hxxps://cdn[.]discordapp[.]com/attachments/1269895579794800772/1269900254053007425/Krampus_Executor[.]rar?ex=66b1be46&is=66b06cc6&hm=ffbc0d3e60df6b2cc7d69d4643a3b02930f17d5ad1e1b86280f1e067c7943149&

Resubmissions

05/08/2024, 07:58

240805-jttygazhqm 4

Analysis

max time kernel
120s
max time network
122s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05/08/2024, 07:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1269895579794800772/1269900254053007425/Krampus_Executor.rar?ex=66b1be46&is=66b06cc6&hm=ffbc0d3e60df6b2cc7d69d4643a3b02930f17d5ad1e1b86280f1e067c7943149&

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673183163241175"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Krampus Executor.rar:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2028	vlc.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
1000	chrome.exe
1000	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
4884	OpenWith.exe
1556	OpenWith.exe
2028	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
2028	vlc.exe
2028	vlc.exe
2028	vlc.exe
2028	vlc.exe
2028	vlc.exe
2028	vlc.exe
2028	vlc.exe
2028	vlc.exe
2028	vlc.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
2028	vlc.exe
2028	vlc.exe
2028	vlc.exe
2028	vlc.exe
2028	vlc.exe
2028	vlc.exe
2028	vlc.exe
2028	vlc.exe

Suspicious use of SetWindowsHookEx 24 IoCs

pid	Process
4884	OpenWith.exe
2928	OpenWith.exe
2928	OpenWith.exe
2928	OpenWith.exe
1556	OpenWith.exe
1556	OpenWith.exe
1556	OpenWith.exe
1556	OpenWith.exe
1556	OpenWith.exe
1556	OpenWith.exe
1556	OpenWith.exe
1556	OpenWith.exe
1556	OpenWith.exe
1556	OpenWith.exe
1556	OpenWith.exe
1556	OpenWith.exe
1556	OpenWith.exe
1556	OpenWith.exe
1556	OpenWith.exe
4928	AcroRd32.exe
4928	AcroRd32.exe
4928	AcroRd32.exe
4928	AcroRd32.exe
2028	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 4160	4796	chrome.exe	80
PID 4796 wrote to memory of 4160	4796	chrome.exe	80
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 1880	4796	chrome.exe	81
PID 4796 wrote to memory of 4540	4796	chrome.exe	82
PID 4796 wrote to memory of 4540	4796	chrome.exe	82
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83
PID 4796 wrote to memory of 2736	4796	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1269895579794800772/1269900254053007425/Krampus_Executor.rar?ex=66b1be46&is=66b06cc6&hm=ffbc0d3e60df6b2cc7d69d4643a3b02930f17d5ad1e1b86280f1e067c7943149&
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce81ecc40,0x7ffce81ecc4c,0x7ffce81ecc58
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,11210237333446836669,12296255026640512231,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1756,i,11210237333446836669,12296255026640512231,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1988 /prefetch:3
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,11210237333446836669,12296255026640512231,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2184 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,11210237333446836669,12296255026640512231,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,11210237333446836669,12296255026640512231,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4688,i,11210237333446836669,12296255026640512231,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4628,i,11210237333446836669,12296255026640512231,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5204,i,11210237333446836669,12296255026640512231,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5396,i,11210237333446836669,12296255026640512231,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4512,i,11210237333446836669,12296255026640512231,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4864,i,11210237333446836669,12296255026640512231,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1000

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:468

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3028

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4884

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5076

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1556
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Krampus Executor.rar"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4928
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3772
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=816FF3E37687F276303E34BA0D980C27 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:448
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=42BA866A890BD36FE52064EF37AE6AE2 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=42BA866A890BD36FE52064EF37AE6AE2 --renderer-client-id=2 --mojo-platform-channel-handle=1780 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:1532
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F4895414D594ABE309E20B5CDFA853DF --mojo-platform-channel-handle=1772 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:3288
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=21CF562C95E6E0B667195B2EF4B4606D --mojo-platform-channel-handle=1816 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:8
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3721D7B6C7A252B955AC347D2C20B249 --mojo-platform-channel-handle=2508 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:1536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:732

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\Krampus Executor.rar"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
0dd8a6917d200b653eff4ac75a01f4d1

SHA1
9caf255c42e38bbb29744513926c16ad74945a9b

SHA256
314862c1ac7d66454946739911787918e46333e50ddefb84eb0c497dc939f56c

SHA512
518374722c24b75080b393dccd9bf837faa0a8e05f439f95ef549c4c413d9ec3b93a220d3947b508155024460b8c8bf79be0bac6edb9cffb95bd586e2c76b323

