Windows Analysis Report
krampus.exe

Overview

General Information

Sample name: krampus.exe
Analysis ID: 1579544
MD5: 6cd355fe43bb4517b5815ff52d6e8a0e
SHA1: b59ecfe2b863435bcb92bee9f56930b1586b0d87
SHA256: 808f098b303d6143e317dd8dae9e67ac8d2bcb445427d221aa9ad838aa150de3
Infos:

Detection

Score: 22
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Modifies existing user documents (likely ransomware behavior)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files

Classification

Source: krampus.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://.css
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://.jpg
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://html4/loose.dtd
Source: krampus.exe String found in binary or memory: http://narwhaljs.org)
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: krampus.exe String found in binary or memory: http://www.3waylabs.com/nw/WWW/products/wizcon/vt220.html
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.unicode.org/copyright.html
Source: krampus.exe String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10201
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10704
Source: krampus.exe, 00000000.00000003.1706746734.0000018215B31000.00000004.00000020.00020000.00000000.sdmp, krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000003.1714907315.00000105DE440000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=6593
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: krampus.exe String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://console.spec.whatwg.org/#clear
Source: krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://console.spec.whatwg.org/#count
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://console.spec.whatwg.org/#table
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://crbug.com/v8/7848
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://crbug.com/v8/8520
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://encoding.spec.whatwg.org
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: krampus.exe String found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/acornjs/acorn/issues/575
Source: krampus.exe String found in binary or memory: https://github.com/antirez/linenoise
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/chalk/supports-color
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/isaacs/color-support.
Source: krampus.exe String found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/mafintosh/pump
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/mysticatea/abort-controller
Source: krampus.exe String found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: krampus.exe, 00000000.00000003.1715267317.0000000172F40000.00000004.00001000.00020000.00000000.sdmp, krampus.exe, 00000000.00000003.1707272048.0000018215C5D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/blob/1a96d83a223ff9f05f7d942fb84440d323f7b596/lib/internal/bootstrap/
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: krampus.exe String found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/32020
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/39707
Source: krampus.exe, 00000000.00000003.1713404259.0000018215C71000.00000004.00000020.00020000.00000000.sdmp, krampus.exe, 00000000.00000003.1716165303.0000018215C7B000.00000004.00000020.00020000.00000000.sdmp, krampus.exe, 00000000.00000003.1713909067.0000018215C71000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pul
Source: krampus.exe String found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: krampus.exe String found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: krampus.exe String found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: krampus.exe, 00000000.00000003.1715267317.0000000172F40000.00000004.00001000.00020000.00000000.sdmp, krampus.exe, 00000000.00000003.1707272048.0000018215C5D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/33229
Source: krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: krampus.exe, 00000000.00000003.1706746734.0000018215B31000.00000004.00000020.00020000.00000000.sdmp, krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000003.1714907315.00000105DE440000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: krampus.exe String found in binary or memory: https://github.com/nodejs/node/pull/38433#issuecomment-828426932
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: krampus.exe, 00000000.00000003.1715267317.0000000172F40000.00000004.00001000.00020000.00000000.sdmp, krampus.exe, 00000000.00000003.1707272048.0000018215C5D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/vercel/pkg/issues/1589
