hxxps://cdn[.]discordapp[.]com/attachments/1276583536090021969/1276597304639492237/krampusm[.]zip?ex=66ca1b63&is=66c8c9e3&hm=b65397aed5b2b5cfd77672c82fc452c8f0cbb66e62d78edb1a95c97e69b4b247&

Analysis

max time kernel
33s
max time network
14s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
23-08-2024 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1276583536090021969/1276597304639492237/krampusm.zip?ex=66ca1b63&is=66c8c9e3&hm=b65397aed5b2b5cfd77672c82fc452c8f0cbb66e62d78edb1a95c97e69b4b247&

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\krampusm.zip:Zone.Identifier	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4912	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3644	msedge.exe
3644	msedge.exe
1320	msedge.exe
1320	msedge.exe
1400	msedge.exe
1400	msedge.exe
2536	msedge.exe
2536	msedge.exe
3456	identity_helper.exe
3456	identity_helper.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe
1084	SG9uZXlwb3Q.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 1764	1320	msedge.exe	79
PID 1320 wrote to memory of 1764	1320	msedge.exe	79
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 916	1320	msedge.exe	80
PID 1320 wrote to memory of 3644	1320	msedge.exe	81
PID 1320 wrote to memory of 3644	1320	msedge.exe	81
PID 1320 wrote to memory of 4348	1320	msedge.exe	82
PID 1320 wrote to memory of 4348	1320	msedge.exe	82
PID 1320 wrote to memory of 4348	1320	msedge.exe	82
PID 1320 wrote to memory of 4348	1320	msedge.exe	82
PID 1320 wrote to memory of 4348	1320	msedge.exe	82
PID 1320 wrote to memory of 4348	1320	msedge.exe	82
PID 1320 wrote to memory of 4348	1320	msedge.exe	82
PID 1320 wrote to memory of 4348	1320	msedge.exe	82
PID 1320 wrote to memory of 4348	1320	msedge.exe	82
PID 1320 wrote to memory of 4348	1320	msedge.exe	82
PID 1320 wrote to memory of 4348	1320	msedge.exe	82
PID 1320 wrote to memory of 4348	1320	msedge.exe	82
PID 1320 wrote to memory of 4348	1320	msedge.exe	82
PID 1320 wrote to memory of 4348	1320	msedge.exe	82
PID 1320 wrote to memory of 4348	1320	msedge.exe	82
PID 1320 wrote to memory of 4348	1320	msedge.exe	82
PID 1320 wrote to memory of 4348	1320	msedge.exe	82
PID 1320 wrote to memory of 4348	1320	msedge.exe	82
PID 1320 wrote to memory of 4348	1320	msedge.exe	82
PID 1320 wrote to memory of 4348	1320	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1276583536090021969/1276597304639492237/krampusm.zip?ex=66ca1b63&is=66c8c9e3&hm=b65397aed5b2b5cfd77672c82fc452c8f0cbb66e62d78edb1a95c97e69b4b247&
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff956e73cb8,0x7ff956e73cc8,0x7ff956e73cd8
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,16560615450361834280,13788151258527175151,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,16560615450361834280,13788151258527175151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,16560615450361834280,13788151258527175151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16560615450361834280,13788151258527175151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16560615450361834280,13788151258527175151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16560615450361834280,13788151258527175151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,16560615450361834280,13788151258527175151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,16560615450361834280,13788151258527175151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,16560615450361834280,13788151258527175151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16560615450361834280,13788151258527175151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16560615450361834280,13788151258527175151,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16560615450361834280,13788151258527175151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16560615450361834280,13788151258527175151,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:2072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5076

C:\Users\Admin\Downloads\krampusm\SG9uZXlwb3Q.exe
"C:\Users\Admin\Downloads\krampusm\SG9uZXlwb3Q.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1084

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\krampusm\howtouse.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4ae6009e2df12ce252d03722e8f4288

SHA1
44de96f65d69cbae416767040f887f68f8035928

SHA256
7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d

SHA512
bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4bf4b59c3deb1688a480f8e56aab059d

SHA1
612c83e7027b3bfb0e9d2c9efad43c5318e731bb

SHA256
867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82

SHA512
2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f8de2ebe6529a5ec62149a3d56c242a5

SHA1
0919307b2e5ddafd0a7a92b54085c6801982210a

SHA256
5e18bfb37b94add2334c83eadadd0fc0e573a78f9d4f8163daafdd99fac6f283

SHA512
9bd322ba4b9f546c93654571fcc682769a1997fe815b25673caccb84b8d28c7a3c7901242af788ac4fb1a0209eb2625d74a0d3ec1fdc22502b9e33acf42fbf60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f894d892fa78fb383b89c1a154fcadfb

SHA1
445ca33d88321b170911df2c01d8a28d2648388f

SHA256
4637f9cc50736acf3ec54bc2fdee6e16dfe2af7891b1cce7104575973376478a

SHA512
be95447f02bd3820c1470af4215b11c73e5cc9937bd579acd151e0b6235f19d2bd7a1e2f05cad2e23e9f2dd57204593c516feac83930f01fba357f177ecd765b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d5d3d158-9801-4939-a497-c7e55145be61.tmp

Filesize
11KB

MD5
cd2df96f337335bd9a841cdaa2eec477

SHA1
bf439ed5c8a6e09878b658e60eaa053c1d616683

SHA256
96222f1a9499414d98c553d2a23ec3bac6dd397256dcfe5164bb507c524b669f

SHA512
673ace66c85b6189054e817fd7df943b83bb3af133d2da85b4932b16c8015b8e1b2c24a607a140dd53af393a5533343bf3e56dde6625a5e8b6b76524fce3ab97

Download Submit
C:\Users\Admin\Downloads\krampusm.zip

Filesize
902KB

MD5
9aa477c475edd4fded246e417ac47ad3

SHA1
f6ec8562d4fe673de9fb024b167eccad98f04a6d

SHA256
9bf30e0114d702ed674a6487f55ee14ca4f036c452b0d8049c054b913598c73d

SHA512
ad505664d03a0810751bf6317e88b6672463d1c22c634e67d99aa30f6ac35945a23f37b23ba71e24d916fc0bb7959d2a902027e19201db9350a506a3f59df002

Download Submit
C:\Users\Admin\Downloads\krampusm.zip:Zone.Identifier

Filesize
220B

MD5
5c2078ebe69300c3415799aee9893fcb

SHA1
4bc2ed99b8e6db4bdc16a9be1d4c9de70f8b3435

SHA256
31db7f17178498614129bc04b8cb78bbea3137b1e9a688938965e6547d0ac9c2

SHA512
68b127343fb50417698753367ee57dd8075643f6f770bb44d3f71ed8b7b880b64940620c535713231d94acfae7e7e154530e8a7458937bcc90c0ef3a095f727d

Download Submit