • 2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 1324)

    • Creates files or folders in the user directory

      • 2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 5640)
      • WerFault.exe (PID: 1116)
      • WerFault.exe (PID: 6700)
      • WerFault.exe (PID: 6752)

    • Reads the computer name

      • omsecor.exe (PID: 536)
      • omsecor.exe (PID: 1328)

    • Checks proxy server information

      • omsecor.exe (PID: 536)
      • omsecor.exe (PID: 1328)
      • slui.exe (PID: 6652)

    • Failed to create an executable file in Windows directory

      • omsecor.exe (PID: 536)
      • omsecor.exe (PID: 1328)

    • Reads the software policy settings

      • slui.exe (PID: 6652)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:11:23 01:39:57+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit, No debug
PEType: PE32
LinkerVersion: 8
CodeSize: 28672
InitializedDataSize: 98304
UninitializedDataSize: -
EntryPoint: 0x18b6
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1
ProductVersionNumber: 2.1.0.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Comments
FileVersion: 0, 1, 2, 0
InternalName: CompanyName
LegalCopyright: LegalTrademarks
OriginalFileName: Build private
ProductName: Movie name
ProductVersion: 0, 0, 0, 0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
139
Monitored processes
11
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exe 2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exe omsecor.exe #NECONYD omsecor.exe werfault.exe no specs werfault.exe no specs slui.exe omsecor.exe #NECONYD omsecor.exe werfault.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
536C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
0
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
1116C:\WINDOWS\SysWOW64\WerFault.exe -u -p 2108 -s 344C:\Windows\SysWOW64\WerFault.exeomsecor.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
1324"C:\Users\admin\Desktop\2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exe" C:\Users\admin\Desktop\2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\desktop\2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1328C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
2108C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
3268C:\Users\admin\AppData\Roaming\omsecor.exe /nomoveC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
5640C:\Users\admin\Desktop\2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exeC:\Users\admin\Desktop\2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exe
2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
0
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\desktop\2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
6652C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6700C:\WINDOWS\SysWOW64\WerFault.exe -u -p 1324 -s 352C:\Windows\SysWOW64\WerFault.exe2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
Total events
9 210
Read events
9 204
Write events
6
Delete events
0

Modification events

(PID) Process:(536) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(536) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(536) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1328) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1328) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1328) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
1
Suspicious files
9
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
1116WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_11eee658c153767281c83cfb6219cfb58bad540_e09b47b5_3c3b5f8d-2bf6-440f-b39f-2a21bbd980b4\Report.wer
MD5:
SHA256:
6700WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_2025-05-17_4c867_afbd16b9df18d7f162db93e7f9cb51670a7ac3f_fb346d35_b64cd65f-07f6-4f55-a291-47bb6ace0b95\Report.wer
MD5:
SHA256:
6752WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_11eee658c153767281c83cfb6219cfb58bad540_e09b47b5_a92e5972-b853-4f28-a668-988101cbc20f\Report.wer
MD5:
SHA256:
56402025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exeC:\Users\admin\AppData\Roaming\omsecor.exeexecutable
MD5:999FAE38A7EAD37D13566114299561F4
SHA256:8D0D9A1AC23837CDF93CF3DE9BB6C8459FD66E8EFB3A181EF600CA011FDEC630
1116WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC5F3.tmp.WERInternalMetadata.xmlbinary
MD5:2F20C82ED29C372A964909C4BE3951F9
SHA256:B02710D70F38D007790E2A3B79C0115E9AA923B0F66D075A331859DE750721C3
6700WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC671.tmp.WERInternalMetadata.xmlbinary
MD5:9F313EFB04E4A2CD625AEB3FF97780F3
SHA256:F772D442818198480444A9B6D4AD01D3AE7E9CFEBAD50D61ADCF6584DDD4D27F
6700WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader.exe.1324.dmpbinary
MD5:069FB12AF74E6E556E122B7DCF65090C
SHA256:DB5193A6606025B0BA9E769CAE034EE5A098C24158DEAFA9EDC00C3E048929F3
1116WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC575.tmp.dmpbinary
MD5:8346F4E8CEAAF7573FBB253B10142BE7
SHA256:E720234672F40D8EE92C530FF1BAB2286126342BBFC48C238FF5CAEACA276B7A
6700WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC555.tmp.dmpbinary
MD5:6746993D9BCE2712DEE0EA0D423CCB83
SHA256:08BC69E407A925B34813312243DC997C397CB4C77AEE02E66C4EB57529B8B18E
6752WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER102.tmp.dmpbinary
MD5:7A840A4A88F555C0FCA2E195EBE0E744
SHA256:2946E1A8B31A38DC1ED5EE405AA3284D6CDC6A24D2417C30666571DB4B3C343E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
47
DNS requests
23
Threats
16

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
536
omsecor.exe
GET
75.2.18.233:80
http://mkkuei4kdsz.com/850/871.html
unknown
malicious
536
omsecor.exe
GET
44.247.155.67:80
http://ow5dirasuek.com/993/71.html
unknown
malicious
1328
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/941/172.html
unknown
malicious
1328
omsecor.exe
GET
75.2.18.233:80
http://mkkuei4kdsz.com/83/604.html
unknown
malicious
1328
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/697/452.html
unknown
malicious
1328
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/462/512.html
unknown
malicious
1328
omsecor.exe
GET
44.247.155.67:80
http://ow5dirasuek.com/177/649.html
unknown
malicious
1328
omsecor.exe
GET
75.2.18.233:80
http://mkkuei4kdsz.com/555/326.html
unknown
malicious
1328
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/319/81.html
unknown
malicious
536
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/430/47.html
unknown
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2316
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
536
omsecor.exe
193.166.255.171:80
lousta.net
Tieteen tietotekniikan keskus Oy
FI
malicious
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
536
omsecor.exe
75.2.18.233:80
mkkuei4kdsz.com
AMAZON-02
US
malicious
6404
SIHClient.exe
20.109.210.53:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6404
SIHClient.exe
20.3.187.198:443
fe3cr.delivery.mp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 216.58.206.78
whitelisted
lousta.net
  • 193.166.255.171
malicious
client.wns.windows.com
  • 172.211.123.248
whitelisted
mkkuei4kdsz.com
  • 75.2.18.233
malicious
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
ow5dirasuek.com
  • 44.247.155.67
malicious
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
nexusrules.officeapps.live.com
  • 52.111.227.14
whitelisted

Threats

PID
Process
Class
Message
536
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
536
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
536
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
536
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
536
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
536
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
536
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
536
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
1328
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
1328
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-05-17_4c8674acd1f7ce78e3700e7c8f6f2546_amadey_elex_rhadamanthys_smoke-loader