Source: krampus.exe String found in binary or memory: https://goo.gl/t5IS6M).
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: krampus.exe String found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: krampus.exe String found in binary or memory: https://invisible-island.net/xterm/ctlseqs/ctlseqs.html
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: krampus.exe String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://no-color.org/
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://nodejs.org/
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://nodejs.org/api/fs.html
Source: krampus.exe, 00000000.00000003.1715231424.000003C184F40000.00000004.00001000.00020000.00000000.sdmp, krampus.exe, 00000000.00000002.1728013400.0000018215ADC000.00000004.00000020.00020000.00000000.sdmp, krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000003.1727122321.0000018215AD8000.00000004.00000020.00020000.00000000.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://nodejs.org/download/release/v14.20.0/node-v14.20.0-headers.tar.gz
Source: krampus.exe, 00000000.00000003.1715231424.000003C184F40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/download/release/v14.20.0/node-v14.20.0-headers.tar.gzief
Source: krampus.exe, 00000000.00000003.1715231424.000003C184F40000.00000004.00001000.00020000.00000000.sdmp, krampus.exe, 00000000.00000002.1728013400.0000018215ADC000.00000004.00000020.00020000.00000000.sdmp, krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000003.1727122321.0000018215AD8000.00000004.00000020.00020000.00000000.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://nodejs.org/download/release/v14.20.0/node-v14.20.0.tar.gz
Source: krampus.exe, 00000000.00000003.1715231424.000003C184F40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/download/release/v14.20.0/node-v14.20.0.tar.gzI
Source: krampus.exe, 00000000.00000002.1728013400.0000018215ADC000.00000004.00000020.00020000.00000000.sdmp, krampus.exe, 00000000.00000003.1727122321.0000018215AD8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/download/release/v14.20.0/node-v14.20.0.tar.gzf
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://nodejs.org/download/release/v14.20.0/node-v14.20.0.tar.gzhttps://nodejs.org/download/release
Source: krampus.exe, 00000000.00000003.1715231424.000003C184F40000.00000004.00001000.00020000.00000000.sdmp, krampus.exe, 00000000.00000002.1728013400.0000018215ADC000.00000004.00000020.00020000.00000000.sdmp, krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000003.1727122321.0000018215AD8000.00000004.00000020.00020000.00000000.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://nodejs.org/download/release/v14.20.0/win-x64/node.lib
Source: krampus.exe, 00000000.00000002.1728013400.0000018215ADC000.00000004.00000020.00020000.00000000.sdmp, krampus.exe, 00000000.00000003.1727122321.0000018215AD8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/download/release/v14.20.0/win-x64/node.libF
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://sourcemaps.info/spec.html
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: krampus.exe, 00000000.00000003.1706746734.0000018215B31000.00000004.00000020.00020000.00000000.sdmp, krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000003.1714907315.00000105DE440000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: krampus.exe String found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: krampus.exe String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: krampus.exe String found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc6455#section-1.3
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: krampus.exe String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#url
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: krampus.exe String found in binary or memory: https://v8.dev/blog/v8-release-89
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: krampus.exe, 00000000.00000003.1706746734.0000018215B31000.00000004.00000020.00020000.00000000.sdmp, krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000003.1714907315.00000105DE440000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-timeclip
Source: krampus.exe String found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
Source: krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-term
Source: krampus.exe String found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: krampus.exe, 00000000.00000000.1703674809.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp, krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt

