122748cd4c77c507bd225cebcf47285cd6941ea23c3c1672fc1a9decc1946a64

Analysis

max time kernel
75s
max time network
81s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 16:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KrampUI.exe
Size

16.5MB
MD5

898643f9b1ee99a7801f283e2348d84b
SHA1

e8c2cfcd8bc2f1ad498a5f85bca18cb835e3996c
SHA256

122748cd4c77c507bd225cebcf47285cd6941ea23c3c1672fc1a9decc1946a64
SHA512

aaf1a129ad426e039bfc572accd8e900a2695e89a91627467075e89d51b0e451b1cc4de49a96089ee2dd92acf02221b09630d731e87c7013f668be8e9c12b4f6
SSDEEP

196608:9kuYd4y7op18GLIM0eldluLefAsllLefAs/xLefAs/WTdIUPksvC:93Yd4yspOGLpFI3sn3sZ3sMdpv

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	KrampUI.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

pid	Process
4440	msedgewebview2.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe
4104	KrampUI.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4104	KrampUI.exe
4104	KrampUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 4440	4104	KrampUI.exe	93
PID 4104 wrote to memory of 4440	4104	KrampUI.exe	93
PID 4440 wrote to memory of 4796	4440	msedgewebview2.exe	94
PID 4440 wrote to memory of 4796	4440	msedgewebview2.exe	94
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2816	4440	msedgewebview2.exe	95
PID 4440 wrote to memory of 2772	4440	msedgewebview2.exe	96
PID 4440 wrote to memory of 2772	4440	msedgewebview2.exe	96
PID 4440 wrote to memory of 4060	4440	msedgewebview2.exe	97
PID 4440 wrote to memory of 4060	4440	msedgewebview2.exe	97
PID 4440 wrote to memory of 4060	4440	msedgewebview2.exe	97
PID 4440 wrote to memory of 4060	4440	msedgewebview2.exe	97
PID 4440 wrote to memory of 4060	4440	msedgewebview2.exe	97
PID 4440 wrote to memory of 4060	4440	msedgewebview2.exe	97
PID 4440 wrote to memory of 4060	4440	msedgewebview2.exe	97

C:\Users\Admin\AppData\Local\Temp\KrampUI.exe
"C:\Users\Admin\AppData\Local\Temp\KrampUI.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=KrampUI.exe --webview-exe-version=1.1.6 --user-data-dir="C:\Users\Admin\AppData\Local\KrampUI\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=MojoIpcz --lang=en-US --accept-lang=en-US --mojo-named-platform-channel-pipe=4104.932.17812688385533530614
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:4440
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\KrampUI\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffce2632e98,0x7ffce2632ea4,0x7ffce2632eb0
    3⤵
    PID:4796
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\KrampUI\EBWebView" --webview-exe-name=KrampUI.exe --webview-exe-version=1.1.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1792 --field-trial-handle=1796,i,17092025824161517240,17575832946501212401,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:2
    3⤵
    PID:2816
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\KrampUI\EBWebView" --webview-exe-name=KrampUI.exe --webview-exe-version=1.1.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --mojo-platform-channel-handle=2120 --field-trial-handle=1796,i,17092025824161517240,17575832946501212401,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:3
    3⤵
    PID:2772
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\KrampUI\EBWebView" --webview-exe-name=KrampUI.exe --webview-exe-version=1.1.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --mojo-platform-channel-handle=2352 --field-trial-handle=1796,i,17092025824161517240,17575832946501212401,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
    3⤵
    PID:4060
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\KrampUI\EBWebView" --webview-exe-name=KrampUI.exe --webview-exe-version=1.1.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3656 --field-trial-handle=1796,i,17092025824161517240,17575832946501212401,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:1
    3⤵
    PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1404 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
1⤵
PID:5464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
43baba38b6143e37492dbd3d5799ccc3

SHA1
50109eb609ede674441a3337126f2fa49467e599

SHA256
2d049a42b5d835e46653c194cbf0ad1b43d6c7902cf804d8b669861f09a435fa

SHA512
dbdaa406145ab072a3af682eb02f3d67d9e11a439e9e3073ab2132f1d0b1b3c2ace3e4e449fa4fd50d10ed81c6ab4af912c9a66c8a4663eb19a15da4fce00424

Download Submit
C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
a6d607f2a247d905576d169fc2c41f7a

SHA1
26a685e7f70091934b088bd52c859ae87374dd44

SHA256
fdbffe6b661a62f66fe3ff62fabe4a9872d6f7d8e4a356f95bf54038b1eabc17

SHA512
87c5fc23c3142f887497e5ca8f59625e48f0613a0d5970c8b491ec461b26c8db7ecb7d87c9b434f73367f1fc05a49068030525c2819206828dbe399990fbd2dc

Download Submit
C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
a2829c636891bc7f81394014e8fb6a71

SHA1
312c5ccd93d3ea575e5028c08d33f93e797ced60

SHA256
b123bbac03af066c1e027fcbd304b83471f4d70c3412fbd9d8154d6ffc2760d3

SHA512
e56435972f507a0c7b1052be6f7e2e7de6502f1c54f68361e9ed953dbfbe88780212986d59008474d18396b8b778f1a9603ad27b74d5731bf7f0238de5ed068a

Download Submit
C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe58c435.TMP

