909fdfeef66f20a0ce6275b334f8eec552f50222c0acb9f759f01a2c8c418d4b

Analysis

max time kernel
527s
max time network
515s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250218-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250218-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
20/02/2025, 09:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Cryptic Installer.exe
Size

12.1MB
MD5

26115ce9c0aa825be82c500004825308
SHA1

0883c65e4c063b61647865d58cd3a3d46324365b
SHA256

909fdfeef66f20a0ce6275b334f8eec552f50222c0acb9f759f01a2c8c418d4b
SHA512

1368efd81bd46c02703e39008b19635ebd3c9ea98b32d7ac3b90f11b09c286d9b45511dd1aee3e9f6998ee7ecb7f81c9f2cdb9ccea142cf09cdc6ebbaa5882d4
SSDEEP

98304:b1FLZ04/tavoCAifjWKqgpvlYFDU2f8u06rA7BxMooQlititz12d:XT/taACAiCWvlYr8u0JrgQli6

Score

8^/10

defense_evasion discovery execution trojan

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
4472	powershell.exe
3776	powershell.exe
1492	powershell.exe
4740	powershell.exe
1492	powershell.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Cryptic Installer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3776	powershell.exe
3776	powershell.exe
1492	powershell.exe
1492	powershell.exe
4740	powershell.exe
4740	powershell.exe
4472	powershell.exe
4472	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

pid	Process
3260	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3776	powershell.exe
Token: SeIncreaseQuotaPrivilege	3776	powershell.exe
Token: SeSecurityPrivilege	3776	powershell.exe
Token: SeTakeOwnershipPrivilege	3776	powershell.exe
Token: SeLoadDriverPrivilege	3776	powershell.exe
Token: SeSystemProfilePrivilege	3776	powershell.exe
Token: SeSystemtimePrivilege	3776	powershell.exe
Token: SeProfSingleProcessPrivilege	3776	powershell.exe
Token: SeIncBasePriorityPrivilege	3776	powershell.exe
Token: SeCreatePagefilePrivilege	3776	powershell.exe
Token: SeBackupPrivilege	3776	powershell.exe
Token: SeRestorePrivilege	3776	powershell.exe
Token: SeShutdownPrivilege	3776	powershell.exe
Token: SeDebugPrivilege	3776	powershell.exe
Token: SeSystemEnvironmentPrivilege	3776	powershell.exe
Token: SeRemoteShutdownPrivilege	3776	powershell.exe
Token: SeUndockPrivilege	3776	powershell.exe
Token: SeManageVolumePrivilege	3776	powershell.exe
Token: 33	3776	powershell.exe
Token: 34	3776	powershell.exe
Token: 35	3776	powershell.exe
Token: 36	3776	powershell.exe
Token: SeDebugPrivilege	1492	powershell.exe
Token: SeIncreaseQuotaPrivilege	1492	powershell.exe
Token: SeSecurityPrivilege	1492	powershell.exe
Token: SeTakeOwnershipPrivilege	1492	powershell.exe
Token: SeLoadDriverPrivilege	1492	powershell.exe
Token: SeSystemProfilePrivilege	1492	powershell.exe
Token: SeSystemtimePrivilege	1492	powershell.exe
Token: SeProfSingleProcessPrivilege	1492	powershell.exe
Token: SeIncBasePriorityPrivilege	1492	powershell.exe
Token: SeCreatePagefilePrivilege	1492	powershell.exe
Token: SeBackupPrivilege	1492	powershell.exe
Token: SeRestorePrivilege	1492	powershell.exe
Token: SeShutdownPrivilege	1492	powershell.exe
Token: SeDebugPrivilege	1492	powershell.exe
Token: SeSystemEnvironmentPrivilege	1492	powershell.exe
Token: SeRemoteShutdownPrivilege	1492	powershell.exe
Token: SeUndockPrivilege	1492	powershell.exe
Token: SeManageVolumePrivilege	1492	powershell.exe
Token: 33	1492	powershell.exe
Token: 34	1492	powershell.exe
Token: 35	1492	powershell.exe
Token: 36	1492	powershell.exe
Token: SeDebugPrivilege	4740	powershell.exe
Token: SeDebugPrivilege	4472	powershell.exe
Token: SeIncreaseQuotaPrivilege	4472	powershell.exe
Token: SeSecurityPrivilege	4472	powershell.exe
Token: SeTakeOwnershipPrivilege	4472	powershell.exe
Token: SeLoadDriverPrivilege	4472	powershell.exe
Token: SeSystemProfilePrivilege	4472	powershell.exe
Token: SeSystemtimePrivilege	4472	powershell.exe
Token: SeProfSingleProcessPrivilege	4472	powershell.exe
Token: SeIncBasePriorityPrivilege	4472	powershell.exe
Token: SeCreatePagefilePrivilege	4472	powershell.exe
Token: SeBackupPrivilege	4472	powershell.exe
Token: SeRestorePrivilege	4472	powershell.exe
Token: SeShutdownPrivilege	4472	powershell.exe
Token: SeDebugPrivilege	4472	powershell.exe
Token: SeSystemEnvironmentPrivilege	4472	powershell.exe
Token: SeRemoteShutdownPrivilege	4472	powershell.exe
Token: SeUndockPrivilege	4472	powershell.exe
Token: SeManageVolumePrivilege	4472	powershell.exe
Token: 33	4472	powershell.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1976	Cryptic Installer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 3260	1976	Cryptic Installer.exe	79
PID 1976 wrote to memory of 3260	1976	Cryptic Installer.exe	79
PID 3260 wrote to memory of 1500	3260	msedgewebview2.exe	80
PID 3260 wrote to memory of 1500	3260	msedgewebview2.exe	80
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 4568	3260	msedgewebview2.exe	81
PID 3260 wrote to memory of 2324	3260	msedgewebview2.exe	82
PID 3260 wrote to memory of 2324	3260	msedgewebview2.exe	82
PID 3260 wrote to memory of 3468	3260	msedgewebview2.exe	83
PID 3260 wrote to memory of 3468	3260	msedgewebview2.exe	83
PID 3260 wrote to memory of 3468	3260	msedgewebview2.exe	83
PID 3260 wrote to memory of 3468	3260	msedgewebview2.exe	83
PID 3260 wrote to memory of 3468	3260	msedgewebview2.exe	83
PID 3260 wrote to memory of 3468	3260	msedgewebview2.exe	83
PID 3260 wrote to memory of 3468	3260	msedgewebview2.exe	83