Spam, unwanted Advertisements and Ransom Demands

barindex
Source: C:\Users\user\Desktop\krampus.exe File deleted: C:\Users\user\Desktop\NWTVCDUMOB.pdf Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe File deleted: C:\Users\user\Desktop\DVWHKMNFNN.xlsx Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe File deleted: C:\Users\user\Desktop\KATAXZVCPS\KATAXZVCPS.docx Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe File deleted: C:\Users\user\Desktop\HTAGVDFUIE\NWTVCDUMOB.xlsx Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe File deleted: C:\Users\user\Desktop\KATAXZVCPS.xlsx Jump to behavior
Source: krampus.exe, 00000000.00000002.1731884680.00007FF63C787000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamenode.exe* vs krampus.exe
Source: classification engine Classification label: sus22.rans.winEXE@2/60@0/0
Source: C:\Users\user\Desktop\krampus.exe File created: C:\Users\user\Desktop\DVWHKMNFNN\NIKHQAIQAU.pdf.krampus Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7308:120:WilError_03
Source: krampus.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\krampus.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: krampus.exe String found in binary or memory: const { NativeModule } = require('internal/bootstrap/loaders');
Source: krampus.exe String found in binary or memory: const { Module } = require('internal/modules/cjs/loader');
Source: krampus.exe String found in binary or memory: const CJSModule = require('internal/modules/cjs/loader').Module;
Source: krampus.exe String found in binary or memory: throw e; /* node-do-not-add-exception-line */
Source: krampus.exe String found in binary or memory: // Mark this socket as available, AFTER user-added end
Source: C:\Users\user\Desktop\krampus.exe File read: C:\Users\user\Desktop\krampus.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\krampus.exe "C:\Users\user\Desktop\krampus.exe"
Source: C:\Users\user\Desktop\krampus.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\krampus.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: krampus.exe Static PE information: More than 8191 > 100 exports found
Source: krampus.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: krampus.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: krampus.exe Static file information: File size 31529050 > 1048576
Source: krampus.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1050600
Source: krampus.exe Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0xc83a00
Source: krampus.exe Static PE information: More than 200 imports for KERNEL32.dll
Source: krampus.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: krampus.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: krampus.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: krampus.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: krampus.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: krampus.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: krampus.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: krampus.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: krampus.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: krampus.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: krampus.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: krampus.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: krampus.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: krampus.exe Static PE information: section name: _RDATA
Source: C:\Users\user\Desktop\krampus.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: krampus.exe, 00000000.00000002.1727902619.0000018215A98000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWP
Source: krampus.exe, 00000000.00000002.1727902619.0000018215A98000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: krampus.exe, 00000000.00000002.1727902619.0000018215A98000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWws\System32\en-US\wshqos.dll.mui
Source: krampus.exe, 00000000.00000002.1730141500.00007FF63B832000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\krampus.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\CURQNKVOIX VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\CURQNKVOIX VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\CURQNKVOIX.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\CURQNKVOIX.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\IPKGELNTQY.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\NIKHQAIQAU.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\NIKHQAIQAU.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\NIKHQAIQAU.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\SQRKHNBNYN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\YPSIACHYXW.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\Excel.lnk VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\FENIVHOIKN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\GAOBCVIQIJ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE\FENIVHOIKN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE\KZWFNRXYKI.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE\KZWFNRXYKI.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE\KZWFNRXYKI.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE\NIKHQAIQAU.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\IPKGELNTQY VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\IPKGELNTQY VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\JSDNGYCOWY.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS\NIKHQAIQAU.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS\NWTVCDUMOB.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS\NWTVCDUMOB.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS\YPSIACHYXW.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\krampus.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KZWFNRXYKI.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KZWFNRXYKI.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\LTKMYBSEYZ.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\NIKHQAIQAU.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\NWTVCDUMOB.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\NWTVCDUMOB.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\NWTVCDUMOB.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\RAYHIWGKDI VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\RAYHIWGKDI VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\SQRKHNBNYN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\SUAVTZKNFL VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\SUAVTZKNFL VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\DVWHKMNFNN.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\HTAGVDFUIE.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\HTAGVDFUIE.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\HTAGVDFUIE.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\LTKMYBSEYZ.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UOOJJOZIRH VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UOOJJOZIRH VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\WUTJSCBCFX VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\WUTJSCBCFX VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\YPSIACHYXW VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\YPSIACHYXW VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\YPSIACHYXW.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\YPSIACHYXW.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\ZTGJILHXQB.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN\NIKHQAIQAU.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN\NIKHQAIQAU.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN\SQRKHNBNYN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN\YPSIACHYXW.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\FENIVHOIKN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\GAOBCVIQIJ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\FENIVHOIKN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\KZWFNRXYKI.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\KZWFNRXYKI.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\KZWFNRXYKI.