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c16356af0f3ce6a6026c480eb2a69c90

SHA1
8db8ecdbb556903b58600c1f56e30d680b9d7f71

SHA256
c43311029ab49a89979eb1776520c1f8ccdee661b0b5ce2e9e8d1ab1c3e05dde

SHA512
17c0cedef9bd50fb6e7293b26e0c88ae74bc281455b853f5b8854ad451e55d2ea57c85ab02dc5f3b220b76ba752398b62de9ad7e2f04fa3d46eb379cc8d2e1ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3fba6989fac46135ba4c13babd43275e

SHA1
54f5389eba8b31f45bf094644e036e1073b3f529

SHA256
c1b2557d4f7fa8103f85e2e1f6295ed43c1c6e82ebc9f7986b772a419823b1e8

SHA512
11e7a9787065b1921f89e103b82f944ca7b77856a1ade6cc5e926eea5a6051d28738eb1bc8e63ce9bcb9fb0db8a19c80c5c82d8522ab37fc055fdef921c6e248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ea32797e80aef145b2c22c9828b05065

SHA1
57c6ca09e93e3ced755fdfb699084d94c3e42644

SHA256
eb8d743e4213eabe5c415743c12ab85afa8fb7371ce4397cd90cabab9feeb191

SHA512
3c7dbd4312a7150c3f90a3d4a01daa4dde5626e82d1d7faf1a8ee44dde65784b5851bedcd7ca1d5ed2c0d523ece7a3c5392067f151ec110e4747b7fcd942d7d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e229ab688f4cf9edece16c20a1c18c94

SHA1
2465100971f4ca63475a3b0b4dae11d09971433a

SHA256
783f0f3a3442d3d35fb162fb9f17a0ae16a27a7c89db492f02cf9077f772464d

SHA512
722d9dda63ca20a8dfc978a7880fd4dc9ada36fa694ffb8f64bcd7c8d9dbebc95644d735c8840e2a261a9113e634063ceca4b2689ae4452613dcd060f1ce5b3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
64fa0019a6fbee49ed22cefcbf616f70

SHA1
3e488277677e8a03cd27d3c6ce606d55dd4e29f1

SHA256
91649a7483ae11265468bf4ba4fe0a1ab7c66ab3a976729346900c5692e4af34

SHA512
7504c3d589baad4a4d3ce24570cd6486a1a22efcd761df6b66d85dbec1bb3c60eb15a07927b5bae43bb62c551a853798a3836b5d2156549df27a728a60d5008a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb8b873fd7fbf9768ea4f17d64bf3e5e

SHA1
5be53e7acf0dac31d66113d7a40954b74b0ea89b

SHA256
2f18a368402d621265fcf24ca54595e70ce8bcff2ccb0350fdfadf1ee32e9e23

SHA512
e22415a7f55327768f58084b771a57f5acfe99f268c95f8b7ea360e635722ecbd969f296d2ab63f13fc088d3b8f6efa59992aa0629ea0f666ce9bd0b411623fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
daea8c7100a5e719ace6294d5ea5b853

SHA1
e66df19e9cb7a82335360b150d1bda577a70c1e9

SHA256
2f806d3405ce6cdd434c6b9c2458ccc2bcd4214590d895d8dd6381ac7f2754ac

SHA512
4d43336f66eb016088c8ba54467cab35a71f52625bbd698e1b0c03febc5b1d21da83ce64ea89daacd98f717c6355feba0be03aa4100ec445a87b49e36fa3c4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0228e505750d01f9d57964be69aa3af0

SHA1
9f6d5e5718881e11f112f2c403e6f0bee496083b

SHA256
98cca7adb59aad9c4f7ad0453227d663507d62f5401ab848c922de0f5d77fe1a

SHA512
e53d24fe023caf571fd9cfcd2682cec70ae925dfbf60ca0bdd35eb0166687beb42ca9aba1e9f8ef133d9736ead9bb393c74c708a5e833d8055a119375a19369e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
957f3f99ddfa57eba70af8755d4b96ff

SHA1
fcfc7ecff34e5983ce9339502504c68487cdaa19

SHA256
2d26ce9afe6fba68bc33b5b0e13e35162bdb0c79e3b480b560d56b34aa3494ad

SHA512
3307ce1064b69ed273e52c6643bddd5c4acd9ec5e9bdebe04fed58f4764f8e5efc99142ff38a9d6ee894148f54e5a3a7fd43c09b26194dcd3e74176c065a8e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f62caf2699e8dd3e19f289d37a4eda91

