{
	"id": "85c3c344-d8f9-4607-9d32-b1708ca546fb",
	"created_at": "2026-04-06T00:07:49.681697Z",
	"updated_at": "2026-04-10T03:20:44.019919Z",
	"deleted_at": null,
	"sha1_hash": "078faf0bdd41e841b50f51f90602d247677e7328",
	"title": "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 86003,
	"plain_text": "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/n\r\ngolang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nArchived: 2026-04-05 21:30:02 UTC\r\nFile name SHA-256 Detection\r\nN/A 117fc30c25b1f28cd923b530ab9f91a0a818925b0b89b8bc9a7f820a9e630464 Ransom.Win64.AGENDACRY\r\nN/A 93d0cc8492511c663f17544b3bf14eab8ccb492909536e79ef652921d809bb1a Ransom.Win64.AGENDACRY\r\nN/A e4a319f7afafbbd710ff2dbe8d0883ef332afcb0363efd4e919ed3c3faba0342 Ransom.Win64.AGENDACRY\r\npwndll.dll 28aeb2d6576b2437ecab535c0a1bf41713ee9864611965bf1d498a87cbdd2fab Trojan.Win64.AGENDA.SV\r\n-----------------------------------------------------------------\r\nTor communication\r\n- ygo44wtbprhx2kvibtgjj3rrjo3f4fccuhuavy6vnvtrvihpruqdjuad[.]onion\r\n- pmbvfcoawmpkpqtcrv3fmtqyvxufbpiidrseseypvxrmlbh727aoqmyd[.]onion\r\n- ozsxj4hwxub7gio347ac7tyqqozvfioty37skqilzo2oqfs4cw2mgtyd[.]onion\r\n-----------------------------------------------------------------\r\nServices that Agenda terminates:\r\nacronis vss provider\r\nacronisagent\r\nacronisagentd\r\nacrsch2svc\r\nacrsch2svcd\r\nadobearmservice\r\nadobearmserviced\r\nalerter\r\nalerterd\r\narsm\r\narsmd\r\naswbcc\r\naswbccd\r\navbackup\r\navbackupd\r\nbackup\r\nbackupexecagentaccelerator\r\nbackupexecagentacceleratord\r\nbackupexecagentbrowser\r\nbackupexecagentbrowserd\r\nbackupexecdevicemediaservice\r\nbackupexecdevicemediaserviced\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 1 of 28\n\nbackupexecjobengine\r\nbackupexecjobengined\r\nbackupexecmanagementservice\r\nbackupexecmanagementserviced\r\nbackupexecrpcservice\r\nbackupexecrpcserviced\r\nbackupexecvssprovider\r\nbackupexecvssproviderd\r\nbcrservice\r\nbcrserviced\r\nbedbg\r\nbedbgd\r\nbits\r\nbitsd\r\nbluestripecollector\r\nbluestripecollectord\r\nbrokerinfrastructure\r\nbrokerinfrastructured\r\nccevtmgr\r\nccevtmgrd\r\nccsetmgr\r\nccsetmgrd\r\ncissesrv\r\ncissesrvd\r\ncpqrcmc3\r\ncpqrcmc3d\r\ncsadmin\r\ncsadmind\r\ncsauth\r\ncsauthd\r\ncsdbsync\r\ncsdbsyncd\r\ncslog\r\ncslogd\r\ncsmon\r\ncsmond\r\ncsradius\r\ncsradiusd\r\ncstacacs\r\ncstacacsd\r\ndb2\r\ndb2-0\r\ndb2-0d\r\ndb2d\r\ndb2das00\r\ndb2das00d\r\ndb2governor_db2copy1\r\ndb2governor_db2copy1d\r\ndb2inst2\r\ndb2inst2d\r\ndb2licd_db2copy1\r\ndb2licd_db2copy1d\r\ndb2mgmtsvc_db2copy1\r\ndb2mgmtsvc_db2copy1d\r\ndb2remotecmd_db2copy1\r\ndb2remotecmd_db2copy1d\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 2 of 28\n\nehttpsrv\r\nehttpsrvd\r\nekrn\r\nekrnd\r\nerasersvc11710\r\nerasersvc11710d\r\nersvc\r\nersvcd\r\nesgshkernel\r\nesgshkerneld\r\neshasrv\r\neshasrvd\r\neventlog\r\neventlogd\r\nfa_scheduler\r\nfa_schedulerd\r\ngooglechromeelevationservice\r\ngooglechromeelevationserviced\r\ngupdate\r\ngupdated\r\ngupdatem\r\ngupdatemd\r\nhealthservice\r\nhealthserviced\r\nibmdataservermgr\r\nibmdataservermgrd\r\nibmdsserver41\r\nibmdsserver41d\r\nidrivert\r\nidrivertd\r\nimapiservice\r\nimapiserviced\r\nklnagent\r\nklnagentd\r\nlogprocessorservice\r\nlogprocessorserviced\r\nlrsdrvx\r\nlrsdrvxd\r\nmacmnsvc\r\nmacmnsvcd\r\nmasvc\r\nmasvcd\r\nmbamservice\r\nmbamserviced\r\nmbendpointagent\r\nmbendpointagentd\r\nmcshield\r\nmcshieldd\r\nmemtas\r\nmepocs\r\nmfefire\r\nmfefired\r\nmfemms\r\nmfemmsd\r\nmfevtp\r\nmfevtpd\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 