hxxps://github[.]com/davon21121/krampus-cracked

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 16:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/davon21121/krampus-cracked

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
1900	msedge.exe
1900	msedge.exe
4196	identity_helper.exe
4196	identity_helper.exe
2984	msedge.exe
2984	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 4000	1900	msedge.exe	87
PID 1900 wrote to memory of 4000	1900	msedge.exe	87
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2360	1900	msedge.exe	88
PID 1900 wrote to memory of 2888	1900	msedge.exe	89
PID 1900 wrote to memory of 2888	1900	msedge.exe	89
PID 1900 wrote to memory of 4332	1900	msedge.exe	90
PID 1900 wrote to memory of 4332	1900	msedge.exe	90
PID 1900 wrote to memory of 4332	1900	msedge.exe	90
PID 1900 wrote to memory of 4332	1900	msedge.exe	90
PID 1900 wrote to memory of 4332	1900	msedge.exe	90
PID 1900 wrote to memory of 4332	1900	msedge.exe	90
PID 1900 wrote to memory of 4332	1900	msedge.exe	90
PID 1900 wrote to memory of 4332	1900	msedge.exe	90
PID 1900 wrote to memory of 4332	1900	msedge.exe	90
PID 1900 wrote to memory of 4332	1900	msedge.exe	90
PID 1900 wrote to memory of 4332	1900	msedge.exe	90
PID 1900 wrote to memory of 4332	1900	msedge.exe	90
PID 1900 wrote to memory of 4332	1900	msedge.exe	90
PID 1900 wrote to memory of 4332	1900	msedge.exe	90
PID 1900 wrote to memory of 4332	1900	msedge.exe	90
PID 1900 wrote to memory of 4332	1900	msedge.exe	90
PID 1900 wrote to memory of 4332	1900	msedge.exe	90
PID 1900 wrote to memory of 4332	1900	msedge.exe	90
PID 1900 wrote to memory of 4332	1900	msedge.exe	90
PID 1900 wrote to memory of 4332	1900	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/davon21121/krampus-cracked
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe901646f8,0x7ffe90164708,0x7ffe90164718
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2098193904928675694,4228533228329126572,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,2098193904928675694,4228533228329126572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,2098193904928675694,4228533228329126572,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2098193904928675694,4228533228329126572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2098193904928675694,4228533228329126572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2098193904928675694,4228533228329126572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2098193904928675694,4228533228329126572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2098193904928675694,4228533228329126572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2098193904928675694,4228533228329126572,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2098193904928675694,4228533228329126572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2098193904928675694,4228533228329126572,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,2098193904928675694,4228533228329126572,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2098193904928675694,4228533228329126572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,2098193904928675694,4228533228329126572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2098193904928675694,4228533228329126572,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4952 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9519bc058003dbea34765176083739e

SHA1
ef49b8790219eaddbdacb7fc97d3d05433b8575c

SHA256
e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b

SHA512
a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb138796dbfb37877fcae3430bb1e2a7

SHA1
82bb82178c07530e42eca6caf3178d66527558bc

SHA256
50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd

SHA512
287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
267c3b4b7cce5f70ff710319940c641b

SHA1
abf92f2f82c7319a4948dfba5ee78b75d2386df4

SHA256
ff0f87167244c21c27bb580c13881654471efc9976aba1d39043ad6fca904f9d

SHA512
6eeda3bc1de0ce4d3a714132367ef9e945906b32e396bc4932a6945fffa35b8dbe09cf008de51d07a715f90c9fc0e0296838b91fabb339a17ad7a99d9dfb9f90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
40d294f3305c7d11a390ac5994d9b7fb

SHA1
635b4769ffcd2b94dc196c4551c30bd5a9bf7fe6

SHA256
68520fcc15978ffb55091beb1c4903bd53544dc762a1af9e803b0e4ece0bf2b3

SHA512
48a5de3a666cf8fe2f4ff365d52036fe02f3a5c61c67c6894b488b0e62d7ff0d7d857638847701019274e3173a2c5f55078d40ff00115bce3c5ba99c08c2ea88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
cc4d73e34e4e3f8e986a319af7c94bb6