C:\Users\Admin\AppData\Local\Temp\Cryptic Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Cryptic Installer.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name="Cryptic Installer.exe" --webview-exe-version=0.1.0 --user-data-dir="C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=1976.2992.16139678082297856244
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:3260
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x184,0x188,0x18c,0x160,0x194,0x7fff0f31b078,0x7fff0f31b084,0x7fff0f31b090
    3⤵
    PID:1500
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView" --webview-exe-name="Cryptic Installer.exe" --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1812,i,7754619471245622683,14333011393041073944,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1808 /prefetch:2
    3⤵
    PID:4568
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView" --webview-exe-name="Cryptic Installer.exe" --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=1976,i,7754619471245622683,14333011393041073944,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2092 /prefetch:3
    3⤵
    PID:2324
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView" --webview-exe-name="Cryptic Installer.exe" --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2272,i,7754619471245622683,14333011393041073944,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2400 /prefetch:8
    3⤵
    PID:3468
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView" --webview-exe-name="Cryptic Installer.exe" --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3488,i,7754619471245622683,14333011393041073944,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
    3⤵
    PID:2184
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" -WindowStyle Hidden -Command "Get-MpPreference | Select-Object -ExpandProperty DisableRealtimeMonitoring"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3776
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" -WindowStyle Hidden -Command " $avProducts = Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct; $foundAV = $false; foreach ($av in $avProducts) { # Skip Windows Defender as we check it separately if ($av.DisplayName -notlike '*Windows Defender*') { # Check if AV is enabled (bit 1 in productState should be 1) $hexState = [Convert]::ToString($av.ProductState, 16).PadLeft(6, '0') # Check if real-time protection is on (1) or off (0) $rtStatus = [Convert]::ToInt32($hexState.Substring(2, 2), 16) if ($rtStatus -band 0x10) { $foundAV = $true Write-Output \"enabled\" Write-Output $av.DisplayName exit } } } if (-not $foundAV) { Write-Output \"disabled\" Write-Output \"\" } "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1492
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" -WindowStyle Hidden -Command " $app = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -like '*Microsoft Visual C++*2015-2022*' -and $_.Name -like '*64*' } # Also check registry as a fallback since Win32_Product is not always reliable $regKeys = @( 'HKLM:\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64', 'HKLM:\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.29,bundle' ) $regInstalled = $false foreach ($key in $regKeys) { if (Test-Path $key) { $regInstalled = $true break } } if ($app -or $regInstalled) { Write-Output 'true' } else { Write-Output 'false' } "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4740
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" -WindowStyle Hidden -Command "Get-MpPreference | Select-Object -ExpandProperty DisableRealtimeMonitoring"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4472