3 of 28\n\nmfewc\r\nmfewcd\r\nmms\r\nmmsd\r\nmozyprobackup\r\nmozyprobackupd\r\nmsexchange\r\nmsexchangees\r\nmsexchangeesd\r\nmsexchangeis\r\nmsexchangeisd\r\nmsexchangemgmt\r\nmsexchangemgmtd\r\nmsexchangemta\r\nmsexchangemtad\r\nmsexchangesa\r\nmsexchangesad\r\nmsexchangesrs\r\nmsexchangesrsd\r\nmsftesql$prod\r\nmsftesql$prodd\r\nmsmq\r\nmsmqd\r\nmsolap$sql_2008\r\nmsolap$sql_2008d\r\nmsolap$system_bgc\r\nmsolap$system_bgcd\r\nmsolap$tps\r\nmsolap$tpsama\r\nmsolap$tpsamad\r\nmsolap$tpsd\r\nmssql$bkupexec\r\nmssql$bkupexecd\r\nmssql$citrix_metaframe\r\nmssql$citrix_metaframed\r\nmssql$ecwdb2\r\nmssql$ecwdb2d\r\nmssql$eposerver\r\nmssql$eposerverd\r\nmssql$itris\r\nmssql$itrisd\r\nmssql$net2\r\nmssql$net2d\r\nmssql$practicemgt\r\nmssql$practicemgtd\r\nmssql$practticebgc\r\nmssql$practticebgcd\r\nmssql$prod\r\nmssql$prodd\r\nmssql$profxengagement\r\nmssql$profxengagementd\r\nmssql$sbsmonitoring\r\nmssql$sbsmonitoringd\r\nmssql$sharepoint\r\nmssql$sharepointd\r\nmssql$sql_2008\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 4 of 28\n\nmssql$sql_2008d\r\nmssql$sqlexpress\r\nmssql$sqlexpressd\r\nmssql$system_bgc\r\nmssql$system_bgcd\r\nmssql$tps\r\nmssql$tpsama\r\nmssql$tpsamad\r\nmssql$tpsd\r\nmssql$veeamsql2008r2\r\nmssql$veeamsql2008r2d\r\nmssql$veeamsql2012\r\nmssql$veeamsql2012d\r\nmssqlfdlauncher\r\nmssqlfdlauncher$itris\r\nmssqlfdlauncher$itrisd\r\nmssqlfdlauncher$profxengagement\r\nmssqlfdlauncher$profxengagementd\r\nmssqlfdlauncher$sbsmonitoring\r\nmssqlfdlauncher$sbsmonitoringd\r\nmssqlfdlauncher$sharepoint\r\nmssqlfdlauncher$sharepointd\r\nmssqlfdlauncher$sql_2008\r\nmssqlfdlauncher$sql_2008d\r\nmssqlfdlauncher$system_bgc\r\nmssqlfdlauncher$system_bgcd\r\nmssqlfdlauncher$tps\r\nmssqlfdlauncher$tpsama\r\nmssqlfdlauncher$tpsamad\r\nmssqlfdlauncher$tpsd\r\nmssqlfdlauncherd\r\nmssqllaunchpad$itris\r\nmssqllaunchpad$itrisd\r\nmssqlserver\r\nmssqlserveradhelper\r\nmssqlserveradhelper100\r\nmssqlserveradhelper100d\r\nmssqlserveradhelperd\r\nmssqlserverd\r\nmssqlserverolapservice\r\nmssqlserverolapserviced\r\nmsvsmon90\r\nmsvsmon90d\r\nmysql57\r\nmysql57d\r\nnet2clientsvc\r\nnet2clientsvcd\r\nnimbuswatcherservice\r\nnimbuswatcherserviced\r\nntlmssp\r\nntlmsspd\r\nntmssvc\r\nntmssvcd\r\nntrtscan\r\nntrtscand\r\nodserv\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 5 of 28\n\nodservd\r\noracleclientcache80\r\noracleclientcache80d\r\nose\r\nosed\r\npdvfsservice\r\npdvfsserviced\r\npop3svc\r\npop3svcd\r\nproliantmonitor\r\nproliantmonitord\r\nreportserver\r\nreportserver$sql_2008\r\nreportserver$sql_2008d\r\nreportserver$system_bgc\r\nreportserver$system_bgcd\r\nreportserver$tps\r\nreportserver$tpsama\r\nreportserver$tpsamad\r\nreportserver$tpsd\r\nreportserverd\r\nrscdsvc\r\nrscdsvcd\r\nrumorserver\r\nsacsvr\r\nsacsvrd\r\nsamss\r\nsamssd\r\nsavservice\r\nsavserviced\r\nsdd_service\r\nsdd_serviced\r\nsdrsvc\r\nsdrsvcd\r\nsentinelagent\r\nsentinelagentd\r\nsentinelhelperservice\r\nsentinelhelperserviced\r\nsentinelstaticengine\r\nsentinelstaticengined\r\nsepmasterservice\r\nsepmasterserviced\r\nsepmasterservicemig\r\nsepmasterservicemigd\r\nshmonitor\r\nshmonitord\r\nsmcinst\r\nsmcinstd\r\nsmcservice\r\nsmcserviced\r\nsmtpsvc\r\nsmtpsvcd\r\nsnac\r\nsnacd\r\nsnowinventoryclient\r\nsnowinventoryclientd\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 6 of 28\n\nsntpservice\r\nsntpserviced\r\nsql\r\nsql