SHA1
b0340d1365533d7e2e943bcc91afd9563af194e8

SHA256
0b4ad4ab83c5cd2828bd8c66c76d18b77b8b6157409a6cbf1704bd793d3b4e29

SHA512
6ee164ae203e27226a00cb5790b8f66726589c191ccdc6c8e7d612fb47b8aecbcb346dfdb40b488f837b46d090b113f88379bb877191258ada8c07c04d285f9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec7789f69991945aba2fd6a5832360f9

SHA1
ff73ab7599d89eccbbdf8d7eee95635d87d9d075

SHA256
e5b44f202fd44d57a4b11a5802d5a5c79bf13df9c1ccb582814a66ae6043cecc

SHA512
42cdf9cd4aa3447d5eeabae1021aecac9e53893eafd3f21f09360e2957a96b6c908055e214718e02498e4551d3d954b822e23abe9c049481080b6a2ab470107c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5cb6f8496c931fd49298951802c0faa7

SHA1
7e271d4fa32bfc28f90cb8d6ff4608cf003506ac

SHA256
acceafbeb5d64f068c24b9c33dcc3bff7952f7f4f8db0c6d19657f8c4d9d566b

SHA512
c133108aecd9cb271fdc7904287aa718245168e522d8fd5c7d0e986b65e773ae0cf122a9582f92d7540354b910f432c4e53fa103cca12b82ba5708df65ea95f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89a9498ce811fda0a7151ef8d7448df9

SHA1
dd5e075c9eb04c06e89235692a6e96bf3bf46f1f

SHA256
363219254c0fe520ae19ae44bcf3f8f5b8788245082bda4b42730d430a2382ff

SHA512
089ea26c37292a945982b7c0bafdef464aceb6d4e6cff67e02f4a0a4cc7f3b30e20dfb08345ee1a8f59757858911cd8231cb785654803f329d031ab392d18f01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77fd02c256d36a37d09b3b2e2981e3bb

SHA1
9178c605641170e1c8d6b56855694f494e96bf97

SHA256
a3823a0fb5ad36d0be3d8d7c1036e17eab83081898ea6edaba261a6570f74dee

SHA512
22051821e5918e135b142105ae9b6c95e040156801463f73b531876e8196b7622e470387198247cc02c93cc00499952bf30ce70af690370198ff9f3b22e74867

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a4f4fca05b5325a2efdad022180be783

SHA1
dc9d8d3665138773e6bab13d8b76aba967aa018d

SHA256
dc7fbf6b18c40c73bb2ae24c0476f43efbb2417a1b97a8f65e5c36dcbe8d5700

SHA512
f931e3cd506cd2c012f5718e87a4041641b0130427f1bac5f3284f462c70be330100c8a8827dc0f424801cc6bdd7ca2bd8c71483c916b5e186a2ace34a8fbb60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588ece.TMP

Filesize
874B

MD5
fdc08c4132087118ceb5c57956d044a4

SHA1
9aae3f4140f0c7fe46e0f5f01f123e0621468247

SHA256
8543cf993f8da300fe7b1bf0c597b391d5f0ec034a41d6a3afc7da4db2b8a0fe

SHA512
efb87198fb2b7002d5cc6eb3d32617e7b0012b035e5e28daa4cb08368b1f6899144056f25b3ea712cd354ab18f3da370d6714457a10740e4496e400baae6b3a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e6ec33aecd842ccf046509bf06dcda08

SHA1
e94461503d6d04dd1499e8c60aa2214a5319d66b

SHA256
16590c138e1673de180cb776295e47b6e1cbe735e22d7f851ec77bf9a6c63254

SHA512
fe11e623ee0e7bc63a8d5673c8406289e7e8c5fbed0ab24e5eac2db59d0cd55b83f24eb3f2baacaef2c547ed55b409028bcf25621e0ef6868f9f13149a16e5b1

Download Submit
C:\Users\Admin\Downloads\krampus-cracked-main.zip

Filesize
21KB

MD5
ab1d6d49f8c08137fceeba3d84b13e5d

SHA1
efeecd825a0ab8440723e81da0868e8e574d3946

SHA256
b91c035e82e8873d014a4d3f1add9ac5cdee9f8febfdbd20a1e3688b02f36358

SHA512
32cc82ded6dd31e1706d006d63c4080d8e1902ea216aec72d1fca67183254f2b7a7edf735b0490c8144c12e7105611583a4dbbb18108727c4a0c60c78e107038

Download Submit