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:2816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
35f6f7dce4b40edb4d8fde2efb97f2d2

SHA1
8521f4604bce0443a7565a16231e0549eb6712e9

SHA256
8d4d0d42997af6194af00873aeef846818f8900c09650a77ff8436c3df454780

SHA512
bdd5bfdb51afd116eb397e3b1b963f9bbc393b2a27a0c1d421b4b9ad1f7fd95bfcff45f6965a698d6cc7cc236be63b8e4573c47810c80d92131adea94cf3c55a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0dabbd90458b35a712198360ecf21670

SHA1
1f9b354af1f69d6e51c690fdee82d42be0d72ed2

SHA256
dbb8aaf893115b2e73e29415a90214e9e9132a8a0cf235eadbe3d5479a14ccdf

SHA512
fe5500b642007eb56b640727b2b37e3b38467002580d56fd506d7641b8f1af37a54a720f151f61ac771c7e02f167c6c76a79490752744a90a564b93ab0796566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
1b9787b141fb558da0febfe64ded21df

SHA1
bff2530ed7d9100eae6840c088e7f80e797ccec7

SHA256
e7d953e5fbc921b03edddef68b3a982aac445cfcff4a99e260072f8cb98d7089

SHA512
4c5faf82c338ab31fae590ca4057e8a2cacf776ca3bf291cb002ce4c437d5bb6cff66d1004d51e3955baa715fced55acef2da0fa3b73a7bd0511caf6094c270e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0nkj2lj2.5wi.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
43682b091e76556237e5633537da7f6b

SHA1
afa8ac054a979e5207b8834b652881052eaea715

SHA256
4076e9cad2077c973a675a3a8664401e14b3c530e42438a328b187829f56ccad

SHA512
46506818916f22f9316c507456b960184292584694972b0eeaea6b08b9c0d4003fcb403a1af8447b506963674717a82dc6fd0e42a9584f4de57a707bef389103

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
6a30e96affefa5365577847ec8cf1367

SHA1
929412c0ec79bbffb5cd4c48dff4fc62cfcc9fb3

SHA256
960be04f8eed3b4271ed217eb4238e4479feba46484168f3bd1e6b8f409ffc23

SHA512
4dd434f16ac7dbd9495edc1c94b2272b969aafef9c8ec4decda36fecc335f1dfd07d1eaf450b0800b0f012aefd1c246be48a2dbef435b4d701f3384608a4931c

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
a95c545b9d2d55288604bf8143b71dd6

SHA1
1ecd414071b1d3a56f9e6c23985eb128c55af5c4

SHA256
94b22a20013a6801c87ef87f137568b18638734a2599f9bb7670c5ad6b40e9d3

SHA512
06956adc5be101a05446a7a34a3674bf65b2f85249afc6cb03891e25c3798e8eb81ebe80d515edd6fe134cc752174ae150d6e7b8bcf7e994aa66d9966143e527