backups\r\nsqlagent$bkupexec\r\nsqlagent$bkupexecd\r\nsqlagent$citrix_metaframe\r\nsqlagent$citrix_metaframed\r\nsqlagent$cxdb\r\nsqlagent$cxdbd\r\nsqlagent$ecwdb2\r\nsqlagent$ecwdb2d\r\nsqlagent$eposerver\r\nsqlagent$eposerverd\r\nsqlagent$itris\r\nsqlagent$itrisd\r\nsqlagent$net2\r\nsqlagent$net2d\r\nsqlagent$practticebgc\r\nsqlagent$practticebgcd\r\nsqlagent$practticemgt\r\nsqlagent$practticemgtd\r\nsqlagent$prod\r\nsqlagent$prodd\r\nsqlagent$profxengagement\r\nsqlagent$profxengagementd\r\nsqlagent$sbsmonitoring\r\nsqlagent$sbsmonitoringd\r\nsqlagent$sharepoint\r\nsqlagent$sharepointd\r\nsqlagent$sql_2008\r\nsqlagent$sql_2008d\r\nsqlagent$sqlexpress\r\nsqlagent$sqlexpressd\r\nsqlagent$system_bgc\r\nsqlagent$system_bgcd\r\nsqlagent$tps\r\nsqlagent$tpsama\r\nsqlagent$tpsamad\r\nsqlagent$tpsd\r\nsqlagent$veeamsql2008r2\r\nsqlagent$veeamsql2008r2d\r\nsqlagent$veeamsql2012\r\nsqlagent$veeamsql2012d\r\nsqlbrowser\r\nsqlbrowserd\r\nsqlsafe backup service\r\nsqlsafe filter service\r\nsqlsafeolrservice\r\nsqlsafeolrserviced\r\nsqlserveragent\r\nsqlserveragentd\r\nsqltelemetry\r\nsqltelemetry$ecwdb2\r\nsqltelemetry$ecwdb2d\r\nsqltelemetry$itris\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 7 of 28\n\nsqltelemetry$itrisd\r\nsqltelemetryd\r\nsqlwriter\r\nsqlwriterd\r\nssistelemetry130\r\nssistelemetry130d\r\nsstpsvc\r\nsstpsvcd\r\nsvc$\r\nsvcgenerichost\r\nsvcgenerichostd\r\nswi_filter\r\nswi_filterd\r\nswi_service\r\nswi_serviced\r\nswi_update\r\nswi_update_64\r\nswi_update_64d\r\nswi_updated\r\nsymantec\r\nsymantec system recovery\r\nsymantecd\r\nsysdown\r\nsysdownd\r\ntelemetryserver\r\ntelemetryserverd\r\ntmccsf\r\ntmccsfd\r\ntmlisten\r\ntmlistend\r\ntpautoconnsvc\r\ntpautoconnsvcd\r\ntpvcgateway\r\ntpvcgatewayd\r\ntruekey\r\ntruekeyd\r\ntruekeyscheduler\r\ntruekeyschedulerd\r\ntruekeyservicehelper\r\ntruekeyservicehelperd\r\ntsm\r\ntsmd\r\nui0detect\r\nui0detectd\r\nveeam\r\nveeam backup catalog data service\r\nveeambackupsvc\r\nveeambackupsvcd\r\nveeambrokersvc\r\nveeambrokersvcd\r\nveeamcatalogsvc\r\nveeamcatalogsvcd\r\nveeamcloudsvc\r\nveeamcloudsvcd\r\nveeamdeploymentservice\r\nveeamdeploymentserviced\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 8 of 28\n\nveeamdeploysvc\r\nveeamdeploysvcd\r\nveeamenterprisemanagersvc\r\nveeamenterprisemanagersvcd\r\nveeamhvintegrationsvc\r\nveeamhvintegrationsvcd\r\nveeammountsvc\r\nveeammountsvcd\r\nveeamnfssvc\r\nveeamnfssvcd\r\nveeamrestsvc\r\nveeamrestsvcd\r\nveeamtransportsvc\r\nveeamtransportsvcd\r\nvgauthservice\r\nvgauthserviced\r\nvmtools\r\nvmtoolsd\r\nvmware\r\nvmwarecafcommamqplistener\r\nvmwarecafcommamqplistenerd\r\nvmwarecafmanagementagenthost\r\nvmwarecafmanagementagenthostd\r\nvmware-converter-agent\r\nvmware-converter-agentd\r\nvmware-converter-server\r\nvmware-converter-serverd\r\nvmware-converter-worker\r\nvmware-converter-workerd\r\nvmwared\r\nvss\r\nw3svc\r\nw3svcd\r\nwbengine\r\nwbengined\r\nwdnissvc\r\nwdnissvcd\r\nwindefend\r\nwindefendd\r\nwinvnc4\r\nwinvnc4d\r\nwrsvc\r\nwrsvcd\r\nzoolz\r\n-----------------------------------------------------------------\r\nProcesses that Agenda terminates:\r\na2service.exe\r\na2start.exe\r\naawservice.exe\r\nacaas.exe\r\nacaegmgr.exe\r\nacaif.exe\r\nacais.exe\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 9 of 