Different versions of modified ZammoCide as Anti-AV used by CrazyHunter in its attacks Version 1 Filename: C:\Windows\SYSVOL\domain\aa.exe Compiler: C++ File size: 145KB Arguments: --pid, --path, --loop Default Path: C:\Users\jak\Downloads\ zam64.sys PDB: C:\Users\fake\Downloads\ZammOcide-master\x64\Release\ zam64_PoC.pdb Terminated Processes: SecurityHealthService.exe MsMpEng.exe EndpointBasecamp.exe PccNTMon.exe PccNt.exe Ntrtscan.exe Version 2 Version 3 Version 4 Filename: C:\Users\Public\05Application1(1).exe Filename: C:\Users\Public\cc.exe Filename: C:\Users\Public\av-1m.exe Compiler: C++ Compiler: C++ Compiler: C++ File size: 445KB File size: 75KB File size: 1.22MB Arguments: --pid, --loop Default Path: C:\Users\public\zam64.sys PDB: D:\Dev\05Application1\x64\Release\05Application1.pdb Terminated Processes: SecurityHealthService.exe NisSrv.exe MsMpEng.exe MsMpEng.exe PccNt.exe EndpointBasecamp.exe EndpointBasecamp.exe EndpointBasecamp.exe PccNTMon.exe PccNTMon.exe PccNTMon.exe PccNt.exe PccNt.exe TmListen.exe Ntrtscan.exe Ntrtscan.exe Ntrtscan.exe NTRTScan.exe NTRTScan.exe MsSense.exe MsMpEng.exe NisSrv.exe MsSense.exe TmCCSF.exe SecurityHealthService.exe TMBMSRV.exe TMBMSRV.exe TmListen.exe SenseTVM.exe CNTAoSMgr.exe TmCCSF.exe SenseTVM.exe CNTAoSMgr.exe CETASvc.exe WSCommunicator.exe dsagent.exe SupportConnector.exe avguard.exe avshadow.exe avgnt.exe Avira.Systray.exe MpCmdRun.exe SecurityHealthService.exe Version 5 79c3fd97d33e114f8681c565f983cd8b8f9d8d93 b6737248f7baed88177658598002df5433155450 Filename: C:\Users\Public\go.exe Compiler: Go File size: 2.22MB Arguments: --pid, --loop Default Path: C:\Users\public\zam64.sys PDB: Not available Terminated Processes: MsMpEng.exe EndpointBasecamp.exe PccNTMon.exe PccNt.exe Ntrtscan.exe NTRTScan.exe MsSense.exe NisSrv.exe TmCCSF.exe TMBMSRV.exe TmListen.exe CNTAoSMgr.exe SenseTVM.exe CETASvc.exe WSCommunicator.exe dsagent.exe SupportConnector.exe avguard.exe avshadow.exe avgnt.exe Avira.Systray.exe MpCmdRun.exe SecurityHealthService.exe