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
69a21f5dff713dc5f97f86bf14034291

SHA1
5599996521840ed5c583afb840651aa28c19adb0

SHA256
ad80e9d5c25f0c43613e748b81248d0bd440bbf2e35f34ca85b7ef2496ca37d4

SHA512
a4131a1661164f0466725df16e7150f5471438bdcd98411f776fd083d90ec965f5ef089b1cb6a5ec4e93036b47505e56e65044c1a350eadb6605c32b8bbd2328

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Local State

Filesize
1KB

MD5
8cfc89865d436a9ec5a5bc18e02e10a0

SHA1
5743d673d097c8167b3c44447f247c865d7659be

SHA256
0b8132997d1322218a409ab3c5f0c2f728d6a09fdc644b50e16cb2697f355140

SHA512
8ff5e9e618d9df1527ea384ef612571b358508adc3d303365fbbe871377e1f4b8a6bf5800cfff8a0d1b7588866d7b5bbe8f7a3bef0dd2b4d7df0e8724f56f223

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Local State

Filesize
2KB

MD5
de09a017018684b3171651bdd1ab504e

SHA1
c5ecff389a7e40e18f6a1f628356f65c21af12d1

SHA256
f3227490b9808b35a7cb270ca16760d1422281a147bedeb88bfac600fe1dcd86

SHA512
a1b023c996e46e3b637d0bd2f783c5a5461bab11868770f8ca493aefa0cd431922f3ae54c8bf73fa4ebf5ec86f29633dc681fbb4f110521391f5afda2e8a6ea8

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Local State

Filesize
3KB

MD5
5257a6eac535280acf517c24df757332

SHA1
9db35e26016ced0c2bf5c7a7e669bb4843b4570c

SHA256
24f454d2dd46792f81bf4648b83ea8d068d9a4f28a625a31751e0d5ba1deb03a

SHA512
abe0ef356e7136f8d36ded6c650ab4a90ebc9f9f9ec451c268a01b56ff5c25072ba37ddb76862580c9cc0af9622723d4369a32649aac96f36c4b193729797145

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Local State

Filesize
4KB

MD5
0d4781a7495849550ba922cd6088b745

SHA1
7532bfa4ba31134b04343ce41771c6b48c3bf560

SHA256
1dc3ba11bfc81ab658ca3f73206506e12ba1ab9d92780a9b581da1d852ba314b

SHA512
5ade5b14d78cde71bfa1fa95b9901483cbb59922688320fabfa265694be317b0441e8d8e3fa84bba85f5a6d8bff7dd60f1eb8bbee0c43937cb30766cc8318a4d

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Local State~RFe57dd21.TMP

Filesize
1KB

MD5
10f951c6681a1e85552370166715e388

SHA1
729e4ae81af2e824e205d551b8d5ed5c0505aa21

SHA256
db6a1bec4292773d5f340ebf938f2306c199746b9b121535528b0142a3039a1f

SHA512
e34d308d3d8ef0a40fc71e76e2e486bd9fc5ca438de8853fe29e5c81de96da7429a005bb5cbafee3d73151a3582359e3570048210f3eb0c35c44e6f9b3ff1d2e

Download Submit
memory/1492-185-0x0000026B7F970000-0x0000026B7F99A000-memory.dmp

Filesize
168KB

Download
memory/1492-186-0x0000026B7F970000-0x0000026B7F994000-memory.dmp

Filesize
144KB

Download
memory/2184-60-0x00007FFF2C060000-0x00007FFF2C061000-memory.dmp

Filesize
4KB

Download
memory/3468-54-0x00007FFF2BEF0000-0x00007FFF2BEF1000-memory.dmp

Filesize
4KB

Download
memory/3468-55-0x00007FFF2B970000-0x00007FFF2B971000-memory.dmp

Filesize
4KB

Download
memory/3776-169-0x000001BCD2100000-0x000001BCD2122000-memory.dmp

Filesize
136KB

Download
memory/4568-28-0x00007FFF2C060000-0x00007FFF2C061000-memory.dmp

Filesize
4KB

Download