28\n\nacctmgr.exe\r\naclient.exe\r\naclntusr.exe\r\nad-aware2007.exe\r\nadministrator.exe\r\nadminserver.exe\r\naesecurityservice.exe\r\naexagentuihost.exe\r\naexnsagent.exe\r\naexnsrcvsvc.exe\r\naexsvc.exe\r\naexswdusr.exe\r\naflogvw.exe\r\nafwserv.exe\r\nagntsvc\r\nagntsvc.exe\r\nahnrpt.exe\r\nahnsd.exe\r\nahnsdsv.exe\r\nalert.exe\r\nalertsvc.exe\r\nalmon.exe\r\nalogserv.exe\r\nalsvc.exe\r\nalunotify.exe\r\nalupdate.exe\r\naluschedulersvc.exe\r\namsvc.exe\r\namswmagt\r\naphost.exe\r\nappsvc32.exe\r\naps.exe\r\napvxdwin.exe\r\nashbug.exe\r\nashchest.exe\r\nashcmd.exe\r\nashdisp.exe\r\nashenhcd.exe\r\nashlogv.exe\r\nashmaisv.exe\r\nashpopwz.exe\r\nashquick.exe\r\nashserv.exe\r\nashsimp2.exe\r\nashsimpl.exe\r\nashskpcc.exe\r\nashskpck.exe\r\nashupd.exe\r\nashwebsv.exe\r\nasupport.exe\r\naswdisp.exe\r\naswregsvr.exe\r\naswserv.exe\r\naswupdsv.exe\r\naswwebsv.exe\r\natrshost.exe\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 10 of 28\n\natwsctsk.exe\r\naupdrun.exe\r\naus.exe\r\nauth8021x.exe\r\nautoup.exe\r\navcenter.exe\r\navconfig.exe\r\navconsol.exe\r\navengine.exe\r\navesvc.exe\r\navfwsvc.exe\r\navkproxy.exe\r\navkservice.exe\r\navktray.exe\r\navkwctl.exe\r\navltmain.exe\r\navmailc.exe\r\navmcdlg.exe\r\navnotify.exe\r\navscan.exe\r\navscc.exe\r\navserver.exe\r\navshadow.exe\r\navsynmgr.exe\r\navtask.exe\r\navwebgrd.exe\r\nbasfipm.exe\r\nbavtray.exe\r\nbcreporter.exe\r\nbcrservice.exe\r\nbdagent.exe\r\nbdc.exe\r\nbdlite.exe\r\nbdmcon.exe\r\nbdredline.exe\r\nbdss.exe\r\nbdsubmit.exe\r\nbhipssvc.exe\r\nbka.exe\r\nblackd.exe\r\nblackice.exe\r\nbluestripecollector.exe\r\nblupro.exe\r\nbmrt.exe\r\nbwgo0000\r\nca.exe\r\ncaantispyware.exe\r\ncaav.exe\r\ncaavcmdscan.exe\r\ncaavguiscan.exe\r\ncaf.exe\r\ncafw.exe\r\ncaissdt.exe\r\ncalogdump.exe\r\ncapfaem.exe\r\ncapfasem.exe\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 11 of 28\n\ncapfsem.exe\r\ncapmuamagt.exe\r\ncappactiveprotection.exe\r\ncasc.exe\r\ncasecuritycenter.exe\r\ncaunst.exe\r\ncavrep.exe\r\ncavrid.exe\r\ncavscan.exe\r\ncavtray.exe\r\nccap.exe\r\nccapp.exe\r\nccemflsv.exe\r\nccenter.exe\r\nccevtmgr.exe\r\nccflic0.exe\r\nccflic4.exe\r\ncclaw.exe\r\nccmmessaging.exe\r\nccnfagent.exe\r\nccprovsp.exe\r\nccproxy.exe\r\nccpxysvc.exe\r\nccschedulersvc.exe\r\nccsetmgr.exe\r\nccsmagtd.exe\r\nccsvchst.exe\r\nccsystemreport.exe\r\ncctray.exe\r\nccupdate.exe\r\ncdm.exe\r\ncertificateprovider.exe\r\ncertificationmanagerservicent.exe\r\ncfftplugin.exe\r\ncfnotsrvd.exe\r\ncfp.exe\r\ncfpconfg.exe\r\ncfpconfig.exe\r\ncfplogvw.exe\r\ncfpsbmit.exe\r\ncfpupdat.exe\r\ncfsmsmd.exe\r\ncheckup.exe\r\nchrome.exe\r\ncis.exe\r\ncistray.exe\r\ncka.exe\r\nclamscan.exe\r\nclamtray.exe\r\nclamwin.exe\r\nclient.exe\r\nclient64.exe\r\nclps.exe\r\nclpsla.exe\r\nclpsls.exe\r\nclshield.exe\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 12 of 28\n\ncmdagent.exe\r\ncmdinstall.exe\r\ncmgrdian.exe\r\ncntaosmgr.exe\r\ncollwrap.exe\r\ncomhost.exe\r\nconfig_api_service.exe\r\nconsole.exe\r\ncontrol_panel.exe\r\ncoreframeworkhost.exe\r\ncoreserviceshell.exe\r\ncpd.exe\r\ncpdclnt.exe\r\ncpf.exe\r\ncpntsrv.exe\r\ncramtray.exe\r\ncrashrep.exe\r\ncrdm.exe\r\ncrssvc.exe\r\ncsacontrol.exe\r\ncsadmin.exe\r\ncsauth.exe\r\ncsdbsync.exe\r\ncsfalconservice.exe\r\ncsinject.exe\r\ncsinsm32.exe\r\ncsinsmnt.exe\r\ncslog.exe\r\ncsmon.exe\r\ncsradius.exe\r\ncsrss_tc.exe\r\ncssauth.exe\r\ncstacacs.exe\r\nctdataload.exe\r\ncwbunnav.exe\r\ncylancesvc.exe\r\ncylanceui.exe\r\ndao_log.exe\r\ndbeng50\r\ndbeng50.exe\r\ndbserv.exe\r\ndbsnmp\r\ndbsnmp.exe\r\ndbsrv9.exe\r\ndefwatch\r\ndefwatch.exe\r\ndeloeminfs.exe\r\ndeteqt.agent.exe\r\ndiskmon.exe\r\ndjsnetcn.exe\r\ndlservice.exe\r\ndltray.exe\r\ndolphincharge.e\r\ndolphincharge.exe\r\ndoscan.exe\r\ndpmra.exe\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 13 of 