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\NIKHQAIQAU.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\NWTVCDUMOB.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\ZTGJILHXQB.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\IPKGELNTQY VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\IPKGELNTQY VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\IPKGELNTQY.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\JSDNGYCOWY.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS\NIKHQAIQAU.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS\NWTVCDUMOB.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS\NWTVCDUMOB.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS\YPSIACHYXW.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KZWFNRXYKI.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\LTKMYBSEYZ.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\NIKHQAIQAU.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\NIKHQAIQAU.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\NWTVCDUMOB.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\NWTVCDUMOB.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\NWTVCDUMOB.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\NWTVCDUMOB.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\RAYHIWGKDI VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\RAYHIWGKDI VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\SQRKHNBNYN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\HTAGVDFUIE.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\HTAGVDFUIE.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\LTKMYBSEYZ.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\NWTVCDUMOB.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UOOJJOZIRH VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UOOJJOZIRH VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\WUTJSCBCFX VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\WUTJSCBCFX VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\YPSIACHYXW VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\YPSIACHYXW VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\YPSIACHYXW.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\YPSIACHYXW.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\ZTGJILHXQB.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\CURQNKVOIX.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\DVWHKMNFNN.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\FENIVHOIKN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\HTAGVDFUIE.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\HTAGVDFUIE.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\HTAGVDFUIE.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\IPKGELNTQY.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\JSDNGYCOWY.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\KZWFNRXYKI.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\KZWFNRXYKI.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\LTKMYBSEYZ.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\NIKHQAIQAU.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\NIKHQAIQAU.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\NIKHQAIQAU.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\NIKHQAIQAU.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\NWTVCDUMOB.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\NWTVCDUMOB.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\NWTVCDUMOB.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\NWTVCDUMOB.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\SQRKHNBNYN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\YPSIACHYXW.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\CURQNKVOIX VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\CURQNKVOIX VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\CURQNKVOIX.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\IPKGELNTQY.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\NIKHQAIQAU.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\SQRKHNBNYN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\YPSIACHYXW.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\YPSIACHYXW.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\FENIVHOIKN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\GAOBCVIQIJ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE\FENIVHOIKN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE\NIKHQAIQAU.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE\NWTVCDUMOB.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE\NWTVCDUMOB.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE\ZTGJILHXQB.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\IPKGELNTQY.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS\JSDNGYCOWY.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS\NIKHQAIQAU.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\krampus.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KZWFNRXYKI.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\NWTVCDUMOB.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\NWTVCDUMOB.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\RAYHIWGKDI VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\RAYHIWGKDI VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\SUAVTZKNFL VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\DVWHKMNFNN.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\LTKMYBSEYZ.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\YPSIACHYXW.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\YPSIACHYXW.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN\IPKGELNTQY.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN\YPSIACHYXW.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN\YPSIACHYXW.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\FENIVHOIKN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\GAOBCVIQIJ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\GAOBCVIQIJ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\FENIVHOIKN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\KZWFNRXYKI.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\NIKHQAIQAU.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\NWTVCDUMOB.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\NWTVCDUMOB.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\NWTVCDUMOB.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\ZTGJILHXQB.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\IPKGELNTQY VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\IPKGELNTQY VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\IPKGELNTQY.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\JSDNGYCOWY.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS\JSDNGYCOWY.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS\NIKHQAIQAU.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS\NWTVCDUMOB.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS\YPSIACHYXW.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KZWFNRXYKI.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\LTKMYBSEYZ.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\My Music VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\My Pictures VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\My Videos VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\NIKHQAIQAU.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\NIKHQAIQAU.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\NWTVCDUMOB.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\NWTVCDUMOB.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\RAYHIWGKDI VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\RAYHIWGKDI VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\SQRKHNBNYN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\SUAVTZKNFL VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\SUAVTZKNFL VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\HTAGVDFUIE.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\LTKMYBSEYZ.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\NWTVCDUMOB.