Analysis Overview
SHA256
d01cffe070482ab9514faca52a0709b4dacd9e4e7e9a9cbab85764a5e2697227
Threat Level: Known bad
The file Wave DOWNLOAD.zip was found to be: Known bad.
Malicious Activity Summary
Xworm
Detect Xworm Payload
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Executes dropped EXE
Checks computer location settings
Drops startup file
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Unsigned PE
Modifies data under HKEY_USERS
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Creates scheduled task(s)
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 17:04
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 17:04
Reported
2024-05-26 17:07
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Wave.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemFiles.lnk | C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemFiles.lnk | C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe | N/A |
Executes dropped EXE
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SystemFiles = "C:\\Users\\Admin\\AppData\\Roaming\\SystemFiles.exe" | C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\dwm.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\dwm.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe'
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'RobloxWave.exe'
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\SystemFiles.exe'
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'SystemFiles.exe'
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "SystemFiles" /tr "C:\Users\Admin\AppData\Roaming\SystemFiles.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe"
C:\Users\Admin\AppData\Roaming\SystemFiles.exe
C:\Users\Admin\AppData\Roaming\SystemFiles.exe
C:\Users\Admin\AppData\Roaming\SystemFiles.exe
C:\Users\Admin\AppData\Roaming\SystemFiles.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| DE | 212.132.117.91:7000 | tcp | |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.117.132.212.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/1984-0-0x0000000000550000-0x0000000000568000-memory.dmp
memory/1984-1-0x00007FFEB3963000-0x00007FFEB3965000-memory.dmp
memory/1984-2-0x00007FFEB3960000-0x00007FFEB4421000-memory.dmp
memory/728-3-0x00007FFEB3960000-0x00007FFEB4421000-memory.dmp
memory/728-4-0x00007FFEB3960000-0x00007FFEB4421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
| MD5 | 502b4c8dccb8a1e6b90b8032194108c2 |
| SHA1 | ad69c21be3cd3e83be40501bdf76a6fe96024cbc |
| SHA256 | 20db1859e65932b3323b235f733f33634aa26a3022013f4fc84f3fda57e868e4 |
| SHA512 | 434876fbdb026a2d89bf7d37b224f7b64f3895dfc21efe8895b4f1543a9db10a4db12980286f507eb52b6a24a5b0ff277425fd0e627007effd1cd0e9db7332d0 |
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
| MD5 | 8caf34cb994e9158a4653c9bc768b4e4 |
| SHA1 | ff734d32b734f51bc3465d1324637b2af13b8523 |
| SHA256 | 45bf11f807615f20f9d7e96eb0ea13ea3d3c256ca01a1b888b9a0c99f12c19da |
| SHA512 | a6e0ec8244d0dfa62d682b05b0732e81cfa86df7175fffa789d1f9c9d7eadd689341b4c5d306307af0b4c36fc702db34c3d8b85fe26461bd896b43d150c5083f |
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
| MD5 | e243e91e82b9fc62ac0c2ed9dce9d852 |
| SHA1 | f1be023d3ac37f8adaf2c56772a6db5a33b9a9a1 |
| SHA256 | 7ac50babc952e142cc0db8e6e806f7515557952bcdc8b52cb2c47124f0719420 |
| SHA512 | 8aec13035e4216ee2193d893a55a52273cccee0bb65828d6a702c179f6ca7ed44307a43d3c27b45e09fe014c83db71bd10d88c6911a1922558421d53ca472d79 |
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
| MD5 | df4856ec53cf95fd4fffb1f7006ae48e |
| SHA1 | baf89c93c782629e3bd70bb4c14b5c3643ce3f31 |
| SHA256 | 7553592fed3ce4a03b915c1e8e01672db8f43c609030ba8e2309c3654d9f7b68 |
| SHA512 | a0ab3427f6b8396d5f13f7de7e46426978ffda0b892858bc56becd96e99d20a3cb39d7f53984ce7d5bb82b95491a604f862f1bf6212b7c6737f28f85d9f2a272 |
C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
| MD5 | 898643f9b1ee99a7801f283e2348d84b |
| SHA1 | e8c2cfcd8bc2f1ad498a5f85bca18cb835e3996c |
| SHA256 | 122748cd4c77c507bd225cebcf47285cd6941ea23c3c1672fc1a9decc1946a64 |
| SHA512 | aaf1a129ad426e039bfc572accd8e900a2695e89a91627467075e89d51b0e451b1cc4de49a96089ee2dd92acf02221b09630d731e87c7013f668be8e9c12b4f6 |
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
| MD5 | 906222de39e992a88c776a1ee489c73e |
| SHA1 | 7ba53c90374aebdf0ae9e621bcb68190a3855306 |
| SHA256 | 61ab41beae3d34ff3739097d9f50ab3ea8f979fea21d5a54dac593a19b399f55 |
| SHA512 | e1b390c6a48a8eccacc88f95b03aa62103a26c3b59dd2447830a2cba0034f690f2b0d0b146ab1d3eb9bf854abc04c5370c29bdb381ad4b563405ad476febd061 |
C:\Users\Admin\AppData\Local\Temp\RobloxWave.exe
| MD5 | 50f7714ef6047f2a28181da9084ba49b |
| SHA1 | 76431463450d17c71a6425bf4d27130915767832 |
| SHA256 | 42f7bcde1494abad80e8ee4d9c4391f60263b01c06981b48f9bf1d1fe5bd5060 |
| SHA512 | 9fb9b9b1ff22eb36e187b75507f1998f60f88229c474765334292696ed99459fe792025ba1d7343d66c0a831dd5fd6c59cf99ff554f54795bc1f50b90e45a3f4 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Wave.exe.log
| MD5 | b78f0793c3ef1d417e56d34b656b40bb |
| SHA1 | 4a622f8022516098cb5aae35a5953bde039111a7 |
| SHA256 | 67090a383e35cf075d5c0f0c1d78c4e4b805de6aa951b5d4dd01fd9ae8ccdcfb |
| SHA512 | ab3fb91602bd6f070d9b060da4a26d01869e9b23e319db9164d2e251b2c47db690da0f832e69a45c03bc99919942ef516a0b157cfa0aaea84e64b1e90ae5b933 |
memory/7692-72-0x0000000000C20000-0x0000000000C3A000-memory.dmp
memory/8580-89-0x000001E6D3EC0000-0x000001E6D3EE2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0dzyc2k4.jxg.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1984-136-0x00007FFEB3963000-0x00007FFEB3965000-memory.dmp
memory/16348-138-0x00007FFED1910000-0x00007FFED1B05000-memory.dmp
memory/1984-139-0x00007FFEB3960000-0x00007FFEB4421000-memory.dmp
memory/728-140-0x00007FFEB3960000-0x00007FFEB4421000-memory.dmp