28\n\ndr_serviceengine.exe\r\ndrwagntd.exe\r\ndrwagnui.exe\r\ndrweb.exe\r\ndrweb32.exe\r\ndrweb32w.exe\r\ndrweb386.exe\r\ndrwebcgp.exe\r\ndrwebcom.exe\r\ndrwebdc.exe\r\ndrwebmng.exe\r\ndrwebscd.exe\r\ndrwebupw.exe\r\ndrwebwcl.exe\r\ndrwebwin.exe\r\ndrwinst.exe\r\ndrwupgrade.exe\r\ndsmcad.exe\r\ndsmcsvc.exe\r\ndwarkdaemon.exe\r\ndwengine.exe\r\ndwhwizrd.exe\r\ndwnetfilter.exe\r\ndwrcst.exe\r\ndwwin.exe\r\nedisk.exe\r\neeyeevnt.exe\r\negui.exe\r\nehttpsrv.exe\r\nekrn.exe\r\nelogsvc.exe\r\nemlibupdateagentnt.exe\r\nemlproui.exe\r\nemlproxy.exe\r\nencsvc\r\nencsvc.exe\r\nendpointsecurity.exe\r\nengineserver.exe\r\nentitymain.exe\r\nepmd.exe\r\nera.exe\r\nerlsrv.exe\r\nesecagntservice.exe\r\nesecservice.exe\r\nesmagent.exe\r\netagent.exe\r\netconsole3.exe\r\netcorrel.exe\r\netloganalyzer.exe\r\netreporter.exe\r\netrssfeeds.exe\r\netscheduler.exe\r\netwcontrolpanel.exe\r\neuqmonitor.exe\r\neventparser.exe\r\nevtarmgr.exe\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 14 of 28\n\nevtmgr.exe\r\nevtprocessecfile.exe\r\newidoctrl.exe\r\nexcel\r\nexcel.exe\r\nexecstat.exe\r\nfameh32.exe\r\nfcappdb.exe\r\nfcdblog.exe\r\nfch32.exe\r\nfchelper64.exe\r\nfcsms.exe\r\nfcssas.exe\r\nfih32.exe\r\nfirefox\r\nfirefox.exe\r\nfirefoxconfig.exe\r\nfiresvc.exe\r\nfiretray.exe\r\nfirewallgui.exe\r\nfmon.exe\r\nfnplicensingservice.exe\r\nforcefield.exe\r\nfpavserver.exe\r\nfprottray.exe\r\nframeworkservic\r\nframeworkservic.exe\r\nframeworkservice.exe\r\nfrzstate2k.exe\r\nfsaa.exe\r\nfsaua.exe\r\nfsav32.exe\r\nfsavgui.exe\r\nfscuif.exe\r\nfsdfwd.exe\r\nfsgk32.exe\r\nfsgk32st.exe\r\nfsguidll.exe\r\nfsguiexe.exe\r\nfshdll32.exe\r\nfshoster32.exe\r\nfshoster64.exe\r\nfsm32.exe\r\nfsma32.exe\r\nfsmb32.exe\r\nfsorsp.exe\r\nfspc.exe\r\nfspex.exe\r\nfsqh.exe\r\nfssm32.exe\r\nfwcfg.exe\r\nfwinst.exe\r\nfws.exe\r\ngcascleaner.exe\r\ngcasdtserv.exe\r\ngcasinstallhelper.exe\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 15 of 28\n\ngcasnotice.exe\r\ngcasserv.exe\r\ngcasservalert.exe\r\ngcasswupdater.exe\r\ngdfirewalltray.exe\r\ngdfwsvc.exe\r\ngdscan.exe\r\ngfireporterservice.exe\r\nghost_2.exe\r\nghosttray.exe\r\ngiantantispywaremain.exe\r\ngiantantispywareupdater.exe\r\ngooglecrashhandler.exe\r\ngooglecrashhandler64.exe\r\ngoogleupdate.exe\r\ngziface.exe\r\ngzserv.exe\r\nhasplmv.exe\r\nhdb.exe\r\nhealthservice.exe\r\nhpqwmiex.exe\r\nhwapi.exe\r\nicepack.exe\r\nidsinst.exe\r\niface.exe\r\nigateway.exe\r\nilicensesvc.exe\r\ninet_gethost.exe\r\ninfopath\r\ninfopath.exe\r\ninicio.exe\r\ninonmsrv.exe\r\ninorpc.exe\r\ninort.exe\r\ninotask.exe\r\ninoweb.exe\r\nisafe.exe\r\nisafinst.exe\r\nisntsmtp.exe\r\nisntsysmonitor\r\nispwdsvc.exe\r\nisqlplussvc\r\nisqlplussvc.exe\r\nisscsf.exe\r\nissdaemon.exe\r\nissvc.exe\r\nisuac.exe\r\niswmgr.exe\r\nitmrt_supportdiagnostics.exe\r\nitmrt_trace.exe\r\nitmrtsvc.exe\r\nixaptsvc.exe\r\nixavsvc.exe\r\nixfwsvc.exe\r\nkabackreport.exe\r\nkaccore.exe\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 16 of 28\n\nkanmcmain.exe\r\nkansgui.exe\r\nkansvr.exe\r\nkb891711.exe\r\nkeysvc.exe\r\nkis.exe\r\nkislive.exe\r\nkissvc.exe\r\nklnacserver.exe\r\nklnagent.exe\r\nklserver.exe\r\nklswd.exe\r\nklwtblfs.exe\r\nkmailmon.exe\r\nknownsvr.exe\r\nknupdatemain.exe\r\nkpf4gui.exe\r\nkpf4ss.exe\r\nkpfw32.exe\r\nkpfwsvc.exe\r\nkrbcc32s.exe\r\nkswebshield.exe\r\nkvdetech.exe\r\nkvmonxp.kxp\r\nkvmonxp_2.kxp\r\nkvolself.exe\r\nkvsrvxp.exe\r\nkvsrvxp_1.exe\r\nkvxp.kxp\r\nkwatch.exe\r\nkwsprod.exe\r\nkxeserv.exe\r\nleventmgr.exe\r\nlivesrv.exe\r\nlmon.exe\r\nlog_qtine.exe\r\nloggetor.exe\r\nloggingserver.exe\r\nluall.exe\r\nlucallbackproxy.exe\r\nlucoms.exe\r\nlucoms~1.exe\r\nlucomserver.exe\r\nlwdmserver.exe\r\nmacmnsvc.exe\r\nmacompatsvc.exe\r\nmanagementagenthost.exe\r\nmanagementagentnt.exe\r\nmantispm.exe\r\nmasalert.exe\r\nmassrv.exe\r\nmasvc.exe\r\nmbamservice.exe\r\nmbamtray.exe\r\nmcagent.exe\r\nmcapexe.exe\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 