Filesize
48B

MD5
672be9ad6462d72640d861f093b69993

SHA1
0243d06ccf93ad0c9e76331686e33b0858966d41

SHA256
752351ad49e9c18d8d29264be202744b07b2e3401810a257bf12fb75dbf62a31

SHA512
9c7554b13b968bce80d8fd689a658df961295e63178b7199ff2ea8fcf558ae6d527c846d6b341b3294580210ddfece293831f61dbdd06c269f110f5bd09d75b0

Download Submit
C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Default\DawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Default\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Default\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Default\Preferences

Filesize
6KB

MD5
fa87cfb9aa93f2a60e0660aa7c33f1e4

SHA1
ce53bf0bf18f3da268af3193e82f41c51e910080

SHA256
e9894cd6a5b4e70cebe06187fc67030baec87928ddc0091e33a8f092d8ea17bc

SHA512
43bb8b32c33b09a36022a8e027c3be0c577e0d262db514ba28ab1fa9ea78deb2f708d22d38568d9fff0d8ff6bc698a42b1b6127f7c3119929d2612c2f583a00f

Download Submit
C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Default\Preferences~RFe5885a6.TMP

Filesize
5KB

MD5
8733c5122b281d26a6fac9a52c1d6f8c

SHA1
9cc2cfc5ca328009995d5635324498fd44822817

SHA256
9b565df6b9b50ab69f798565a3cd59a7589f340f54e952c5a4a73872692429c0

SHA512
4e83e30e9903583e963fdb6551e988408c1c712c738e1a1a4bbc42f3ba6db07426fdc6314bf47579e6714cb4666c47f3ee802f8c5d69619a2b3aa14def85d272

Download Submit
C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Local State

Filesize
2KB

MD5
0d7efe9a3c5dda03803b4fb4b0a13bd2

SHA1
08f64b705f75a15f69e355481fecefb91e5611a3

SHA256
b4a4e9717b2a2a5bc9036f985db0c22643430662a7f9df7e601056446b347435

SHA512
c163cab89fb1473e1b3e68a8c9d7e01ff4c5e44c116430fb7ec52ca756ae1e4b8b215426be2ff3776e1e6332fb105c8585070e3a1a9c51e74f01e5441675b3e6

Download Submit
C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Local State

Filesize
3KB

MD5
8240b2d707523ed27bc3f74511fbb3f3

SHA1
b1ff17cc4220fff50ed73a8fded47525b0a5dc64

SHA256
484cd0636b509c8cca41a191473881b9a4d6ad068e18a3a517f8c8a39752cbb5

SHA512
80b321e55442da29c2395c475d1063c16b6d23cb932818180d0d491fae73562fe20cdecdcc2ba90ed7ccd610230532ae0de55edf51c29cb26cfdde6660320985

Download Submit
C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Local State

Filesize
3KB

MD5
e9819a0754ea3762d46d53d91b317f14

SHA1
2463fb5bca8a1c9ca8f832473f0b3a13b4defd7c

SHA256
8764661ae851aa73362fe5e5cad099513b36df357e47ce79c9a0db157b3b489d

SHA512
1f5f46652b4b8a77e50de5d80401a07adbea184ff173a6d3f1aba59c101925ff4aa3f34a096b034c6ac06e985d7d9df67762371b9a7f2c1bdd35089f8c4bbfa7

Download Submit
C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Local State

Filesize
16KB

MD5
e040040cc48500e7dedefe825c5a4b74

SHA1
8b2e43f7e6e4b844aec0d85aa7e2a6f06bc308be

SHA256
cb381b54313cb55fc4f833fead27f33d38c1f81112fb26937e3cdf88db5d7189

SHA512
d76d033f5d48cd40dfad0d45970b9715fc441afca4c7b4e4f54b2ea9e022a96558155a27036877d9c3098d74b4e0eec282a831473c6d99e1484d48f223bf8776

Download Submit
C:\Users\Admin\AppData\Local\KrampUI\EBWebView\Local State~RFe5834c7.TMP

Filesize
1KB

MD5
5c82104248c85f25930a81aef6f35d0b

SHA1
68c1344aad37db94a971f65cbd7185101e82754c

SHA256
efb6756931b50d1a6cae58252c28a6e7f9e85ac421879ad78b49e0ace041f163

SHA512
3401735ef7cd2b909b349288032cb49d13c23a363ab5fca904797ea2139c6fa38d389c6fd84716015843f3bef84c3e225c2a9781b3ebb6809ebc9f829b61e051

Download Submit
C:\Users\Admin\AppData\Roaming\KrampUI\autoexec\__krampui

Filesize
642B

MD5
628f3e575bc355fcafbdf088f675b9cd

SHA1
f1a1a38adaa6cfcff9be5c8bb5f7e7b4d9fa23f4

SHA256
e316a8ee0bc90265accfe90d99fdb3d12a8313d1eeefac740bdcbbf53d14098d

SHA512
796706403a43d3e49bd6a47bcf40577bc9307f1b3f19d9e0728d75218871507373aae387262536996e01635bf4ea4b4f0a4647126fafcd29a642f779903d235c

Download Submit
memory/2248-135-0x00007FFD07940000-0x00007FFD07941000-memory.dmp

Filesize
4KB

Download
memory/2816-24-0x00007FFD07940000-0x00007FFD07941000-memory.dmp

Filesize
4KB

Download
memory/4060-64-0x00007FFD06050000-0x00007FFD06051000-memory.dmp

Filesize
4KB

Download
memory/4060-63-0x00007FFD07C40000-0x00007FFD07C41000-memory.dmp

Filesize
4KB

Download