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UOOJJOZIRH VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UOOJJOZIRH VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\WUTJSCBCFX VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\YPSIACHYXW VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\YPSIACHYXW.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\YPSIACHYXW.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\YPSIACHYXW.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\YPSIACHYXW.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\ZTGJILHXQB.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\CURQNKVOIX.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\IPKGELNTQY.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\KZWFNRXYKI.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\LTKMYBSEYZ.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\NWTVCDUMOB.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\NWTVCDUMOB.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\SQRKHNBNYN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\YPSIACHYXW.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\ZTGJILHXQB.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\CURQNKVOIX VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\CURQNKVOIX.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\IPKGELNTQY.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN\SQRKHNBNYN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN.xlsx.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE\FENIVHOIKN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE\KZWFNRXYKI.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\IPKGELNTQY VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\IPKGELNTQY VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\IPKGELNTQY.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\JSDNGYCOWY.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS\DVWHKMNFNN.xlsx.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS\JSDNGYCOWY.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS\NIKHQAIQAU.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS\NWTVCDUMOB.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS\YPSIACHYXW.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS.xlsx.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\krampus.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\KZWFNRXYKI.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\LTKMYBSEYZ.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\NIKHQAIQAU.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\NIKHQAIQAU.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\NWTVCDUMOB.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\NWTVCDUMOB.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\NWTVCDUMOB.xlsx.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\RAYHIWGKDI VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\SQRKHNBNYN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\SUAVTZKNFL VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\DVWHKMNFNN.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\HTAGVDFUIE.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\KATAXZVCPS.xlsx.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\NWTVCDUMOB.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UOOJJOZIRH VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\UOOJJOZIRH VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\WUTJSCBCFX VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\WUTJSCBCFX VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\YPSIACHYXW VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\YPSIACHYXW.xlsx.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Desktop\ZTGJILHXQB.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\CURQNKVOIX VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\CURQNKVOIX.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN\CURQNKVOIX.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN\IPKGELNTQY.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN\NIKHQAIQAU.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN\SQRKHNBNYN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN.xlsx.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\FENIVHOIKN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\GAOBCVIQIJ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\GAOBCVIQIJ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\KZWFNRXYKI.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE\NWTVCDUMOB.xlsx.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\IPKGELNTQY.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS\DVWHKMNFNN.xlsx.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS\NIKHQAIQAU.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS\YPSIACHYXW.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS.xlsx.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\My Videos VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\NIKHQAIQAU.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\RAYHIWGKDI VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\SQRKHNBNYN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\WUTJSCBCFX VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Documents\YPSIACHYXW.xlsx.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\CURQNKVOIX.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\DVWHKMNFNN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\HTAGVDFUIE.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\KATAXZVCPS.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\KATAXZVCPS.xlsx.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\KZWFNRXYKI.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\LTKMYBSEYZ.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\NIKHQAIQAU.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\NIKHQAIQAU.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\NWTVCDUMOB.pdf.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\NWTVCDUMOB.xlsx.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\SQRKHNBNYN.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\YPSIACHYXW.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\YPSIACHYXW.xlsx.krampus VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Queries volume information: C:\Users\user\Downloads\ZTGJILHXQB.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\CURQNKVOIX Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\GAOBCVIQIJ Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\HTAGVDFUIE Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\IPKGELNTQY Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\KATAXZVCPS Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\RAYHIWGKDI Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\UMMBDNEQBN Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\UOOJJOZIRH Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\WUTJSCBCFX Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\YPSIACHYXW Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\GAOBCVIQIJ Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\HTAGVDFUIE Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\IPKGELNTQY Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\RAYHIWGKDI Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\SUAVTZKNFL Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\UMMBDNEQBN Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\UOOJJOZIRH Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\WUTJSCBCFX Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\YPSIACHYXW Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\CURQNKVOIX Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\DVWHKMNFNN Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\GAOBCVIQIJ Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\KATAXZVCPS Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\RAYHIWGKDI Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\SUAVTZKNFL Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\UOOJJOZIRH Jump to behavior
Source: C:\Users\user\Desktop\krampus.exe Directory queried: C:\Users\user\Documents\YPSIACHYXW Jump to behavior
No contacted IP infos