17 of 28\n\nmcappins.exe\r\nmcconsol.exe\r\nmcdash.exe\r\nmcdetect.exe\r\nmcepoc.exe\r\nmcepocfg.exe\r\nmcinfo.exe\r\nmcmnhdlr.exe\r\nmcmscsvc.exe\r\nmcnasvc.exe\r\nmcods.exe\r\nmcpalmcfg.exe\r\nmcpromgr.exe\r\nmcproxy.exe\r\nmcregwiz.exe\r\nmcsacore.exe\r\nmcscript_inuse.exe\r\nmcshell.exe\r\nmcshield.exe\r\nmcshld9x.exe\r\nmcsvhost.exe\r\nmcsysmon.exe\r\nmctray.exe\r\nmctskshd.exe\r\nmcui32.exe\r\nmcuimgr.exe\r\nmcupdate.exe\r\nmcupdmgr.exe\r\nmcvsftsn.exe\r\nmcvsrte.exe\r\nmcvsshld.exe\r\nmcwce.exe\r\nmcwcecfg.exe\r\nmfeann.exe\r\nmfecanary.exe\r\nmfeesp.exe\r\nmfefire.exe\r\nmfefw.exe\r\nmfehcs.exe\r\nmfemactl.exe\r\nmfemms.exe\r\nmfetp.exe\r\nmfevtps.exe\r\nmfewc.exe\r\nmfewch.exe\r\nmgavrtcl.exe\r\nmghtml.exe\r\nmgntsvc.exe\r\nmonitoringhost.exe\r\nmonsvcnt.exe\r\nmonsysnt.exe\r\nmpcmdrun.exe\r\nmpf.exe\r\nmpfagent.exe\r\nmpfconsole.exe\r\nmpfservice.exe\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 18 of 28\n\nmpfsrv.exe\r\nmpftray.exe\r\nmps.exe\r\nmpsevh.exe\r\nmpsvc.exe\r\nmrf.exe\r\nmsaccess\r\nmsaccess.exe\r\nmsascui.exe\r\nmscifapp.exe\r\nmsdtssrvr.exe\r\nmsftesql.exe\r\nmskagent.exe\r\nmskdetct.exe\r\nmsksrver.exe\r\nmsksrvr.exe\r\nmsmdsrv.exe\r\nmsmpeng.exe\r\nmspmspsv.exe\r\nmspub\r\nmspub.exe\r\nmsscli.exe\r\nmsseces.exe\r\nmsssrv.exe\r\nmusnotificationux.exe\r\nmvdesktopservice\r\nmyagttry.exe\r\nmydesktopqos\r\nmydesktopqos.exe\r\nmydesktopservice.exe\r\nmysqld.exe\r\nmysqld-nt.exe\r\nmysqld-opt.exe\r\nnailgpip.exe\r\nnaprdmgr.exe\r\nnavectrl.exe\r\nnavelog.exe\r\nnavesp.exe\r\nnavshcom.exe\r\nnavw32.exe\r\nnavwnt.exe\r\nncdaemon.exe\r\nnd2svc.exe\r\nndetect.exe\r\nndrvs.exe\r\nndrvx.exe\r\nneotrace.exe\r\nnerosvc.exe\r\nnetalertclient.exe\r\nnetcfg.exe\r\nnetsession_win.exe\r\nnetworkagent.exe\r\nnexe\r\nngctw32.exe\r\nngserver.exe\r\nnimbus.exe\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 19 of 28\n\nnimcluster.exe\r\nnip.exe\r\nnipsvc.exe\r\nnisoptui.exe\r\nnisserv.exe\r\nnissrv.exe\r\nnisum.exe\r\nnjeeves.exe\r\nnlclient.exe\r\nnlsvc.exe\r\nnmagent.exe\r\nnmain.exe\r\nnortonsecurity.exe\r\nnotepad\r\nnpfmntor.exe\r\nnpfmsg.exe\r\nnpfmsg2.exe\r\nnpfsvice.exe\r\nnpmdagent.exe\r\nnprotect.exe\r\nnpscheck.exe\r\nnpssvc.exe\r\nnrmenctb.exe\r\nnscsrvce.exe\r\nnsctop.exe\r\nnslocollectorservice.exe\r\nnsmdemf.exe\r\nnsmdmon.exe\r\nnsmdreal.exe\r\nnsmdsch.exe\r\nnsmdtr.exe\r\nntcaagent.exe\r\nntcadaemon.exe\r\nntcaservice.exe\r\nntevl.exe\r\nntrtscan.exe\r\nntservices.exe\r\nnvcoas.exe\r\nnvcsched.exe\r\nnymse.exe\r\noasclnt.exe\r\nocautoupds\r\nocautoupds.exe\r\nocomm\r\nocomm.exe\r\nocssd\r\nocssd.exe\r\noespamtest.exe\r\nofcdog.exe\r\nofcpfwsvc.exe\r\nokclient.exe\r\nolfsnt40.exe\r\nomniagent.exe\r\nomslogmanager.exe\r\nomtsreco.exe\r\nonenote\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 20 of 28\n\nonenote.exe\r\nonlinent.exe\r\nonlnsvc.exe\r\nop_viewer.exe\r\nopscan.exe\r\noracle\r\noracle.exe\r\noutlook\r\noutlook.exe\r\noutpost.exe\r\npaamsrv.exe\r\npadfsvr.exe\r\npagent.exe\r\npagentwd.exe\r\npasystemtray.exe\r\npatch.exe\r\npatrolagent.exe\r\npatrolperf.exe\r\npavbckpt.exe\r\npavfires.exe\r\npavfnsvr.exe\r\npavjobs.exe\r\npavkre.exe\r\npavmail.exe\r\npavreport.exe\r\npavsched.exe\r\npavsrv50.exe\r\npavsrv51.exe\r\npavsrv52.exe\r\npavupg.exe\r\npaxton.net2.clientservice.exe\r\npaxton.net2.commsserverservice.exe\r\npccclient.exe\r\npccguide.exe\r\npcclient.exe\r\npccnt.exe\r\npccntmon.exe\r\npccntupd.exe\r\npccpfw.exe\r\npcctlcom.exe\r\npcscan.exe\r\npcscm.exe\r\npcscnsrv.exe\r\npcsws.exe\r\npctsauxs.exe\r\npctsgui.exe\r\npctssvc.exe\r\npctstray.exe\r\npep.exe\r\npersfw.exe\r\npmgreader.exe\r\npmon.exe\r\npnmsrv.exe\r\npntiomon.exe\r\npop3pack.exe\r\npop3trap.exe\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 