SHA1
b4d8eee3f467887964c4c41a6dfba576991b4b90

SHA256
584f048e1e004d4855565dec70fcbc1b15a97652a5430e7e8137e43062ee25f1

SHA512
15f4c754a5c274c9f74f59011bdd5ba75c18751a348202abdef7e89db109a563c65ec2684afa575838fdeb08252a0ae9083fb7bef2c3460f3b31a2b6e7b972fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
18e0d64f026bb92d93319e925e70310f

SHA1
d8d2a11a5d8f91a04951e3bf17d359edd9f52f51

SHA256
7d29ec6b42a12b6ced8e29f36a6b342bd134adc24a870e6e4c091ee5ba775fe1

SHA512
5b14b08107cd0763625433c23f9080ef502c2768246b42141246abc2f8d25adbaccaee580f25134e0f0b6b4f08bbf17a47eeea29f24b0f25028e03cf2d4b650d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a98a87fcc1942ca8b681ab48f37cb0bf

SHA1
8952f433e8cfc3838bef60148f9525a46cee6919

SHA256
6fa52857abe5b3cd2e98d73368509853f50413c8a634eb9b603eda3e9cacd3f0

SHA512
6e1e1dd89b739db831788e5b3fa69856228fa0d86ab3f9b317cdaff5918685cc002d6e55b69a8c9e1d4a231f673d2c7670bd9c4ca90ce23ac76cb9aeed071dd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
242919bd097fcef786081b2df015a295

SHA1
a7f37b8fefbf72d0262c59433ff285213523e147

SHA256
6dba0f2242d1a2ec7cf6ce2f2e21baa47dabcf390900272a906c0209d449ed1d

SHA512
b21e1142f80364fd0cbb91166e70b5f37de5c2070cca09d78e1bb7364e6cdb795bd523fddac319c7a14b7163c712564b219f6a6d6506452c07397c50fcdf1a13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
4816fc58eae1111ff4efa83c7f83fb5e

SHA1
726b93c499ae2f4a802ad66c30bbe65c9050f870

SHA256
c46624e6df80b4ca2ba2231b23c8eaeccb14c77bdec80ad473d3f5ca54864149

SHA512
ef422bc0c027801775b3d5487192d6b0f9305ff44f4db3103538985105e011016c1f2331ab23e25d3702454a2e868f7d045262226286da7cc314f1df491246bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
d154cb8a8a0966f0452fd5a27122ce25

SHA1
4328aba50253a433a3dfb86cbb1d47083a216481

SHA256
0b6724823c4438acdf0090e4570bbe52f9b1d658139e2d1ba1a41ddba2bbdf98

SHA512
70f6fad185c23c427d3e1019abfffabb144e1b57ef4a8ce7635782eb40b4e065d28f881f7b7ad8dfd906b4a1c3b7eca05cebe2bc8d16aa131acf2f64d8cd9d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
dea73bd08e66c63250f8353098b1e128

SHA1
32675f48c3f434cbaeedd515005f8f2c250e2598

SHA256
b33b64a2af55f283a1a6d9392c1a479a775c91afe7980f3508c9edc72b88b753

SHA512
c111659412122d0f54a3dd9c898f8a416f9da12b0e060be1decc70eae72817748993f4a633e569d787e3c81854697d8fbde475c9a8505d020a52029687bef6a4

Download Submit
C:\Users\Admin\Downloads\Krampus Executor.rar.crdownload

Filesize
3.6MB

MD5
899f629ed7aa02d370acb410f4a63b08

SHA1
c54150e944935a6a4fbb42b3f44e59658a3840ec

SHA256
b1330b1281831a2079bd908c06afc8e2aa50fa271e5301c3f35b78707348bf99

SHA512
343d2a4abc22856517e4f614233a0f1361533b977664095ae501eef7c9dc9ec0c0e09eb52e21f64098420bd70ea590522f80095d40294c774b0023d53cfabf99

Download Submit
C:\Users\Admin\Downloads\Krampus Executor.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2028-242-0x00007FF6AFF00000-0x00007FF6AFFF8000-memory.dmp

Filesize
992KB

Download
memory/2028-243-0x00007FFCE28E0000-0x00007FFCE2914000-memory.dmp

Filesize
208KB

Download
memory/2028-244-0x00007FFCD24F0000-0x00007FFCD27A6000-memory.dmp

Filesize
2.7MB

Download
memory/2028-245-0x00007FFCD1440000-0x00007FFCD24F0000-memory.dmp

Filesize
16.7MB

Download