21 of 28\n\npoproxy.exe\r\npowerpnt\r\npowerpnt.exe\r\nppclean.exe\r\nppctlpriv.exe\r\nppmcativedetection.exe\r\nppppwallrun.exe\r\npqibrowser.exe\r\npqv2isvc.exe\r\npralarmmgr.exe\r\nprcalculationmgr.exe\r\nprconfigmgr.exe\r\nprdatabasemgr.exe\r\npremailengine.exe\r\npreventmgr.exe\r\nprevsrv.exe\r\nprftpengine.exe\r\nprgateway.exe\r\nprintdevice.exe\r\nprivacyiconclient.exe\r\nprlicensemgr.exe\r\nprocexp.exe\r\nproficyadministrator.exe\r\nproficyclient.exe4\r\nproficypublisherservice.exe\r\nproficyserver.exe\r\nproficysts.exe\r\nproutil.exe\r\nprprintserver.exe\r\nprproficymgr.exe\r\nprrds.exe\r\nprreader.exe\r\nprrouter.exe\r\nprschedulemgr.exe\r\nprstubber.exe\r\nprsummarymgr.exe\r\nprunsrv.exe\r\nprwriter.exe\r\npsanhost.exe\r\npsctris.exe\r\npsctrls.exe\r\npsh_svc.exe\r\npshost.exe\r\npsimreal.exe\r\npsimsvc.exe\r\npskmssvc.exe\r\npsuamain.exe\r\npsuaservice.exe\r\npthosttr.exe\r\npview.exe\r\npviewer.exe\r\npwdfilthelp.exe\r\npxemtftp.exe\r\npxeservice.exe\r\nqclean.exe\r\nqdcsfs.exe\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 22 of 28\n\nqoeloader.exe\r\nqserver.exe\r\nrapapp.exe\r\nrapuisvc.exe\r\nras.exe\r\nrasupd.exe\r\nrav.exe\r\nravmon.exe\r\nravmond.exe\r\nravservice.exe\r\nravstub.exe\r\nravtask.exe\r\nravtray.exe\r\nravupdate.exe\r\nravxp.exe\r\nrcsvcmon.exe\r\nrdrcef.exe\r\nrealmon.exe\r\nredirsvc.exe\r\nregmech.exe\r\nremupd.exe\r\nrepmgr64.exe\r\nreportersvc.exe\r\nreportingservicesservice.exe\r\nreportsvc.exe\r\nretinaengine.exe\r\nrfwmain.exe\r\nrfwproxy.exe\r\nrfwsrv.exe\r\nrfwstub.exe\r\nrnav.exe\r\nrnreport.exe\r\nrouternt.exe\r\nrpcserv.exe\r\nrscd.exe\r\nrscdsvc.exe\r\nrsnetsvr.exe\r\nrssensor.exe\r\nrstray.exe\r\nrtvscan.exe\r\nrulaunch.exe\r\nsafeservice.exe\r\nsahookmain.exe\r\nsaservice.exe\r\nsav32cli.exe\r\nsavfmsectrl.exe\r\nsavfmselog.exe\r\nsavfmsesjm.exe\r\nsavfmsesp.exe\r\nsavfmsespamstatsmanager.exe\r\nsavfmsesrv.exe\r\nsavfmsetask.exe\r\nsavfmseui.exe\r\nsavmain.exe\r\nsavroam.exe\r\nsavscan.exe\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 23 of 28\n\nsavservice.exe\r\nsavui.exe\r\nsbamsvc.exe\r\nsbserv.exe\r\nscan32.exe\r\nscanexplicit.exe\r\nscanfrm.exe\r\nscanmailoutlook.exe\r\nscanmsg.exe\r\nscanwscs.exe\r\nscfagent_64.exe\r\nscfmanager.exe\r\nscfservice.exe\r\nscftray.exe\r\nschdsrvc.exe\r\nschupd.exe\r\nsdrservice.exe\r\nsdtrayapp.exe\r\nseanalyzertool.exe\r\nseccenter.exe\r\nsecuritycenter.exe\r\nsecuritymanager.exe\r\nseestat.exe\r\nsemsvc.exe\r\nserver_eventlog.exe\r\nserver_runtime.exe\r\nsesclu.exe\r\nsetloadorder.exe\r\nsetupguimngr.exe\r\nsevinst.exe\r\nsgbhp.exe\r\nshstat.exe\r\nsidebar.exe\r\nsiteadv.exe\r\nslee81.exe\r\nsmc.exe\r\nsmcgui.exe\r\nsmex_activeupda\r\nsmex_master.exe\r\nsmex_remoteconf\r\nsmex_systemwatc\r\nsmoutlookpack.exe\r\nsms.exe\r\nsmsectrl.exe\r\nsmselog.exe\r\nsmsesjm.exe\r\nsmsesp.exe\r\nsmsesrv.exe\r\nsmsetask.exe\r\nsmseui.exe\r\nsmsx.exe\r\nsnac.exe\r\nsndmon.exe\r\nsndsrvc.exe\r\nsnhwsrv.exe\r\nsnicheckadm.exe\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 24 of 28\n\nsnichecksrv.exe\r\nsnicon.exe\r\nsnsrv.exe\r\nspbbcsvc.exe\r\nspideragent.exe\r\nspiderml.exe\r\nspidernt.exe\r\nspiderui.exe\r\nspntsvc.exe\r\nspooler.exe\r\nspyemergency.exe\r\nspyemergencysrv.exe\r\nsqbcoreservice\r\nsqbcoreservice.exe\r\nsql\r\nsqlagent.exe\r\nsqlbrowser.exe\r\nsqlservr.exe\r\nsqlwriter.exe\r\nsrvload.exe\r\nsrvmon.exe\r\nsschk.exe\r\nssecuritymanager.exe\r\nssm.exe\r\nssp.exe\r\nssscheduler.exe\r\nstarta.exe\r\nsteam\r\nsteam.exe\r\nstinger.exe\r\nstopa.exe\r\nstopp.exe\r\nstwatchdog.exe\r\nsvcgenerichost\r\nsvcharge.exe\r\nsvcntaux.exe\r\nsvdealer.exe\r\nsvframe.exe\r\nsvtray.exe\r\nswc_service.exe\r\nswdsvc.exe\r\nsweepsrv.sys\r\nswi_service.exe\r\nswnetsup.exe\r\nswnxt.exe\r\nswserver.exe\r\nsymlcsvc.exe\r\nsymproxysvc.exe\r\nsymsport.exe\r\nsymtray.exe\r\nsymwsc.exe\r\nsynctime\r\nsynctime.exe\r\nsysdoc32.exe\r\nsysoptenginesvc.exe\r\ntaskhostw.exe\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 25 of 28\n\ntbirdconfig\r\ntbirdconfig.exe\r\ntbmon.exe\r\ntclproc.exe\r\ntdimon.exe\r\nteamviewer_service.exe\r\ntfgui.exe\r\ntfservice.exe\r\ntftray.exe\r\ntfun.exe\r\nthebat\r\nthebat.exe\r\nthebat64.exe\r\nthunder bird\r\nthunderbird.exe\r\ntiaspn~1.exe\r\ntmas.exe\r\ntmlisten.exe\r\ntmntsrv.exe\r\ntmpfw.exe\r\ntmproxy.exe\r\ntnbutil.exe\r\ntnslsnr.exe\r\ntoolbarupdater.exe\r\ntpsrv.exe\r\ntraflnsp.exe\r\ntraptrackermgr.exe\r\ntrjscan.exe\r\ntrupd.exe\r\ntsansrf.exe\r\ntsatisy.exe\r\ntscutynt.exe\r\ntsmpnt.exe\r\nucservice.exe\r\nudaterui.exe\r\nuiseagnt.exe\r\nuiwatchdog.exe\r\numxagent.exe\r\numxcfg.exe\r\numxfwhlp.exe\r\numxpol.exe\r\nunsecapp.exe\r\nunvet32.exe\r\nup2date.exe\r\nupdate_task.exe\r\nupdaterui.exe\r\nupdtnv28.exe\r\nupfile.exe\r\nuplive.exe\r\nuploadrecord.exe\r\nupschd.exe\r\nurl_response.exe\r\nurllstck.exe\r\nuseractivity.exe\r\nuseranalysis.exe\r\nusergate.exe\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 26 of 28\n\nusrprmpt.exe\r\nv2iconsole.exe\r\nv3clnsrv.exe\r\nv3exec.exe\r\nv3imscn.exe\r\nv3lite.exe\r\nv3main.exe\r\nv3medic.exe\r\nv3sp.exe\r\nv3svc.exe\r\nvetmsg.exe\r\nvettray.exe\r\nvgauthservice.exe\r\nvisio.exe\r\nvmacthlp.exe\r\nvmtoolsd.exe\r\nvmware-converter.exe\r\nvmware-converter-a.exe\r\nvmwaretray.exe\r\nvpatch.exe\r\nvpc32.exe\r\nvpdn_lu.exe\r\nvprosvc.exe\r\nvprot.exe\r\nvptray.exe\r\nvrv.exe\r\nvrvmail.exe\r\nvrvmon.exe\r\nvrvnet.exe\r\nvshwin32.exe\r\nvsmain.exe\r\nvsmon.exe\r\nvsserv.exe\r\nvsstat.exe\r\nvstskmgr.exe\r\nwebproxy.exe\r\nwebscanx.exe\r\nwebsensecontrolservice.exe\r\nwebtrapnt.exe\r\nwfxctl32.exe\r\nwfxmod32.exe\r\nwfxsnt40.exe\r\nwin32sysinfo.exe\r\nwinlog.exe\r\nwinroute.exe\r\nwinvnc4.exe\r\nwinword\r\nwinword.exe\r\nwordpad\r\nwordpad.exe\r\nworkflowresttest.exe\r\nwrctrl.exe\r\nwrsa.exe\r\nwrspysetup.exe\r\nwscntfy.exe\r\nwssfcmai.exe\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 27 of 28\n\nwtusystemsuport.exe\r\nxcommsvr.exe\r\nxfilter.exe\r\nxfssvccon\r\nxfssvccon.exe\r\nzanda.exe\r\nzapro.exe\r\nzavcore.exe\r\nzillya.exe\r\nzlclient.exe\r\nzlh.exe\r\nzonealarm.exe\r\nzoolz.exe\r\nSource: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-Ne\r\nw%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt\r\nPage 28 of 28",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/h/new-golang-ransomware-agenda-customizes-attacks/IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt"
	],
	"report_names": [
		"IOCs-blog-New%20Golang%20Ransomware%20Agenda%20Customizes%20Attacks.txt"
	],
	"threat_actors": [],
	"ts_created_at": 1775434069,
	"ts_updated_at": 1775791244,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/078faf0bdd41e841b50f51f90602d247677e7328.pdf",
		"text": "https://archive.orkl.eu/078faf0bdd41e841b50f51f90602d247677e7328.txt",
		"img": "https://archive.orkl.eu/078faf0bdd41e841b50f51f90602d247677e7328.jpg"
	}
}